A new form of ransomware, very similar to CryptoLocker is on the loose. This new attack is called CryptoWall. It employs a different set of exploits, but does the same thing in the end; it encrypts important files and demands payment to decrypt.The infection has been known to propagate in a number of ways. There are reports of it coming in through email in the form of a notification of a fax, a notification of a waiting voicemail, or a Dropbox link from a colleague. Additionally, it is known to take advantage of known bugs in versions of Java, Flash, and Silverlight, which are not updated to the most current revision. The exploitation can be transferred through a malicious advertisement on a website.
When a user is infected, all files that the user has access to are then encrypted and instructions for decrypting are left as three files in the directory of the attacked data. These files list a series of webpages where a payment can be made in exchange for decrypting the data. There is no way to decrypt the files without paying the ransom.
Innovative is recommending a multi-vector approach to combating the ability of this application to enter or affect business systems.
- Deploy a trusted backup solution that takes snapshots of business data at an interval that would allow for business data to be recovered down to the hour. This will minimize the amount of data loss if a full restore must be performed after an infection.
- Have a patch management strategy. Use a patching solution that includes patches for third party applications such as Adobe, Sun Java, and Apple software.
- Use an auditing system that will show machine compliance to current patching requirements and make an effort to remediate any outliers.
- Install a firewall that has advanced Unified Threat Management capabilities like edge-of-the-network Antivirus and Intrusion Prevention systems. This will stop threats from ever making it into a business network from the Internet.
- Deploy a trusted Antivirus application on all business systems. Audit that the AV is running and that the latest definitions are being deployed in a timely manner.
- For mobile users, move important data off of their laptops and into the datacenter. Then use a tool like Citrix XenApp to allow remote access to data. This will keep data secure and prevent virus’ from making it into business systems.
- Audit the access that each user has to business data and reduce access where possible. Giving someone read access to data, but not write access, can prevent an infection on that user’s system from corrupting data.
Innovative has solutions for each of these points. If your business does not have one these areas covered, please give us a call and we can help to reduce your risk. We can be contacted by calling (317) 664-7600 and selecting option 1 or by emailing firstname.lastname@example.org.