CryptoLocker: the next generation of malware

In November of last year, the UK's National Crime Agency (NCA) issued an urgent warning about a new breed of ransomware targeting Windows machines. Nearly 3 months on, and the virus shows no signs of slowing.

CryptoLocker's phishing emails target anyone from consumers to small/medium sized organisations, and contain zipped executable files usually disguised as PDFs from banks or couriers. Once opened, the malware encrypts the entire contents of a hard drive using a public encryption key.

To get hold of the private key needed to decrypt your files, you have between 72 and 96 hours to pay a ransom of around 2 Bitcoins - worth over £1000 at the current exchange rate, and practically untraceable. The cryptography used to lock the files (a combination of 256-bit AES and 2048-bit RSA) is extremely strong and virtually impossible to break without a key. So unless you have recent backups of your files, you don't really have much choice but to pay up.

The scope of those affected is huge - we've had multiple partners and customers hit by the virus. Luckily, their data was backed up and we were able to perform a restore to get it all back without much disruption. Many others haven't been so fortunate – a data loss of that volume can be catastrophic for a business of any size. We wouldn't normally recommend giving in to hackers' demands, but when you're talking about losing your entire network of data, your hands are somewhat tied.

The CryptoLocker virus should serve as a warning for organisations. Catastrophes such as these are so easily avoidable if the right precautions are taken.

Keep up to date. Stay up to date with the latest news and developments in spyware. Knowing what to look out for is half the battle. If you can recognise an email as suspicious, the whole security incident is avoided. Also, make sure your antivirus software is up to date as this will help to contain the majority of threats.

Risk management is crucial. Communicate security risks throughout the company. All it takes is one employee opening an infected attachment for your whole business to be in trouble. Have clear policies in place for risk management, and make sure your team is clear about the recommended procedures to follow in the case of a breach. As well as helping to prevent attack in the first place, having stringent procedures in place for dealing with an incident can help to get it under control quickly, reducing the amount of damage caused.

Back up your critical data. If you do get caught out by malware, backups can be your saving grace. Be careful though, if you don't catch the virus in time, you might unintentionally back up the encrypted files and lose your copies of the unencrypted data. Backup systems that support versioning will allow you to roll back to previous, unaffected copies.