CryptoLocker is an especially insidious form of Ransomeware malware that was first detected in the wild in September 2013, restricts access to infected computers and requires victims to pay a ransom in order to regain full access.What makes CryptoLocker so bad is the way it encrypts the user data on your hard drive using a strong encryption method. This makes it literally impossible to access your own data without paying the ransom amount to the criminals between $100 and $300 or two Bitcoins, even now more.Once affected you will be locked out of your computer and unless you pay the ransom amount in 72 hours , the virus will delete the decryption key to decrypt all the files on your PC .The malware lands on PCs the same way other malware does and a few sensible precautions will help minimize the chances of a CrytoLocker attack.Yesterday, we reported that - UK's National Crime Agency has given out an urgent national alert that a mass spamming event targeting 10 million UK based email users with CryptoLocker.What if your computer gets compromised? Currently there is no option to decrypt the files without the decryption key and brute forcing a file encrypted with 2048 bit encryption is almost impossible. If you don’t pay the ransom, you forever lose access to everything you’ve been working on which is stored on your computer.A few things you can do to prevent your PC from getting infected with the CryptoLocker virus:
- Most viruses are introduced by opening infected attachments or clicking on links to malware usually contained in spam emails. Avoid opening emails and attachments from unknown sources, especially zip or rar archive files.
- Most people have some anti-virus program, but how do you know it’s effective? Ensure you have best one active and up-to-date.
- Also keep your operating system and software up-to-date.
- Keep a backup. If you have a real-time backup software then make sure that you first clean the computer and then restore the unencrypted version of the files.
- Create files in the Cloud and upload photos to online accounts like Flickr or Picasa.
- Windows 7 users should set up the System Restore points or, if you are using Windows 8, configure it to keep the file history.
- Make sure you have reformatted your hard drive to completely remove the CryptoLocker trojan before you attempt to re-install Windows and/or restore your files from a backup.
There are many free tools now available in the community, that can help users to protect their systems from this malware.1.) CryptoPrevent tool, created by American security expert Nick Shaw.
This tool applies a number of settings to your installation of Windows that prevents CryptoLocker from ever executing and has been proven to work in Windows XP and Windows 7 environments.2.) HitmanPro.Alert 2.5, a free utility that will help you to protect your computer against the CryptoLocker ransomware malware.HitmanPro.Alert 2.5 contains a new feature, called CryptoGuard that monitors your file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized and your files remain safe from harm.3.) BitDefender Anti-CryptoBlocker, an encryption-blocking tool that can detect and block malware from installation.Intrusion prevention systems can block the communications protocol send from the Cryptolocker infected system to the remote command-and-control server where the malware retrieves the key to encrypt the files. Blocking the communications can prevent the encryption from taking place.
Organizations are still not doing a good job of protecting themselves from social engineers determined to discover information that's valuable for preparing an attack.
In social engineering, someone tries to get a company employee to disclose information that a hacker could use to attack the organization. Increasingly, the social engineer will use complex scenarios, Hadnagy said.
Not quite long ago, Social-Engineer.org released results of its fifth Social Engineer Capture the Flag contest, in which 10 men and 10 women try to socially engineer 10 of the biggest global corporations such as Apple, Boeing, and General Electric. Despite ongoing improvements by participants, not all employees or online information was properly secured. For example, one contestant found an unsecured help desk document that included log-in credentials for a participating company's employee-only online portal, Hadnagy said.
"It’s disheartening to note that after years of attacks and years of warnings, these valuable pieces of information are still so easily found and exploited," he added.
In this year's contest, 60 percent of contestants pretended they were fellow employees when they contacted real employees to try and discover information. This created an almost immediate bond, said Hadnagy, and often encouraged the real worker to be helpful.
"Those who didn't pretext as an employee had to work harder to build rapport," he said.
One reason: It's embarrassing for employees to question whether another caller truly is a colleague, said Hadnagy. If the individual truly is a coworker, there's an immediate loss-of-face. Others ignore protocols. Guidelines may not be in place, and employees don't realize they're being played.
Some recent contestants, especially females, pretended to be subordinate workers, which garnered more help from sympathetic employees, he said.
A lot of guys pretexted as someone with authority or power. I can't say that correlates. The women came in as humble. I'm part of the tribe and I'm working for the man. That got information. I love playing the garbage man more than I love playing the manager. When I'm playing the garbage man, no one looks at me.
Stopping the info flow
There is nothing like an anti-virus or firewall to install against social engineering. Rather, it comes down to good awareness programs, to ongoing employee education and testing.
"It needs to be realistic. It needs to be involved. It needs to be personal," Hadnagy told me.
A company could, for example, send a phishing email to 1,000 employees. If workers open it, the message tells them they were part of the campaign and must take this one or two minute lesson. The business then notifies employees this type of campaign will be occurring regularly. The lesson will include ways employees can identify phishing emails so they become less likely to fall for these scams.
In only a few months, this approach can cut down the number of successful phishing emails to 18 percent from 80 percent, he noted.
Employees also should have scripts for phone calls, not word-for-word screenplays, but guidance about what to say if someone starts asking questions about operating systems, training, or other practices. Businesses must implement clearly defined, non-threatening policies for handling any potential breaches so employees can safely self-report, without fear of repercussions for the occasional lapse.
Organizations also can hire external consultants for penetration testing, Hadnagy said.
That sounds self-serving, because that's what I do. It's not just self-serving. When you want to find out if here's something wrong with you, you're told at a certain age, "Hey, go to the doctor and get checked out." They poke us, prod us. The one time we go in and find something, they take care of it before it turns into a serious problem.