Myriad IT has now merged with Fusion5.
For the latest information please visit fusion5.com.au
blurred rocks

Stay updated, stay secure

Keep your organisation safe – how to protect against Cryptolocker & other malware

Many of you will already be familiar with the Cryptolocker ransomware and new variants appear every few months.

crypto CryptoFortress (discovered around March 2015) is the latest new variant in the unsafe neighbourhoods of Internet. Unlike its predecessors it can find and encrypt non-mapped open share SMB drives, along with the mapped ones. It also deletes Volume Shadow Copies (VSC’s) making it difficult to retrieve encrypted data from these files.It encrypts all the file types that it is programmed to understand and creates a new file with same name but a new extension – .frtrss. It also leaves a ransom note for each file encrypted by it, seen as ‘READ IF YOU WANT YOUR FILES BACK.HTML’. This HTML file has links which lead to TOR C&C server where you can pay your ransom amount using bitcoin.

Due to the complex encryption strategy utilised, malware of this type is nearly impossible to remediate once it has infected a computer. Antivirus software alone cannot break the encryption. The only way to unlock the files is by using the unique decryption key, so there is no way to retrieve the private decryption key without paying the ransom.

Myriad IT does not recommend paying anything at all, as it encourages them to do it again and again.

 

Preventative approach affords the best protection

As a managed services provider, Myriad IT is committed to protect our clients and we have been seriously looking for solutions.

We have discussed the issue with several security experts through our partner channels but have found that, unfortunately, there is no single product that offers complete protection. We have concluded that  in today’s world, the best approach is to apply layers of security as outlined in the diagram.

INTERNET

 NextGen Firewall for Anti-virus gateway and web filtering.

Myriad IT use a vendor called Cyberoam, a NextGen firewall provider with Check Mark Level 5 certified gateway anti-virus which is tightly integrated with Intrusion Preventing System, Web Filtering and Anti-Spam. It secures organisations (including ours) against blended attacks and maintains high levels of security. Malicious traffic is blocked at the firewall level before it reaches the end user computer.

 Anti-Spam for email filtering.

With e-mail being the most important method of communication for businesses it makes sense to implement an effective solution that protects this valuable means of communication. Myriad IT recommends the use of anti-spam to scan spam emails, which are often used as vectors for distributing ransomware.

SpamTitan provides the protection that every company needs against Spam, Viruses, Trojans, Malware and all other unwanted email content and threats. Myriad IT partners with SpamTitan to deliver a cloud hosted anti-spam solutions.

Network Access control.

Network administrators should set password protection and proper privilege settings for users accessing any critical shared drives. Some useful policies are:

  • Block the opening of executables in temp;
  • Block the modification of the VSS service;
  • Block the opening of executables in temp+appdata;
  • Blocking creation of startup entries.

Endpoint Protection with Journaling.

Myriad IT partner with Webroot, the market leader in cloud-based, real-time internet threat detection for consumers, businesses and enterprises to protect all the ways we connect online. A unique capability that sets Webroot SecureAnywhere apart from every other antivirus solution is the way unknown or ‘undetermined’ malware is handled, and the automatic remediation that is provided to ensure endpoint protection.

When a Webroot SecureAnywhere solution is installed on a machine, a CryptoLocker infection variant should be detected automatically before it can infect and make changes to the computer. Even if a new variant of the infection infiltrates a given system, SecureAnywhere technology includes automatic journaling to undo changes to a computer’s files.

Backup.

Recognised as a leader in backup and recovery in Gartner’s Magic Quadrant for Enterprise Backup Software and Integrated Appliances, CommVault has redefined enterprise data protection, enhancing operations across all platforms and tiers, including heterogeneous disk, tape and cloud location.

It also reduces the cost and risk associated with protecting, recovering, discovering and accessing data at the edge on laptops and desktops while empowering mobile workers with self-service access to their data from virtually anywhere. It’s a great, modern solution that represents the future of data protection, all managed in a single platform.

If you have concerns about your organisation’s security, Myriad IT is here to help. Please feel free to contact us for a discussion.

 

Your partner in intelligent,
reliable business solutions
and technical support