Just got a message in one of my whatsapp groups – “Anyone know how to recover help_decrypt ransom attack??”
Another victims of the infamous ransomware Crypto virus, and lucky he managed to contain it within the PC before it spread to the server. How the CryptoLocker virus works is that it encrypts the files on the infected computer then it will prompt a message box asking you to pay within a certain period (usually within 2 days). This is why they are classified as ransomware, they keep your information hostage.
There are only 2 known ways to recover once your network get hit by this randomware – either you pay a random and they will deliver the encryption for you to unlock your files, or you try to recover from your own backup files.
The first time you should NOT do when gotten infected is to run a virus scan to clean and delete it. 2 years back we have send notification to all our clients not to clean this virus by themselves, shut down the computer and leave everything to us. Yes this randomware has been around for more than 2 years and it is still going strong, as it is generating a lot of revenue for the hackers.
Why you should not clean the virus at first go is because once you remove the virus, even if you pay the ransom later on when you determine your data is more important, you cannot recover them anyway. First you need to check if you have a working backup that you can restore from, before disinfecting the virus. This is why we advocate all of our clients must have working backup and backup disaster recovery in place, in preparation for such events.
As they said, prevention is better than cure. However the typical anti virus is not sufficient to protect against this ransomware, a lot of new variant are appearing in the wild every day because of how successful it is and anti virus definition update may not be fast enough to catch up. Worse still, if your anti virus is un-manage, it may not even be updated at all!
Over at Blazon Technologies, we used something called Behavioral Analysis in our managed anti virus to catch any program that is trying to do any suspicious activity and put a stop to it. This is more effective than relying on anti virus definition, although with our managed anti virus, we ensure our client’s anti virus are always up to date.
The other area to work on is the employees, it will take training to educate them that they are not suppose to click on every link that is send to them via email. The hardest thing as we all in the IT industry know is re-educating users, so the best way to prevent them from getting the link is to block it before it come in. For this, our clients uses our email protection service to scan, filter and block not only virus, ransomware but also all the spam and junk emails.
At Blazon Technologies, we specialized in protecting our clients’ network and data, ensuring they can keep running their business even if disaster strikes them. To find out how we can help you with your security and protection, contact us for more information.