Bouncing back from CryptoLocker
You get a sick feeling when you receive a call from a client describing issues opening files, and strange decryption instructions appearing throughout their file system. This was the case for one of our mid-sized real estate clients on a Friday afternoon – an office brought to a complete standstill just before a full weekend of sales, auctions and homes open for inspection.
The Director opened an email with what he thought was an invoice, but was in fact a Trojan horse. The payload was the CryptoLocker virus. As the director has access to the majority of the company’s data, within minutes records pertaining to agents’ properties, vendor information, and advertised inspection times were all unreadable and inaccessible; apparently corrupted beyond repair.
CryptoLocker falls into a category of viruses often referred to as ‘ransomware’. CryptoLocker and its variants will silently encrypt all the data you have access to and then prompt you to pay a ransom, often in the untraceable online currency known as ’bitcoin’. Once paid, you’ll receive the tools and the key required to decrypt your data.
Of course, getting funds into a bitcoin wallet and then transferring those bitcoins to the attacker is no easy process – and there’s no guarantee that the data will be decrypted.
It’s at times like these that a best practice disaster recovery plan proves invaluable; and the sick feeling quickly turns to relief.
This client has invested in a monitored ShadowProtect backup solution, which is replicated offsite for redundancy. A backup of all business-critical information is taken several times a day; so it was a simple case of isolating and removing the infected systems from the network and recovering the files from the last backup. They were up and running for a weekend of trading in a matter of hours, not days.
The moral of the story here, is that although many measures can, and have, been put in place to prevent such things from taking place, the most cost-effective way to safeguard your data, and therefore your business from disaster of any kind is to invest in your backup strategy, have it monitored and have your IT people at the ready to respond.