Cryptolocker and similar ransomware attacks are nothing new, and we've blogged about them before. As we said over a year ago, the attackers using these methods continue to adapt their technology and business model to circumvent law enforcement officials and user defenses.
Ransomware is a type of malware that hijacks data on the infected computer and demands a ransom from the user. Here's a video demonstrating Cryptolocker in action:
- Phishing attacks are by far the most common means of infecting users. The email in question usually invites the victim to click on a malicious link or open an infected attachment. This method is effective in delivering malware to users who do not have the latest email protection or have not been educated on phishing attacks.
- Drive-by downloads can infect users who visit a compromised website. These websites can be compromised through malicious web code, an infected third-party piece of software, or website code that has been changed by the attackers. This risk can be mitigated with a web filter and up-to-date antivirus software. Other strategies include limiting user permissions and disabling Java in the browser.
- Computers that are already infected with malware can download and install new malware, including Cryptolocker.
Sometimes the infection is a result of a mix of the above methods, as explained in this post at Malwarebytes. A user attempts to install something, gets tricked into installing something else, and is infected by a drive-by download in the background. Whatever the details, the majority of malware is installed when users are tricked into clicking on something. That's why user education is so important to the overall defense strategy.
Because Cryptolocker and its variants are constantly adapting to new defenses, it isn't enough to identify the virus and protect yourself from that specific threat. The best approach is to secure the threat vectors, so that the entryways to the network are fully protected. For a better explanation of threats and threat vectors, take a look at this video.
One break in an attack sequence can prevent the installation of Cryptolocker. Using a layered approach to security gives you the opportunity to break the sequence at several levels. Protect your users with email, web, network, and mobile security. In the event that you cannot stop an infection, a proper backup solution and disaster recovery strategy will ensure that compromised data can be restored.
We implement this layered approach with Barracuda Total Threat Protection. Here's how that breaks down in terms of solutions and threat vectors:
|Threat Vector||Barracuda solution|
|Network Perimeters, including public and private clouds|
There are a few other things you can do to protect against Cryptolocker. Specific information on software restriction policies and CryptoPrevent can be found in this guide at Bleeping Computer. Even with Barracuda solutions in place, you still want to be proactive and follow best practices in your network. You want as many layers of defense that you get between your data and the attackers.
For more information on Barracuda Total Threat Protection, visit our corporate website here.