Watch out for CryptoLocker, says AccessData
Ransomware restricts access to infected computers, demanding payment before files can be recovered.
Organisations need to be aware of the CryptoLocker malware that surfaced in 2013 and has been associated with an increasing number of ‘ransomware' infections, according to Paul Wright, manager of AccessData's professional services and investigation team.
Speaking to ITP.net, Wright explained that Cyrptolocker is an updated variant of ransomware that restricts access to infected computers, demanding payment before files can be recovered. Because of the ease with which this malware can be picked up, Wright said that it presented a large threat for businesses.
"As of this time, the primary means of infection appears to be phishing emails containing malicious attachments," he said.
"CryptoLocker spreads through fake emails designed to impersonate the look of genuine businesses and through bogus courier service tracking notices. It can also be used a part of a ‘spear phishing' attack, which targets a specific organisation, seeking unauthorised access."
Some CryptoLocker victims have seen the malware appear following a previous infection from one of several botnets that are frequently leveraged in the cyber-criminal underground, Wright added.
To be infected with the CryptoLocker malware could prove extremely detrimental for any individual or business user, and can put many valuable files at risk, according to Wright.
"The malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives," he said.
To combat the threat of being infected with CryptoLocker, Wright recommended educating staff and third-party partners, using caution when opening email attachments, maintaining an up-to-date virus software. He also advised not to follow unsolicited web links in email messages, and to perform regular back-ups to limit the impact of data or system loss.