Breaking news - a new strain of Cryptolocker virus, nicknamed 'Locky', has hit the internet and is putting cybersecurity systems to the test.
This variant of Cryptolocker encrypts every file on the user’s machine and infects any server that also has a shared folder with that computer. The new strain of this dangerous virus will make it harder for companies to restore their data if they do not have the tools in their IT toolbox to prevent these types of infections.
Although this is a new infection, it has become rampant and widespread. On February 16th, 2016 this new virus infected a Hilltop Consultants’ client.
This is the timeline of events that transpired and almost cost a client thousands of dollars and countless hours of downtime.
9:00am: Datto completes hourly snap shot of local and cloud servers.
9:30am: While sifting through emails, one of our clients saw that they had received an email from Whole Foods regarding a past invoice. The email contained an attachment in a Word Document labeled “Invoice” (see below).
*If you look at the email (below), you can see the users name and email address do not appear to be associated with Whole Foods.
*Did you notice who the email is addressed to? It is our tendency to quickly skim emails and can cause us to miss something as obvious as this.
9:31am: The client opens the attachment to read the apparent invoice and unknowingly deploys Cryptolocker on their computer, along with any computer attached to their network.
9:35am: A Hilltop Technician notices that there is something wrong with a client’s network and immediately begins implementing the Hilltop Consultants’ Disaster and Backup Recovery Plan.
9:45am: Hilltop isolates the virus and removes the infected computer off of the network and into a quarantined environment to be investigated further.
10:00am: The client’s network and data are fully restored, and they are able to return to business as usual.
Fortunately, we back up our client using Datto. We were able to roll back the files to the top of the hour, 30 minutes prior to the virus infecting the network. Datto does hourly snapshots of our client’s servers both locally and to the cloud. This backup solution saved our client numerous hours if not days of downtime.
So, what are the tools that companies should have?
a. Educating your employees on recognizing dangerous emails is your first line of defense.
a. OpenDNS will watch over your users and warn them if they are clicking on links that could potentially be taking them to a site that is dangerous.
a. Datto is a powerful backup solution for your company’s servers. It will complete local and cloud backup snapshots of your servers and have your data available should your servers get infected.
a. Reflexion recognizes current threats, and at the writing of this post has already blocked these attachments from infecting their clients.