You get calls from your customers coming to you every day with all kinds of problems. But there’s one call you definitely don’t want to get. It’s the one where they tell you they can’t access their workstation or server and have a screen saying their files have been encrypted, they need to pay money to an online account, and the encryption key will be destroyed in a matter of hours from now.
That’s right – your customer has been hit with ransomware.
If you’re unfamiliar with it, ransomware is malware with a different intent. Rather than taking the traditional focus of trying to steal information or capture keystrokes (to obtain credentials), ransomware focuses on being far more in your face by flat out telling you it’s there and you need to pay to get rid of it.
One of the worst (or best, if you can appreciate the innovation of it all) is Crypt0L0cker, which uses state-of-the-art public/private key encryption to encrypt files with very specific extensions (the ones you care about – docx, xlsx, etc…). It’s a very advanced form of ransomware.
As if that’s not bad enough, it’s not just the ransomware you need to be worried about. Recent efforts have shown ransomware that acts like a sophisticated APT, automatically creating new payload variants with each attack, to avoid detection.
There are a few types of ransomware running amok today, each with a different level of nastiness.
Given that ransomware is a pain for your customers and will take some significant reactive effort to remove it, you’re going to want to avoid this kind of malware entirely.
So, what steps do you take to provide your customers with a layered defense?
Ransomware is nasty stuff. And your customer’s may not appreciate the difficulty in trying to remove it, making you look like less of the expert you are. Putting a proactive set of solutions in place in a layered approach will give your customers the best chance of never being held hostage – making certain that you get paid, instead of those trying to take your customer’s money by force.
If you do get infected with CryptoLocker, this video will give you some insights into how you can get yourself back up and running...