What Is The Crypto Virus?
Crypto Virus is a malware that infects a user’s computer and then searches for files to encrypt. This includes not only the files located directly on the infected computer but the files on all connected media, from connected external drives and thumb drives to networked drives and files stored in the cloud. This virus is so detrimental to so many businesses because these other media devices are normally where backups of files are stored.
How Does It Work?
Though there are many different versions of the Crypto Virus out today they all perform their tasks similarly. Once the executable file is downloaded the malware will configure the system to ensure that it will still run even if the system is rebooted. The virus will then link to a server on the internet to receive its encryption key so it can begin encrypting the data. Infected files are encrypted and locked using an asymmetric encryption, which relies on two keys: one public and one private. Your data is encrypted using the public key and can only be decrypted using the private key the hackers who sent the virus hold. After it encrypts the data on the parent computer it will move on to mapped network drives and systems. When all the data is encrypted the malware then places a popup on the user’s desktop or workstation, sometimes locking the whole computer down. This popup informs the user of the encryption and gives them a time table of when to pay the ransom (usually 2-4 days) in order to get the files back before the private encryption key is destroyed.
With how many records are now being kept virtually you can imagine how debilitating this virus may be for businesses. Patient/client records, financial reports, employee information, and business analytical reports, just to name a few, are normally only kept as virtual copies. So how can you avoid getting this potential business-destroying virus?
The Crypto Virus can be spread in a few different ways. It can be sent to you through an email attachment from what seems to be a legitimate source. These attachments may have familiar looking extensions, such as .doc or .pdf but they actually contain a double extension in the form of a hidden executable. It can be unexpectedly downloaded from a malicious site as a “drive by download”. It can be carried on a malicious thumb drive from one infected computer to another. It can be sent through an employee’s home network when they VPN into the office.
How Do I Prevent It?
So how can you protect yourself from attacks like these? The best way is to try to avoid the virus altogether. Control the actions of your users by making sure they only have the file permissions and access they need in order to properly do their job. Educate them on computer safety and teach them the importance of not clicking on unknown links or file extensions. Filter your email and web content with the use of content filters. Use web and application whitelisting to ensure that only approved websites and applications are being used in your organization. While keeping your antivirus up to date on all your computers will definitely help you against the Crypto Virus, it is not a failsafe. Antiviruses are only able to catch viruses that are already known to the antivirus company. Because the Crypto Virus is constantly changing and evolving it is very hard for antivirus software to keep up with it, and antivirus software that is not being updated regularly can easily overlook this virus.
Even if you implement all of the above you could still end up getting the Crypto Virus. So what steps should you take if you notice it on your computer? First thing to do is disconnect the infected computer from the local network and internet so the infection does not spread. Next, scan all linked devices and cloud storage to ensure they are not infected. Recovery of your files may be possible, depending on the exact Crypto Virus version. Call a 1337 technician who will be able to check the ransomware ID and determine whether your files are recoverable or not. After that, cleaning and reformatting the drive is the best way to ensure the virus is completely off the infected computer. Once reformatting is complete ensure that your computer’s security is updated with all the proper safety measures in place to eliminate the risk of another attack.