Crypto Fortress and other Ransomware
In the past 30 days we have encountered several US based customers requesting assistance re-installing applications as a result of ransomware infections. Crypto Ransomware encrypts files on your computer and network and then requests payment to release the files. The infection generally occurs as the result of opening an infected email, clicking on a web site that has been compromised or from downloading and installing a program that has been compromised. Once your computer is infected and the files encrypted, the data is generally considered lost. The only recovery is from backup. Removing the infection generally does not remove the encryption on the files already affected.
While you may not be able to protect against every threat there are resources available to help educate your team and some steps you can take to reduce your infection rate.
Resources
- Sophos – Crypto Fortress Explained
- Microsoft Malware Protection Center
- Symantec White Paper on Ransomware
- Norton advice for avoiding and dealing with Ransomware
- Trend Micro on the prevalence of Ransomware
- Trend Micro – Ransomware 101
Suggestions for Avoid Infection
- Install end point and gateway anti-virus solutions.
- Keep your virus definitions up to date.
- Keep operating systems up to date.
- Utilize anti-spam tools.
- Utilize web site filtering tools.
- Set proper network security. Opening all network paths to all users increase the chances for any infection to spread quickly across your entire network.
- Make sure you have a good backup routine that includes off site storage or cloud backup.
- Stay away from unsafe web sites.