How to Prevent Crypto Locker

Over the past few weeks i have had more and more customers of Aus Net Servers asking my staff and i how they can prevent crypto locker from stealing their data. So i thought this would be a good subject for our new Friday education session.

 

The simple and easiest answer is you can’t. Crypto locker uses the built in Windows Encryption software to encrypt your files with a 256bit encryption key. To crack such a key which is the same as what our banking sector uses it would take around 250 Playstation 4’s 51 hours to crack the key. The sad factor is that generally its to late before you know what has happened.

 

Its all about education and being vigilant online, every reputable company will always address you by your first and last name and will NEVER address you with “Dear Sir / Madam” or “Hi”

 

I urge each and every customer of Aus Net Servers Australia to follow these simple steps that makes your data crypto locker proof.

 

Your Computer >> External Storage (NAS) >> Portable Storage / Online Backup.

 

Crypto locker can only run off an infected windows operating system and as such can not touch the data that is not networked off the infected machine. So in short my scenario above is crypto locker proof.

 

Here is a short explanation, Crypto locker can only execute valid and accessible network shares and your local files Any data stored on a portable hard disk or in the cloud hanging off your NAS is 100% safe.

 

I have read some horror stories and seen a few people do some pretty drastic things to stop crypto locker on their network. Some of those things include disabling the windows encryption software completely others paying the random.

 

Its important to backup your data regularly

 

The truth is, these guys are crooks. Under no circumstances should you pay them. There is no guarantee that they will give you access to your files after you pay them or not lock you out of your data again in a short period of time and demand more money.

Its important and i can not stress this enough. You must have offline backups of all your files. This mean backups of your files that are updated regularly and are not connected to the internet. There are many solutions that are available and we are more then happy to have a talk to business customers

 

Crypto locker is a form of malware, its not a virus and as such traditional anti virus suites will not pick it up and remove it. Hardware firewalls generally can scan the attachment signature and in some cases notifies the system administrator or removes the attachment from the email.

 

Its paramount that you NEVER open an attachments from anyone you do not know and if you do get an attachment from someone you know, it’s always a good measure to ask if they sent you that email to make sure its not being sent without their knowledge.

These criminals will always be one step of us if we do not educate our selves

 

Here is some things to look out for:

 

  • Check the spelling and grammar of these emails, generally it will be very poorly written, however of late they seem to be copying and pasting the body of emails from legitimate companies
  • Check the senders email address, make sure the senders email address matches who they are claiming to represent
  • (Advanced) check the email headers to make sure the email was sent from a SMTP server and not PHP Mail and the server that processed the mail was the legitimate company in question

 

As of current i know there are cryto locker viruses from the following sources:

  • AGL
  • Powercore
  • Telstra Online Billing
  • PayPal
  • AustPost

 

If you have any questions or concerns feel free to give us a call on 1300 933 038

 

WARNING: Domain registration scam from “Domain Register Pty Ltd” – April 2013

ANSA Customer Service was made aware of a new Domain Registration scam, currently in operation from the “Domain Register Pty Ltd” (ABN: 127506807), a company registered in WA (despite listing a Melbourne VIC office address).

This scam is similar to the previously published WARNING: Domain Registration scam from “Domain Name Group Pty Ltd” – July 2010 and it’s likely to be operated by the same group.

This group is sending out invoices for payment of domain registration for a .com, .net or .org version of their .au domains.

The invoice is misleading customers to pay the registration fee of $249 AUD for 2 years of the .com domain equivalent of their .com.au license, despite stating that the domain is available.

This group harvested postal address information belonging to ACN/ABN owners of the .com.au domain equivalents. The way the group acquired the addresses was simply by searching the public WHOIS database for .au domains, and then used the ACN/ABN details to search for the postal address details via other available online resources.

Aus Net Servers Australia would like to warn customers against registering the .com domain equivalents with Domain Register Pty Ltd. The individuals operating this company are suspected to be associated with the original scammers who owned a pretend company “Netregister” which was setup in an attempt to confuse Netregistry client base into transferring their domains and services away. Additionally, the charges per registration are disproportionately high compare to standard pricing.