How to Prevent Crypto Locker

Over the past few weeks i have had more and more customers of Aus Net Servers asking my staff and i how they can prevent crypto locker from stealing their data. So i thought this would be a good subject for our new Friday education session.

The simple and easiest answer is you can’t. Crypto locker uses the built in Windows Encryption software to encrypt your files with a 256bit encryption key. To crack such a key which is the same as what our banking sector uses it would take around 250 Playstation 4’s 51 hours to crack the key. The sad factor is that generally its to late before you know what has happened.

Its all about education and being vigilant online, every reputable company will always address you by your first and last name and will NEVER address you with “Dear Sir / Madam” or “Hi”

I urge each and every customer of Aus Net Servers Australia to follow these simple steps that makes your data crypto locker proof.

Your Computer >> External Storage (NAS) >> Portable Storage / Online Backup.

Crypto locker can only run off an infected windows operating system and as such can not touch the data that is not networked off the infected machine. So in short my scenario above is crypto locker proof.

Here is a short explanation, Crypto locker can only execute valid and accessible network shares and your local files Any data stored on a portable hard disk or in the cloud hanging off your NAS is 100% safe.

I have read some horror stories and seen a few people do some pretty drastic things to stop crypto locker on their network. Some of those things include disabling the windows encryption software completely others paying the random.

Its important to backup your data regularly

The truth is, these guys are crooks. Under no circumstances should you pay them. There is no guarantee that they will give you access to your files after you pay them or not lock you out of your data again in a short period of time and demand more money.

Its important and i can not stress this enough. You must have offline backups of all your files. This mean backups of your files that are updated regularly and are not connected to the internet. There are many solutions that are available and we are more then happy to have a talk to business customers

Crypto locker is a form of malware, its not a virus and as such traditional anti virus suites will not pick it up and remove it. Hardware firewalls generally can scan the attachment signature and in some cases notifies the system administrator or removes the attachment from the email.

Its paramount that you NEVER open an attachments from anyone you do not know and if you do get an attachment from someone you know, it’s always a good measure to ask if they sent you that email to make sure its not being sent without their knowledge.

These criminals will always be one step of us if we do not educate our selves

Here is some things to look out for:

• Check the spelling and grammar of these emails, generally it will be very poorly written, however of late they seem to be copying and pasting the body of emails from legitimate companies
• Check the senders email address, make sure the senders email address matches who they are claiming to represent
• (Advanced) check the email headers to make sure the email was sent from a SMTP server and not PHP Mail and the server that processed the mail was the legitimate company in question

As of current i know there are cryto locker viruses from the following sources:

• AGL
• Powercore
• Telstra Online Billing
• PayPal
• AustPost

If you have any questions or concerns feel free to give us a call on 1300 933 038