Cryptolocker malware targeting the UK - comment from Webroot
November 2013 by Webroot Software
The National Cyber Crime Unit’s comment that prevention against the Cryptolocker malware campaign is better than cure is absolutely right and their tips are a good first step to protecting against attack. However to win the battle with this particularly vicious malware the security industry, and the small businesses and consumers it serves, should take further security measures beyond the steps the NCCU outlined.
Firstly, it’s vital to use antivirus software to detect and remove CryptoLocker before it makes changes to your computer. If that initial layer of defence is not there, CryptoLocker will get in and the truth is it’s an impossible infection to ‘fix’ because it uses a secure form of encryption to lock files and uses a unique encryption key for each computer. In short, once your files are encrypted, it’s impossible to unlock them without the key for your computer.
To be doubly safe, a great defence is the ability to automatically record attempts by ‘unknown’ software to change your files. Similarly vital is the ability to store secure back-up copies of those files before they are encrypted. With that in place, as soon as CryptoLocker is deemed malicious, it is removed, all changes made by it are rolled-back and back-up copies of unencrypted files are automatically restored.
It is this proactive, forward-thinking approach to security which will make the difference – despite the NCCU’s advice, it’s not always possible to prevent malware getting through, the key is to combine good defences with strong recovery.