{"id":1077,"date":"2013-11-26T09:09:26","date_gmt":"2013-11-26T15:09:26","guid":{"rendered":"http:\/\/www.poweradmin.com\/blog\/?p=1077"},"modified":"2015-04-27T08:20:44","modified_gmt":"2015-04-27T13:20:44","slug":"monitoring-software-can-help-to-protect-against-cryptolocker","status":"publish","type":"post","link":"https:\/\/www.poweradmin.com\/blog\/monitoring-software-can-help-to-protect-against-cryptolocker\/","title":{"rendered":"How Monitoring Software can Help to Protect Against CryptoLocker"},"content":{"rendered":"<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">If you spend a lot of time online, are pretty tech savvy or are in the technology sector, then there\u2019s little doubt that you\u2019ve come across the term ransomware here and there. In a nutshell, ransomware is a type of malware that infects a computer and effectively puts up a lock screen that holds the user to ransom \u2013 hence the name.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">These can be carried out by out and out trickery, as we\u2019ve seen with the <a href=\"http:\/\/www.infopackets.com\/news\/security\/2011\/20111227_microsoft_warns_pc_maintenance_phone_call_a_scam.htm\" ref=\"nofollow\" target=\"_blank\" rel=\"nofollow\">Microsoft ransomware scam<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>. This particular scam varies around the world, sometimes the caller tells the computer owner that their machine is infected and they must pay over the phone to remove it (very common in all types of ransomware), whilst at other times, a warning screen pops up with one of the following, or similar:<\/span><\/span>\n<\/p>\n<ul>\n<li>\n\t\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">A message purporting to be from the FBI\/Government\/IRS of a threatening nature warning that you have been caught doing something illegal online and must pay an immediate fine<\/span><\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">A message that says you have an infected machine and gives a link to pay to have it removed<\/span><\/span>\n\t<\/li>\n<li>\n\t\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">An email that contains a zip file<\/span><\/span>\n\t<\/li>\n<\/ul>\n<h2>\n\t<span style=\"color:#008080;\"><span style=\"font-size: 16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><strong>What sets Cryptolocker apart?<\/strong><\/span><\/span><\/span><br>\n<\/h2>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">The clue here is in the \u2018Crypto\u2019 part of the word. The malware arrives usually in the form of an email, which is often associated with customer complaints, IRS alerts and such like. What they do always have is a zip file. These should never be opened under any circumstances, but it\u2019s not always the easiest thing to keep staff fully in the loop with the latest threats and unfortunately, social engineering fools too many, even now. It can also affect a machine through clicking on an infected link too.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">It\u2019s the way that Cryptolocker encrypts these files that sets it slightly apart, as it\u2019s cleverly done. The malware itself also begins to start generating \u2018random\u2019 domains names once executed. It does this in order to be able to contact its <a href=\"https:\/\/www.virusbtn.com\/resources\/glossary\/command_and_control.xml\" target=\"_blank\" rel=\"nofollow\">command and control server<img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a>, with which it then communicates with through ordinary HTTP POST requests.<\/span><\/span>\n<\/p>\n<p align=\"center\">\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><a href=\"\/blog\/wp-content\/uploads\/2013\/11\/CryptoLocker-Protection1.png\" rel=\"\" style=\"\" target=\"\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"CryptoLocker Protection\" class=\"alignleft size-medium wp-image-1079\" height=\"235\" src=\"\/blog\/wp-content\/uploads\/2013\/11\/CryptoLocker-Protection1-300x235.png\" style=\"margin-right: 20px;\" title=\"\" width=\"300\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/CryptoLocker-Protection1-300x235.png 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/CryptoLocker-Protection1.png 806w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><\/a><\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">The communication that takes place then between the C&amp;C server and the host machine is encrypted by a public key, so it doesn\u2019t necessarily appear to be anything sinister on the face of it, but the C&amp;C server is actually communicating with the attacker\u2019s server.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">Once this has been established, the malware will then look for additional files on the victim machine\/network and encrypt the results using an AES algorithm. It also adds the line:<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><strong>HKEY_CURRENT_USER\\Software\\CryptoLocker\\Files registry key <\/strong>into the host machine\u2019s registry.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><strong>Isn\u2019t this just something for home users to worry about?<\/strong><\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">Most definitely not. While of course it affects home users, primarily, the malware targets files that are most commonly used by businesses. It ignores common file types such as photographs and such like that are more commonly found on home machines.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">The problem is, once the data has been encrypted it\u2019s not possible to decrypt it, so the best thing to do is restore from a back-up once the affected machine has been cleaned. Of course, there are already tools out there that can help in the clean-up process, but this approach is reminiscent of horses and bolted doors, no use locking up after the damage has been done.<\/span><\/span>\n<\/p>\n<h2>\n\t<span style=\"color:#008080;\"><span style=\"font-size: 16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><strong>Prevention with monitoring software<\/strong><\/span><\/span><\/span><br>\n<\/h2>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">By employing <a href=\"\/file-sight\/?ref=blog\" target=\"_self\">monitoring software<\/a>, this type of problem could be the difference between an IT disaster and a tiny hiccup, if even the latter occurs. Of course, different networks and set-ups will have differing needs, but for the most part, prevention is far better to deal with than cure.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">From monitoring server event logs, to actual files and changes that occur on all levels of the network, monitoring software in this case can alert you to a problem before it becomes a disaster. You\u2019re then in a stronger position to limit the damage and stop the malware before it does too much damage.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">Of course, it\u2019s always wise to have a policy on opening zip files in a company, as most malware is hidden inside as an executable, which means it can install itself onto the target machine and spread quickly. Saying that, some malware has the capability of looking like a Word or Excel file, so this is where monitoring software may be able to detect the threat before it becomes a problem.<\/span><\/span>\n<\/p>\n<h2>\n\t<span style=\"color:#008080;\"><span style=\"font-size: 16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><strong>Fighting cybercrime is down to us all<\/strong><\/span><\/span><\/span><br>\n<\/h2>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">We all have a responsibility to try to keep the net a safe place and that just doesn\u2019t mean businesses. Malware, cybercrime, cyber espionage, all terms that we\u2019re becoming increasingly familiar with and why? Because cybercriminals are ahead of the game when it comes to making millions online. Unlike the old days, when you had to be at least a hacker with some programming knowledge, it\u2019s now as simple as buying a kit on the black market. These are commonly known as exploit kits.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">So as well as employing strategies such as hardware firewalls, alongside anti-virus software, it pays to invest in monitoring software for your network, however large or small, to ensure that the risk is mitigated.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\">It\u2019s also a good idea to train your employees on the risks that are available, even if it means sending them to a workshop or investing in an LMS. Many businesses are ill-prepared for common audits, let alone attacks on the network. This means potentially, malware such as Cryptolocker can mean the loss of revenue and data and even lead to a large fine if you deal with consumer information, such as credit cards.<\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><strong>Don\u2019t let your business fail an audit, or get attacked \u2013 <a href=\"mailto:support@poweradmin.com?subject=File%20Sight%20Inquiry\">Contact Us<\/a> today to see how we can help today.<\/strong><\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><a href=\"http:\/\/www.twitter.com\/home?status=RT:%20@poweradmn%20How%20Monitoring%20Software%20can%20Help%20Protect%20Against%20CryptoLocker%20\/blog\/monitoring-software-can-help-to-protect-against-cryptolocker\/?ref=blog\" rel=\"nofollow\" style=\"\" target=\"_blank\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"Tweet this\" class=\"aligncenter size-medium wp-image-1028\" height=\"75\" src=\"\/blog\/wp-content\/uploads\/2013\/11\/tweet-this-article-button-large-300x75.png\" style=\"\" title=\"\" width=\"300\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/tweet-this-article-button-large-300x75.png 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/tweet-this-article-button-large.png 310w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><\/span><\/span>\n<\/p>\n<p>\n\t<span style=\"font-size:16px;\"><span style=\"font-family: tahoma,geneva,sans-serif;\"><a href=\"https:\/\/plus.google.com\/share?url={\/blog\/monitoring-software-can-help-to-protect-against-cryptolocker\/?ref=blog}\" rel=\"nofollow\" style=\"\" target=\"_blank\" title=\"\"><img loading=\"lazy\" decoding=\"async\" alt=\"Share on Google+\" class=\"aligncenter size-medium wp-image-1053\" height=\"75\" src=\"\/blog\/wp-content\/uploads\/2013\/11\/google-plus-this-article-button-large2-300x75.png\" style=\"\" title=\"\" width=\"300\" srcset=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/google-plus-this-article-button-large2-300x75.png 300w, https:\/\/www.poweradmin.com\/blog\/wp-content\/uploads\/2013\/11\/google-plus-this-article-button-large2.png 310w\" sizes=\"auto, (max-width: 300px) 100vw, 300px\"><img class=\"extlink-icon\" src=\"https:\/\/www.poweradmin.com\/blog\/wp-content\/plugins\/external-links-nofollow-open-in-new-tab-favicon\/images\/extlink.png\"><\/a><\/span><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>If you spend a lot of time online, are pretty tech savvy or are in the technology sector, then there\u2019s little doubt that you\u2019ve come across the term ransomware here and there. In a nutshell, ransomware is a type of malware that infects a computer and effectively puts up a lock screen that holds the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":1078,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4,5,13,6,9,8],"tags":[],"class_list":["post-1077","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-general-it","category-how-to","category-pc-security","category-tech","category-technical","category-windows"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1077","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/comments?post=1077"}],"version-history":[{"count":5,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1077\/revisions"}],"predecessor-version":[{"id":3561,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/posts\/1077\/revisions\/3561"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media\/1078"}],"wp:attachment":[{"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/media?parent=1077"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/categories?post=1077"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.poweradmin.com\/blog\/wp-json\/wp\/v2\/tags?post=1077"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}