IT Security Alert: Crypto-locker April 2017

We would like to alert you all to the fact that we have recently been made aware of a spate of extremely serious ‘CryptoLocker’ attacks that have unfolded across a number of businesses over the last 24 hours.

Those who are responsible for the attacks are using a process known as ‘brute-forcing’ to access users admin accounts – this process involves using a password generator to cycle through possible passwords until the hacker eventually gains access to the targeted account.

Once the hacker gained access to the accounts they then remove all anti-virus and IT security software that the company had installed on their system and destroy all existing back-ups of company data before installing a crypto-locker on the company’s remaining, essential data. This will effectively shut down the companies IT network and prevent them from operating until a ransom is paid out.

We suspect these attacks are being carried out by an induvial or group of people as opposed to the automated ‘bot’ systems that we usually see carry out these attacks. Those responsible are researching their victims and setting ransoms relevant to the size of the business that they believe the company will pay out to gain access to their data again.

This attack is far more sophisticated than previous cyber-crimes that we have seen and is a worrying evolution on the existing CryptoLocker security threats. These attacks have managed to bypass pre-existing and outdated security software and shown that companies need to adopt a more intelligent, expansive and adaptive IT security framework to combat developing trends in the cybercrime industry.

With cyber-attacks hitting over half of all UK businesses in the last year* we would like to take this opportunity to stress to companies the importance of taking this rising threat seriously and developing strategies to fight cyber-crime.

The evolution of hacking and cyber-attacks is an endless process, as we learn to defend against them they change and develop to evade our security measures – it’s imperative that companies invest in security measures and ensure they are at the forefront of the cyber-security arms race, constantly adapting to meet the pressures applied by cyber-criminals.

 

What we recommend

  • Firstly we recommend installing remote monitoring services across your system so either ourselves or your current IT Support provider can identify suspicious activities across your system and alert you to security threats as they emerge.
  • We then recommend having a discussion about installing a sophisticated security framework across your network, this latest attack has shown that hackers are becoming increasingly intelligent and the methods they are using to attack companies have evolved beyond standard anti-virus and security infrastructure.
  • Brute force attacks have a higher rate of success with simple and short passwords, keep your passwords longer with complex combinations of numeric and alphabetic characters with symbols included. For more information on passwords follow this link to some great advice from our security partner Sophos: https://www.sophos.com/en-us/security-news-trends/it-security-dos-and-donts/tip-7.aspx
  • Lastly, education is key. These attackers gain access to systems often through infected links or emails, teach your staff to identify the tell-tale signs of a cyber-attack and ensure they’re keeping the company protected by warding off any possible cyber-attacks.
  • UPDATE: We are also now recommending that users locate their last good backup tape and store this file separately from their main systems, preferably in OFFLINE storage. This measure would ensure that in the event of a security breach and a loss of data, the users’ systems could still be restored from the offline backup copy and would prevent the total loss of data as the hackers intended.

 

For information and advice on protecting your business and prevent attacks of this nature, please consult the following guide: here.

Alternatively, please call 01733 297100 or email info@kamarin.co.uk if you have any questions about the above story.

Follow us on social media for more information as the story develops.

 

*The Telegraph, 2017