Running a small business usually means working with a small budget (or a tight one, at least) and network security is often not given the proper attention it deserves. The perceived risk of intrusion/compromise of a small business network is often viewed as being very low: A common line I hear is "We are just a small widgets maker, no one wants to break in to our computers". Research continually shows that hackers are stealing billions from small businesses, due in large part to this attitude towards security. In the minds of many business decision makers who are responsible for IT systems, the term "network security" tends to be synonymous with "antivirus". For them, antivirus represents both the front line defense and the last hope to protect their network. However, there is a better way to protect your valuable data - and it doesn't have to break the bank.
If you haven't heard of CryptoLocker yet and taken action to protect your systems, then you are most definitely flirting with disaster. And not the kind of disaster that causes your server to crash for a few hours or requires you to pay someone to remove a virus. We are talking about the kind of destructive malware that can wipe out years of data and shut down a business. We first wrote about CryptoLocker in a post from September 12th (Read The Severe Threat of Crypto Ransomware as a primer), but in restrospect it doesn't seem that we are sounding this alarm loud enough because we continue to get almost daily calls reporting new infections. Whether you are concerned about your data or think we may be overreacting, I invite you to read on and learn a little more about the threat and what actions you need to take immediately (as in, yesterday) to get ahead of it.
New viruses are released almost continuously and we are usually not out blaring the trumpets about them - the threat is always there, it is continuous, and we try to avoid FUD in our marketing. Taking precautions against malicious software and getting a proper backup should be routine.
However, in the past two weeks we have a seen a rash of reports about a new ransomware virus from security experts, blogs, forums and clients. Called Cryptolocker, the application infects a PC through common vectors (e-mail attachments mostly, from our experience) and is a drastic enough departure from the viruses we typically see that we felt it prudent to inform our readers. Similar to the "FBI Ransomware" and other screenlockers that prompt you to pay to regain access to your computer, this particular program goes a step further by encrypting all documents it can find - both on the local computer and across any mapped drives - rendering them completely unusable. The "ransom" it demands is usually around $300 and climbing. There are older variations that demand far more ($3000+), but they are not nearly as prolific as Cryptolocker.
Page 1 of 19