Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Businesses offer best practices for escaping CryptoLocker hell

Ellen Messmer | Nov. 15, 2013
Fighting cryptolocker malware: Data back-up and restoration regarded as the only way to really make sure you get files back

It is an IT nightmare: Businesses hit with the CryptoLocker malware find their electronic files locked up inside strong encryption and the extortionist operating the malware botnet demanding money to give them the security key that would let companies get their data back.

What do you do to escape this crypto hell of ransomware? A few corporations here detail their experiences with the nasty malware and say in many cases back-up and restoration was their only way out.

"My shop manager was trying to open a file and his computer kept coming up with an encryption error," says Chris Albrecht, officer manager at W.C. Machine & Tool, about the shock of finding out CryptoLocker had struck the metal fabrication and engineering firm he works at. "We tried other files on the network," including those in a storage server, but they, too, all appeared to be inaccessible. "It all came out of the blue."

What happened a couple of weeks ago at the Chandler, Ariz.,-based W.C. Machine & Tool is that someone there opened an e-mail with CryptoLocker in the attachment. The ransomware then aggressively spread to infect Windows-based computers and encrypt files wherever it could.

W.C. Machine & Tool immediately contacted its IT services provider, Mytek Network Solutions, and an account manager there, Theo Soumilas, says it was evident that tens of thousands of files were encrypted so W.C. Machine & Tool couldn't access them. At one point, there was some kind of extortion message asking for money in exchange for the encryption key, but nobody advocated going along with that.

The decision was made that it was necessary to basically "dump" the entire encrypted file contents and re-make the network file installation through back-up and restoration. W.C. Machine & Tool does daily back-up with its cloud provider, Axcient, and the restoration was completed over several hours one weekend.

Another Axcient customer, the Washington, Pa.-based law firm of Yablonski, Costello & Leckie, had a similar unsettling encounter with the CryptoLocker ransomware over the last few weeks, too.

As far as the law firm can discern, says attorney J. Scott Leckie,  it all started when another attorney for the firm was on his home computer, logged into the corporate network, and apparently opened an e-mail attachment containing CryptoLocker.

"All of a sudden his laptop went black," says Leckie. Then suddenly others at the law firm were locked out of their Windows-based computers, too. The law firm called its tech-services support firm, Ceeva, and "we said, something is wrong here, we don't know what," says Leckie.

CryptoLocker had struck once more, dodging Symantec anti-malware and spam filtering, says Rick Topping, vice president at Ceeva. CryptoLocker is so "dynamic," Topping remarked, it sometimes manages to evade anti-malware software. Ceeva, too, found it was necessary to go through a back-up and restoration process to regain its files, which in this case took half a day.


1  2  3  Next Page 

Sign up for Computerworld eNewsletters.