It’s almost hard to believe that CryptoLocker only turns three this month. This IT nightmare that started the ransomware craze first appeared in September 2013, letting hackers encrypt files and hold them hostage. Within the first 100 days alone, CryptoLocker made over $30 million dollars.
As many businesses have learned firsthand, CryptoLocker starts with social engineering and a simple email which infiltrates the system and encrypts files with a 256-bit AES key. Once the malware has infected the system, the only fix is to wipe the system and recover the latest backup—otherwise you’re forced to pay the ransom.
The nightmare continues
You don’t hear much about CryptoLocker anymore, but the new ransomware variants are just as dangerous—if not more so. Take CryptoWall for example, which first appeared in June 2014. The most recent version, CryptoWall 4.0, encrypts not only the files, but also the file names, making it impossible to tell which files are which. Peyta on the other hand encrypts your hard drive or the Master File Table (MFT). If anything is done to try to decrypt without paying the ransom, all your data is wiped.
New ransomware strains to watch out for
CryptXXX is widely spread through spam, and each new variant is designed to dodge the latest decryption tools. The most recent version, CryptXXX 3.1, scans for shared Windows drives and quickly encrypts each one—but that’s not all. If you think encrypting your entire network is bad, it also utilizes StillerX, a credential DLL tool that can steal emails, browser data, and even VPN credentials. To avoid this fast-spreading ransomware, you need robust network and end-point security protection.
CryptoLocker has certainly come a long way from when it started three years ago, and it has inspired vicious new ransomware strains like CryptXXX 3.1, which are continuing its destructive legacy. Ransomware is no joke, and it is becoming more sophisticated. Now more than ever, MSPs need to set their SMB customers up to protect against these rampant threats.