01-800-1-INGRAM (46-47-26)

Is Your Security Strategy Playing Right Into CryptoLocker’s Clutches?


Dec, 13

Is Your Security Strategy Playing Right Into CryptoLocker’s Clutches?

In my last blog post I talked about the surprising “wait-and-see” approach 44% of IT professionals take with regard to selling BDR (backup and disaster recovery) services, and I shared 4 best practices cloud backup vendor Intronis recently revealed based on interviews and observations of its top MSPs. The emergence of CryptoLocker earlier this year offers another strong incentive against being too passive about selling cloud-based backup.

How CryptoLocker Works
The CryptoLocker virus works its way onto computer networks much like any virus does – through a phishing scheme that tricks unsuspecting victims into opening an email attachment (e.g. “usPS – Missed Package Delivery”). Although the attachment may appear to have a harmless .pdf or .doc extension, behind that façade is an executable file that launches when the attachment is opened. Once activated, the program is engineered to scan computers and networks for common business file extensions such as .doc, .ppt, .xls, and .accdb, after which it encrypts the files using a 2048-bit RSA public/private asymmetric key pair, where the public key is stored in an off-site class 2 (C2) file server that the victim is unable to access. Once CryptoLocker has encrypted all detectable files, victims receive a popup message letting them know their desktop has been hijacked and unless the user pays a ransom fee within 72 hours (approximately $300, payable through BitCoins or GreenDot MoneyPaks), the private half of the encryption key will be deleted.

Those who wait for the CryptoLocker countdown to expire find a second chance offer begins – only this time the ransom is upped to nearly $10,000!

Within the past couple of months, managed services company Pact-One received a call from a cosmetic dental client who had inadvertently launched CryptoLocker on its network and by the time the partner responded to the problem, nearly 1 TB of the practice’s data had been infected. Making matters worse was the fact that the client was several weeks behind on its local backups. Fortunately the client’s data was also being backed up daily to the Intronis cloud, and the MSP was able to recover all of the client’s files within a 24-hour period. Although it might have initially required some persuasion on the part of the MSP to convince the client to add this “extra” layer of protection to its business, you can be sure the client is very appreciative now that its MSP partner didn’t take a wait-and-see approach to selling cloud-based backup, which would have played right into CryptoLocker’s clutches.

If you have a small business customer that you’re expecting to be put through this kind of ringer before discussing their disaster recovery plan, it’s time to rethink your sales strategy and make a firm New Year’s resolution to change.

Drop a comment

Your email address will not be published. Required fields are marked *

COLOR SCHEME Unlimited color options are avaliable via Options Panel.