Strains of ransomware are always evolving, but it’s worth knowing about one of the first – the Cryptolocker Ransomware Attack.
But I imagine you may have stumbled upon this page looking to understand what the Cryptolocker Ransomware Attack was. But before we reveal it all, let’s talk about Ransomware…
What exactly is Ransomware?
Ransomware is a type of malware that targets a victim’s files and encrypts them. Following this, the attacker then commands the victim to pay a sum of money (or bitcoin) to provide access back to the stolen or withheld data.
In most circumstances, the victim is given an easy-to-follow guide (nice, right?) on how to pay for a decryption key to get the files out of the attacker’s hands. Amounts vary wildly from a few hundred dollars to instances where millions of dollars are demanded.
But hang on, how do the attackers do this?
The short answer is by any means possible. Hackers often look for holes in internet security systems or general user errors. Finding a weak user with an easy-to-guess password could be all one cybercriminal requires.
However, the most common route is email phishing. At Excellence IT, we continually see users being targeted with very sophisticated email phishing scams. Usually, the target is sent an email that is disguised to look like a communication from a colleague or supplier, asking the recipient to view and download the attached document, invoice, or media clip.
If the user does interact with this infected file, the attacker can usually gain access to a profile and in turn a business network within minutes. And once they are in, they can do whatever their heart desires (99% of the time it’s bad intentions too, no rearranging your desktop or emptying your recycle bin, unfortunately)
But the most important thing to know is that at the end of the process, the files cannot be decrypted without a mathematical key known only by the attacker.
So, you now know and understand what ransomware attackers are.
But what is Cryptolocker and why is it important?
The most interesting piece of information about this is that ransomware trains have actually been in circulation since the 1980s. These scams were demanded through snail mail and declared payment through cheques and physical money.
Obviously now, we are used to all ransomware being done over the internet as it’s much more lethal to modern businesses.
So, Cryptolocker ransomware attacks were first spotted in 2013. The attack being reported to have infected over 250,000 devices in its first 4 months of circulation. This is because Cryptolocker was the first sophisticated attack of it’s kind, by encrypting Windows operating system files and making them unusable and restricted for users.
This type of attack changed the way ransomware was demanded against its victims. Whereas before, attackers could just threaten with supposed evidence they had on the user. Cryptolocker made it more important than ever that MSPs had advanced protection in decrypting and saving a business from a huge financial hit. Or worse, bankruptcy.
Ransomware attacks are bad news for any business. But understanding that there is help available with your IT provider is vital in not losing out on time, resources and money. Our partnerships with Datto, Mimecast, and Webroot ensure that we have advanced threat protection and technology that can always help in your hour of need.