Cryptolocker malware hit New Zealand’s Inland Revenue Department last year, encrypting 3500 files and demanding a ransom to restore them. IRD got them back without needing to pay – but could your business do the same?
Reseller News reports that IRD was the victim of a cryptolocker malware attack last November. The malware took hold after an IRD staff member clicked an infected link in a phishing email. The malware then encrypted 3500 files, making them inaccessible to staff unless they paid a ransom.
Fortunately, IRD had all the files backed-up. This means they could just restore old versions of the files, backed-up before the cryptolocker malware hit.
So in the end, things worked out fine for them. But without backups, it could have been a different story.
What can your business learn from this?
Staff education and awareness is the best defence against cryptolocker
Educate your staff so they can recognise and respond to phishing emails and scam emails
Cryptolocker usually only takes hold because someone within an organisation clicks an email link they shouldn’t. It’s not something to feel bad about – it happens to thousands of people around the world. Cryptolocker wouldn’t be a thing if it wasn’t so easy to fall for.
IRD recognised that they needed to help their staff identify and respond to phishing attacks. Since the November attack, they’ve introduced additional “user education and awareness”. This is a great move, and one we highly encourage all businesses take. If your users are aware of the risks, and trained to respond, it’s much less likely phishing attacks will succeed against you.
Phishing tests like our ScamProtect are a clever way to do this. We send your staff a series of emails designed to look like phishing emails. Only difference is, these emails are completely benign: fake phishing emails which don’t follow through on a scam. They give your staff the practice and experience they need to deal with real phishing emails – the ones that could actually cost you.
Preventive measures can help stop cryptolocker risks before they reach your staff
Have anti-virus software, email filters and firewalls in place
Some number of phishing and scam emails are inevitable. But you can reduce the number that reach your staff, and help defuse any damage they might cause.
- An email filter like MailProtect identifies, filters out and quarantines anything it identifies as spam, viruses or spoofed emails (emails engineered to look as if they’re from a legitimate sender, but are really a scam). This means your staff never have to deal with them.
- Anti-virus software like UserProtect can stop malware from opening.
These shouldn’t be your first line of defence, since they might not catch absolutely everything – for example, the newest threats. But they add a good layer of protection, and peace of mind. IRD is taking this path, too, implementing “anti-virus updates and updates to [their] email and web proxy services”.
Backups can help you recover from successful cryptolocker attacks
Back your files and systems up so if they’re compromised, you can retrieve you saved copies
A successful cryptolocker attack will encrypt your files so you can’t access them. Unless you pay a ransom, those copies of your files are gone.
But a straightforward way of getting around this is having your files backed up. Even if one of your files is encrypted, you can return to an earlier version. This is what saved IRD.
Backups are really important. Essential for your business. There’s plenty of other reasons you might need them, too: such as if you accidentally delete a file, it gets corrupted, you lose your device, your server crashes – the list goes on.
You want a backup service which:
- Is easy and automatic.
- Provides easy file retrieval – so you can get your files back quickly.
- Is secure.
- Follows the 3-2-1 rule for backups.
Our CloudBackup service is a great option, if we do say so ourselves.
Your cryptolocker defence in summary
- Educate your staff so they can recognise and respond to phishing emails and scam emails
- Have anti-virus software, email filters and firewalls in place
- Back your files and systems up so if they’re compromised, you can retrieve you saved copies
With all that, you’ll be in a pretty good place to defend yourself against and respond to cryptolocker attacks.
Want to make sure your business is ready? We’re here to chat with you now.