Cryptolocker is a new rapidly growing form of malicious ransomware that spreads through infected emails and websites. Cryptolocker is causing serious havoc globally in the business community where cybercriminals hold the user ransom, encrypting the contents of their computer and potentially gaining access to the infected computer. This ransomware permanently locks up all of your personal or business files found on the infected computer.
Smile IT was recently called by a business in Brisbane to rescue them when files on one of their business systems failed to function. This business has various offices across Australia and internationally. They desperately needed help and Smile IT immediately got to work.
Smile IT Parachuted In
Smile IT’s trained IT professionals jumped into action and started to troubleshoot the issues at hand. Our technicians successful logged into the infected machine hosting the Cryptolocker-infected files and attempted to replicate any of the reported issues. Smile IT technicians found that a large number of files on the computer were corrupted, notably Excel, Word and various pdf documents—Targets for the Cryptolocker virus.
Smile IT technicians determined that Cryptolocker was the root cause of the issues after the Brisbane company reported that one of their users received an email from a bank, but not the bank they normally use. This email contained the malicious payload and was executed when the user opened the ZIP file enclosed in the email. The user also had a message on their screen stating they had to pay $300 to decrypt the files. This is when Smile IT confirmed Cryptolocker was the culprit.
Our engineers immediately disconnected the infected computers from the network limiting any further potential damage and stopping the infection from spreading. Smile IT took all the infected computers back the company’s main office in Brisbane for further analysis. However, the virus started to spread across their corporate network and was infecting files on the corporate servers.
Smile IT attempted to recover files from Shadow copies and using other mechanisms with no luck. However a solution to this Cryptolocker problem was just around the corner.
Smile IT’s Business Continuity and Disaster Recovery Service Saves The Day!
Fortunately, Smile IT had a tried and tested disaster recovery solution in place for this client. By using the StorageCraft ShadowProtect disaster recovery solution we performed incremental backups of their corporate network on an hourly basis to an external storage device located on a separate network—By doing this we were able to prevent Cryptolocker from spreading to the backup servers. Once we determined when the infection occurred, our technicians were able to recover all corporate data prior to the infection occurring, essentially removing the virus from the network.
Removal of CryptoLocker wasn’t a problem as the antivirus solution recommended by Smile IT already released antivirus definitions and signature files to remove any traces of the Cryptolocker virus. Machines were cleaned and all Cryptolocker infections were removed.
Lessons Learned
This process was a learning experience for both the team at Smile IT and their client; and has once again proved the case that all businesses in Brisbane, The Gold Coast and The Sunshine Coast must have an effective disaster recovery solution in place. Not all disasters are weather related. It has also demonstrated that even with a full antivirus service installed, malware can still get through and cause extensive damage to your business and even your corporate reputation.
Smile IT’s recommendation? Businesses through the Brisbane region must ensure backups are performed regularly and that all files can be restored when disaster strikes! Smile IT recommends using our business continuity and disaster recovery service because backup images are verified upon creation, and tested regularly to ensure that all data is recoverable when a disaster strikes.
Another recommendation for businesses in Brisbane is to train all users on what to watch out for and not to open any suspicious emails. Banks, Credit Card companies and many of your service providers will not send you important documents or files using email without your knowledge, and often will be on the telephone with you when they are sent.
Has your business been hit by the Cryptolocker virus? If you’ve fallen victim to this nasty malware, please contact Smile IT, your Brisbane IT support experts. We will work with you and attempt to get your data back. Do not pay the ransom.
Your business must have a business continuity solution in place. For more information about a disaster recovery solution to protect your business, contact Smile IT at 07 3173 1991.