Ransomware Recovery – Be Ready in Advance

Back in February of 2014, we shared our survival story regarding Cryptolocker, an extremely nasty and expensive malware virus that generally spreads through email. Because Cryptolocker was recently in the news again (Warrick County Prosecutor’s Office Admits 2014 Breach), we thought it wise to continue to raise awareness so that you can take steps to protect yourself or your company from similar attacks.

cryptolocker ransomware

What is Cryptolocker?

Cryptolocker is simply the most well-known version of a class of malware known as ransomware. Ransomware works by encrypting important files on your computer(s), effectively making them unavailable to you. You’re then asked to pay a ransom in order to regain access to those files. The original version of Cryptolocker has been essentially eradicated from the wild, but there are hundreds of variants and they continue to evolve, which makes it harder to avoid them. Names of variants and copycats include:

  • BitCrypt
  • TorrentLocker
  • CryptoFortress
  • Teslacrypt
  • VaultCrypt
  • Many, many others.

Our previous article explains with good detail how ransomware works and it is worth reviewing.  It also gives advice on systems you should have in place to protect yourself from it, as well as systems you should have in place to assist you in recovering should it get past your security defense systems. We certainly believe that your approach needs to involve multiple layers of defense, but you must also be prepared for a recovery operation should there be a security incident. Assuming that your systems cannot be penetrated is foolish.

File Versioning

We also now amend those recommendations to include automatic file versioning of storage systems. When you use a document storage system that includes file versioning (such as Google Drive), you have the ability to restore any file to a previous version of that file. When malware encrypts the file, it essentially creates a new version. It is generally an easy process to revert back to the previous version and you’re back in business.

That’s one of the reasons we have become proponents of services like the LTcloud. It includes file versioning and saves all changes made to files over the last six months. It also includes a host of other great features that assist in implementing a good security plan.

The bottom line is that you need to plan in advance for a security breach. It’s no different than what you do with your home. You lock up your home at night and when you leave, but you also have a homeowner’s policy that covers theft. You need to view the protection of your data systems with the same philosophy — locks and insurance.