Use a layered approach to protect yourself from Cryptolocker- By Anshuman Singh

Cryptolocker and similar ransomware attacks are nothing new, and we’ve blogged about them before.  As we said over a year ago, the attackers using these methods continue to adapt their technology and business model to circumvent law enforcement officials and user defenses.

Ransomware is a type of malware that hijacks data on the infected computer and demands a ransom from the user. 

So how did that PC get infected?  Malware can be delivered by a number of methods:

•      Phishing attacks are by far the most common means of infecting users.  The email in question usually invites the victim to click on a malicious link or open an infected attachment.  This method is effective in delivering malware to users who do not have the latest email protection or have not been educated on phishing attacks.

•      Drive-by downloads can infect users who visit a compromised website.  These websites can be compromised through malicious web code, an infected third-party piece of software, or website code that has been changed by the attackers.  This risk can be mitigated with a web filter and up-to-date antivirus software.  Other strategies include limiting user permissions and disabling Java in the browser.

•      Computers that are already infected with malware can download and install new malware, including Cryptolocker.

Sometimes the infection is a result of a mix of the above methods, as explained in this post at Malwarebytes.  A user attempts to install something, gets tricked into installing something else, and is infected by a drive-by download in the background.  Whatever the details, the majority of malware is installed when users are tricked into clicking on something.  That’s whyuser education is so important to the overall defense strategy.

Because Cryptolocker and its variants are constantly adapting to new defenses, it isn’t enough to identify the virus and protect yourself from that specific threat.   The best approach is to secure the threat vectors, so that the entryways to the network are fully protected. 

(The Author is Director, Product Management of Application Security, Barracuda Networks)