May 19, 2014

Cryptolocker / Cryptorbit Ransomware

Posted by

What is it?

This is a VERY nasty and VERY clever form of ransomware

The principle is simple. Your files get encrypted, you have no backups, you resort to paying the criminals. The only way to do this is using a Tor browser on ‘the dark web’ and paying using Bitcoins, typically .6 or.8 of a Bitcoin – roughly £200-250. Untraceable and brilliantly nasty.

The infection is usually spread via a zipped e-mail attachment containing a file dressed up as a pdf file.

Sorry to say that if you have no backups, there is no way to retrieve your data intact. There are several sites that can help with retrieving a certain amount of the file itself, as only a small proportion of the beginning of the file is actually encrypted. We know of at least two companies who were infected and then found their backup strategy was seriously flawed or missing (they were not our clients at the time!). They resorted to paying the ransom in order to obtain the decryption key and get their data back.

If you have found this page and need help with this problem, please contact us using the information below.

We strongly recommend a multi-threaded approach to these more sophisticated threats. More modern forms of Endpoint Protection that provide ‘zero hour’ protection should provide adequate protection, but you simply cannot rely on one point of defence. What happens if the local protection is disabled for some reason or just not functioning as it should? It is best to combine this with sophisticated e-mail security as well as web security as an absolute minimum. Adding a UTM (unified threat management) firewall/gateway device as well, is also strongly recommended.

See our Security page for belt and braces protection against this sort of threat.