by Michael Menor, Network Technician
All businesses, big or small, have client data which is the life blood of their company. Losing this data can prove deadly; even worse having this data held hostage.
The purpose of this article is to explain the importance of data security with encryption and also viruses like CryptoLocker which purposely encrypts your data and requests that you pay a ransom to release this data. This nasty little virus is no joke, many companies have fallen prey to it and have paid the ransom which ranges anywhere from $300 and upwards to $2000.
Let’s talk about this CryptoLocker virus. “What is it?” you ask. This is a piece of ransomware that targets computers with the Windows operating system. This virus is spread as an email attachment and has been seen to pose itself as a voicemail message.
Once CryptoLocker is installed on your computer, it encrypts all documents on your local computer, as well as ones that are stored on network drives and external storage. The encryption used is strong, 2048-bit, cracking this level of encryption is impossible.
It would take approximately 6.4 quadrillion years to break. Even if you were using a super computer it would take a very long time to break.
Hard drive encryption should be the first step in ensuring data integrity. Microsoft has their own encryption technology called BitLocker, which is only available on Windows Enterprise and Ultimate editions.
TrueCrypt is a free alternative. The only problem with this is that once you authenticate the drive that is secured with either software, it is ready for use and allows the user to freely read and write to the drive. Which in turn lets other programs on the computer do the same.
In regards to TrueCrypt, it has no supporting management infrastructure, and no key recovery system. If you forget your password, or something goes wrong with the TrueCrypt file, there is no way to get your data back. You must therefore keep separate backups. Another alternative to hard drive encryption is backing up your important data to the Cloud. You don’t have to worry about maintaining a storage server or carrying around an external hard drive. Everything is available to you wherever you go as long as you have an Internet connection.
Talking about all this data security will not stop the standard user from opening email attachments without verifying the sender of this file. Having proper net etiquette training can be very useful, you want your employees to understand the risks of these attachments and the possible risks involved when they’re viewing their email or even browsing the Internet.
Before users open any email attachments they should ask themselves. Is the email address trusted? Were you expecting an email from them? Is the spelling and grammar consistent with what you’d expect from the sender?
Security Expert, Nick Shaw has created software that can prevent CryptoLocker. This software prevents CryptoLocker from ever executing and has been proven to work on Windows XP and Windows 7 workstations.
Contact us for more information on how to prevent viruses or if you have any questions regarding data security and backups.