Last week I wrote about CryptoLocker in Offsite Backup: Thwarting the Profitable Encryption Malware Cryptolocker, the well-known malware that is categorized as ‘ransomware’ – it encrypts files on your computer and refuses to decrypt until you pay the malware authors a fee. To help combat the malware spread, CIS (Center for Internet Security) released some pointers for organizations concerned about possible infection:
Block traffic to a number of IP addresses at your network perimeter devices to prevent the malware from getting the encryption key from the C2 server. These are just a few (see the rest of them here):
Here are some sample email subjects, attachment naming conventions, sender email addresses, sender IPs and hosts that might indicate presence of the malware:
Subject: “Annual Form – Authorization to Use Privately Owned Vehicle on State Business”
Attachment: Attachments follow the naming convention of “Form_[Varying Digits and Numbers].zip. For example: Form_nfcausa.org.zip, Form_20130810.exe, Form_f4f43454.com.zip.
Spoofed Sender: “[email protected]” “[email protected]”
Sender IP: 209.143.144.3
Sender Host: mail.netsential.com
CIS also lists a few registry and file system path indicators for Windows. Other recommendations include:
Find out more about offsite backup, as well as how to ensure you can recover a copy of your files if all else fails. Read our Disaster Recovery white paper for tips on creating a comprehensive business continuity and IT disaster recovery plan for your critical data and systems.
References:
CIS Cyber Alert – Cryptolocker Indicators
Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.