Use a layered approach to protect yourself from Cryptolocker

Cryptolocker and similar ransomware attacks are nothing new, and we’ve blogged about them before. As we said over a year ago, the attackers using these methods continue to adapt their technology and business model to circumvent law enforcement officials and user defenses.
Ransomware is a type of malware that hijacks data on the infected computer and demands a ransom from the user. Here’s a video demonstrating Cryptolocker in action:

https://youtu.be/k4QrK_IBRcI

So how did that PC get infected? Malware can be delivered by a number of methods:

• Phishing attacks are by far the most common means of infecting users. The email in question usually invites the victim to click on a malicious link or open an infected attachment. This method is effective in delivering malware to users who do not have the latest email protection or have not been educated on phishing attacks.
• Drive-by downloads can infect users who visit a compromised website. These websites can be compromised through malicious web code, an infected third-party piece of software, or website code that has been changed by the attackers. This risk can be mitigated with a web filter and up-to-date antivirus software. Other strategies include limiting user permissions and disabling Java in the browser.
• Computers that are already infected with malware can download and install new malware, including Cryptolocker.

Sometimes the infection is a result of a mix of the above methods, as explained in this post at Malwarebytes. A user attempts to install something, gets tricked into installing something else, and is infected by a drive-by download in the background. Whatever the details, the majority of malware is installed when users are tricked into clicking on something. That’s whyuser education is so important to the overall defense strategy.

Because Cryptolocker and its variants are constantly adapting to new defenses, it isn’t enough to identify the virus and protect yourself from that specific threat. The best approach is to secure the threat vectors, so that the entryways to the network are fully protected. For a better explanation of threats and threat vectors, take a look at this video. Ruoting Sun and Steve Pao explain:

https://youtu.be/tHHj1jJ8TvE

Ruoting Sun – Senior Product Marketing Manager
Steve Pao – GM Security

One break in an attack sequence can prevent the installation of Cry
ptolocker. Using a layered approach to security gives you the opportunity to break the sequence at several levels. Protect your users with email, web, network, and mobile security. In the event that you cannot stop an infection, a proper backup solution and disaster recovery strategy will ensure that compromised data can be restored.

We implement this layered approach with Barracuda Total Threat Protection. Here’s how that breaks down in terms of solutions and threat vectors: