Many of you are already aware of Cryptolocker, a malware campaign associated with an increasing number of ransomware infections. This particularly nasty piece of ransomware restricts access to infected computers and requires that the victim pay the attackers through a money services like moneypak or bitcoin in order to download the key to decrypt the files. However, even when the payment is made, often the key never comes or doesn’t work.
So far, CryptoLocker is mostly spread through phishing emails designed to look like legitimate businesses and phony FedEx and UPS tracking notices. Once you’ve been tricked into downloading, the malware has the ability to find and encrypt files located within shared network drives, USB drives, external hard drives, network file shares and even some cloud storage drives; CryptoLocker then connects to an external command and control server to deposit the encryption key.
Those infected with Cryptolocker can expect to pay $100 to $300 in cash or bitcoin to get a key that can decrypt it, or recover all your data from a backup — though it’s rumored that the virus also interferes with making restore points you could recover to.
Fortunately Sendio has several built in safeguards to protect against this type of malware. First up is Silverlisting, in which messages from servers who will not retry messages are blocked. This safeguard blocks the vast majority of email-borne malware and phish trying to get to you. Next we employ the antivirus ClamAV. Any message which somehow made it past Silverlisting and is carrying malware recognized by ClamAV will be blocked. New virus signatures are checked for and downloaded once per hour. We then use Zero-hour Virus to block any message coming from a server which is exhibiting suspicious characteristics.
After Zero-hour Virus, we check for IP Reputation, marking any server that makes it past the previous checks but has a poor reputation as suspicious and held for admin review. After this any message purportedly from a well-known domain which publishes an SPF record but which does not come from an official server for the domain will be blocked.
The final stage of this gauntlet is the contact check, in which any message from a sender unknown to the recipient will be held pending a reply to our Sender Address Verification.
Because of this multi-tiered ordeal, Sendio has an excellent track record of stopping malware and viruses before they ever reach your inbox. Our customers have reported complete elimination of SPAM and phishing attempts in addition to the hours of IT time saved by not having to deal with this type of mail or its consequences. While it goes without saying that no matter how well you are protected, you should do everything you can to educate users about what they open, Sendio can help train your inbox and ensure that malware like Cryptolocker never affects your system.