The CryptoLocker ransomware has shifted its focus away from consumers and small businesses to enterprises.
Speaking to IT Security Guru, Symantec security strategist Sian John said that in the last two weeks, enterprises had begun to see it getting blocked at the gateway and she expected that those who had been hit was due to “bad hygiene”.
She said: “It has hit a few enterprises and not only is this a big development, but the enterprises that have better security are blocking CryptoLocker and this is across verticals such as financial services, building companies, pharmaceuticals. This is not a massive outbreak and companies can deal with it though it does require more hygiene.”
She went on to say that even though malware is blocked, it has seen that CryptoLocker is using the Zeus command and control channels to download to endpoints. “It was fake anti-virus that was a threat, and then it was ransomware as this is picking up with the SMB as there is not a problem with enterprises at the moment as they have good security,” she said.
“What we have seen in the last two weeks is a spike, but it could be collateral damage and it is surprising that it has moved to attempt to hit enterprises as this is a bit of a change. The advice for this is forget malware, this is about backing up.”
John said that often the problem is SMBs rely on built-in software but often do not use it. “Most companies back up well, and the bigger you are the more you need to do it. But the problem with backing up is if you do a real time sync of files and those files are encrypted with ransomware, then you will back up the encrypted file.
“Small and medium businesses have been hit and their fileshare is encrypted, and it is not easy to map a drive, but with SharePoint available you should have good backup processes and you can restore from it. If you get encrypted by ransomware then there is no point paying it as it will fund malware research.”