CSC Cyber Intelligence Threat Advisory — Cryptolocker Update
As this threat has continued to evolve, Cryptolocker has demonstrated advanced evasion techniques and encryption methodologies. It also has become network aware and capable of searching for specific file types to encrypt on infected systems and shares.
While removing the threat is relatively simple, the path of destruction that may lie in its wake can be enormous. Numerous products will detect and mitigate this threat, however, usually only after specific indicators are flagged, and some files have already been encrypted.
CSC Global Threat Intelligence recommends the following:
- Update anti-virus engine and definitions as feasible in the environment.
- Use caution when opening attachments and never open an attachment you aren’t expecting.
- Consider implementing a “least privilege” posture for access to corporate/sensitive information.
- Perform regular backups and ensure those backups are stored off the network in case a compromise occurs.
- Use mail/spam firewalls to filter all content destined for users on your network.
- Block all .zip files unless there is a business case to receive them.
- Educate users regarding the dangers of phishing emails and spam.
For background on Cryptolocker, as well as some examples of recent changes that have allowed the threat to remain effective, read CSC Cyber Intelligence Threat Advisory’s Cryptolocker Update Report.