Cookies help us display personalized product recommendations and ensure you have great shopping experience.

Uncategorized

CIS Cyber Alert Releases Recommendations to Combat CryptoLocker Malware

onlinetech
onlinetech
3 Min Read
Image

ImageLast week I wrote about CryptoLocker in Offsite Backup: Thwarting the Profitable Encryption Malware Cryptolocker, the well-known malware that is categorized as ‘ransomware’ – it encrypts files on your computer and refuses to decrypt until you pay the malware authors a fee.

ImageLast week I wrote about CryptoLocker in Offsite Backup: Thwarting the Profitable Encryption Malware Cryptolocker, the well-known malware that is categorized as ‘ransomware’ – it encrypts files on your computer and refuses to decrypt until you pay the malware authors a fee. To help combat the malware spread, CIS (Center for Internet Security) released some pointers for organizations concerned about possible infection:

Block traffic to a number of IP addresses at your network perimeter devices to prevent the malware from getting the encryption key from the C2 server. These are just a few (see the rest of them here):

  • 46.149.111.28
  • 83.69.233.25
  • 144.76.192.130
  • 192.155.83.72
  • 212.2.227.70
  • 95.59.26.43
  • 162.243.66.243

Here are some sample email subjects, attachment naming conventions, sender email addresses, sender IPs and hosts that might indicate presence of the malware:

More Read

Rackspace and Intel Cut the Ribbon on OpenStack Innovation Center
Gamification Must Drive Software Ergonomics
Text Analytics in Telecommunications – Part 3
PatraLaiKhak: The Letter Writer
How to Make Sure Your CRM Dashboards Are More Than Just Pretty Pictures [VIDEO]

Subject: “Annual Form – Authorization to Use Privately Owned Vehicle on State Business”
Attachment: Attachments follow the naming convention of “Form_[Varying Digits and Numbers].zip. For example: Form_nfcausa.org.zip, Form_20130810.exe, Form_f4f43454.com.zip.
Spoofed Sender: “fraud@aexp.com” “Dewayne@nfcausa.org
Sender IP: 209.143.144.3
Sender Host: mail.netsential.com

CIS also lists a few registry and file system path indicators for Windows. Other recommendations include:

  • Most emails containing CryptoLocker are sent via spoofed email accounts – spread awareness throughout your users to ensure they check the email senders before opening
  • Block traffic to the listed IP addresses at your network perimeter devices
  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources
  • Remind users to be cautious when clicking on links in emails coming from trusted sources
  • Check antivirus is installed and for updates
  • If infected with CryptoLocker, remediate the infection via antivirus. Following the remediation, restore any encrypted files from backup or system restore points and volume shadow copies.

Find out more about offsite backup, as well as how to ensure you can recover a copy of your files if all else fails. Read our Disaster Recovery white paper for tips on creating a comprehensive business continuity and IT disaster recovery plan for your critical data and systems.

image: malware/shutterstock

TAGGED:
Share This Article

Follow us on Facebook

Latest News

AI role in medical industry
The Role Of AI In Transforming Medical Manufacturing
Artificial Intelligence Exclusive
b2b sales
Unseen Barriers: Identifying Bottlenecks In B2B Sales
Business Rules Exclusive Infographic
data intelligence in healthcare
How Data Is Powering Real-Time Intelligence in Health Systems
Big Data Exclusive
intersection of data
The Intersection of Data and Empathy in Modern Support Careers
Big Data Exclusive

Stay Connected

You Might also Like