Locked up, Ferraris and heavy artillery
![cryptolocker[1]](https://844fa9.p3cdn1.secureserver.net/wp-content/uploads/2014/01/cryptolocker1.png)
So yesterday I had my first firsthand experience with a Cryptolocker infection. An end user clicked on an email attachment she shouldn’t have and unknowingly kicked off a silent, evil, background process that encrypted thousands of files both on her local pc AND on network drives where she had write access. Once all of the files were encrypted the user was presented with a pop up window informing her all of her files were now locked and if she wanted them unlocked she had 72 hours to pay a ransom.
The ransom is paid via either a wire transfer or bitcoins, both of which allow the cyberthugs to remain untraceable.
I had read stories regarding Cryptolocker and places that had no choice but to pay the ransom since they had no back ups available. Infections are growing by the day.
Luckily I have implemented a couple layers of back ups on the file server. First we have the nightly back up to a tape library, however using that would mean potentially an entire day of work could be lost on any of the affected files. Instead I used the shadow copy feature I have enabled on these network shares. I had one that ran at noon yesterday, cutting down on the amount of lost work, especially since most of the updating of these files occurs at the start of a business day.
The person that triggered the infection did lose all of the documents stored on the local PC as those were not backed up. Luckily, anything important was stored on the network as it should be.
Now don’t think that having shadow copies (prior versions) turned on will necessarily save you from Cryptolocker. One of the first things it does is delete all prior versions of files on the PC it is launched on. Luckily it can not do this to network drives. Having an external back up drive might not save you either, as depending on how the files are stored there, they could be encrypted as well.
So all in all I spent 4 or 5 hours repairing the damage and making some changes to reduce or vulnerability to end user ignorance in the future. This sort of attack makes options like remote cloud back up very appealing.
Last night I had a bizarre dream. I was in my office at home and all of a sudden a red Ferrari came spinning up onto the grass in front of the window. He did a big donut and then parked in his driveway. He was my new neighbor. Of course this pissed me off but he had done it before so I just let it go and continued working.
Well all of a sudden I start hearing what sounds like heavy artillery fire. The walls and windows of my house are shaking with every shot. The neighbor who was short, thin and bald, a real seedy looking type, was cackling like mad as he was firing towards the palm trees in my yard. His three equally seedy friends were with him, cheering on his artillery assault on my yard.
Well I went ape shit and tore out the door. They had turned around and were firing in the other direction by the time I got outside. In between shots I yell at him to get his attention. As I am about 20 yards away he spins around, drops to the ground in sniper position and fires a couple warning shots that fly by my side. Instinctively I drop to the ground, trying to become a smaller target.
As I am laying there I yell “What the fck are you doing!?” He stops firing and stands up, I stand up as well. Despite just being fired at with heavy artillery my anger again boiled to the top. I say “Two things”, as I hold up two fingers as a visual exclamation point. “Don’t do donuts in my yard…” Before I could continue the guy walks up to me menacingly with his 3 cronies following closely.
He says” You know why I did the donuts, because of the bucket you threw in my yard!” I had absolutely no idea what he was referring to. “What the fck are you talking about? What bucket?” I responded, holding my ground. Just as I was about to cover my second point, which was firing heavy artillery at my yard was unacceptable, I woke up.
This weekend will feature half marathon packet stuffing, a trip to the movies and some sort of endurance training. The slack line will also be strung up for further adventures in balance and patience training.