Four Yorkshire-based SMEs had a lucky escape from the clutches of the CryptoLocker ransom malware after an IT services firm was able to restore their data from backups.
The company was understandably cagey about identifying the victims or the business sectors they operate in, but said it had helped four businesses in 2014.
Other interesting themes were emerged fomr their account of the attacks. According to Oughtred and Harrison director James Smith, all of the victims were running up-to-date antivirus and anti-spam software “but it still got through.”
It wasn’t clear how the malware pierced these defences, but an email attachment was the most likely path. None of the victims had paid a ransom and all data was restored from backups although each endured downtime while the clean-up took place.
According to Smith, firms remains incredibly vulnerable to social engineering attacks.
“More malware is trying to spread using social engineering. The advice is simple. If you get an email attachment from an unknown source, or even supposedly from someone you know, but it looks suspicious, don't open it and delete it immediately,” said James Smith.
The problem, of course, is that this is not easy to put into effect. People do have to open attachments and defining ‘suspicious’ can be difficult if the emails come from spoofed addresses.
Addresses used by CryptoLocker in the UK included apparent communications from Companies House and couriers.
Firms using Windows XP were a particularly vulnerable group.
What saved these firms, ultimately was that they had backups, something which emphasises the importance of thinking through a plan B should this type of malware strike.
After breaking cover last September, CryptoLocker was finally broken earlier this summer after an unprecedented takedown of the bot used to distribute it by a clutch of security firms and the FBI.
If CryptoLocker’s reign of terror is over – it is even now possible to decrypt individual files on a dedicated website – other forms of ransom malware still stalk Internet users.