A group of security experts from the group Malware Must Die have failed in their attempts to take down command and control nodes associated with the CryptoLocker malware.
The security experts from the group created a list of 138 domains that are associated with the communication channels for the malware. Damballa which is an anti-botnet company claimed that the majority of the domains were suspended but despite this, the CryptoLocker malware was quickly revived.
Adrian Culley who is a technical consultant at Damballa claims that he isn’t surprised that the CryptoLocker malware was quickly revived as the efforts by the group Malware Must Die would have proved to be more effective with post takedown analysis.
Culley stated, “It is no surprise that the announcements of the death of CryptoLocker appear to have been somewhat premature. An essential part of the process is post-takedown analysis, which may turn out to be a post-mortem, or a triage of the zombie remnants of a botnet, or may indeed confirm that the botnet is very much still alive and kicking.”
Culley added, “It is essential to undertake this analysis post any sinkholing activity which does appear to have happened in this instance. CryptoLocker appears to have the same resilience as many other C&C based attacks. Efficient post-mortems lead to better surgery and this is just as true of botnet remediation as it is medically.”
So far, the CryptoLocker malware has affected thousands of people. It generally arrives in an email in a .zip attachment. This contains an executable file which is disguised as a PDF. If this executable file is opened and successfully runs, the data on the drive and any other connected LAN drives is encrypted. Once encrypted, there is no other way to decrypt the data unless a payment is made to obtain a private key that will decrypt the data again.
Jason Glassberg who is the co-founder for security firm Casaba believes that common sense plays a huge part in ensuring that the malware doesn’t affect your company or computer.
Glassberg stated, “Like any other piece of malware, common sense goes a long way. The critical thing is it’s not going to install files by itself. You have to initiate some action.”
Malicious coders are continuously developing more sophisticated methods of attack which is making it harder for companies to ensure that their data remains secure. Therefore, the importance of having a robust backup solution in place is vital. Such instances where utilising a replication product as a means of a backup can prove to be very dangerous. If your data becomes encrypted by the CryptoLocker malware and is then replicated, you will not be able to restore your data in its previous state. This will leave you to either pay to get the private key that decrypts your data or to accept that you cannot recover your data.
Are you afraid of the CryptoLocker malware? Do you utilise a robust backup solution?