In October of last year news broke about a new form of malware called Cryptolocker. This malware posed a particularly large threat to many business users and led to many quick and important security updates. Now, almost a year later, it appears that the second version of this – CryptoWall – has been released and is beginning to infect users.

What is Crypto malware?

Crypto malware is a type of trojan horse that when installed onto computers or devices, holds the data and system hostage. This is done by locking valuable or important files with a strong encryption. You then see a pop-up open informing you that you have a set amount of time to pay for a key which will unlock the encryption. If you don’t pay before the deadline, your files are deleted.

When this malware surfaced last year, many users were understandably more than a little worried and took strong precautions to ensure they did not get infected. Despite these efforts, it really didn’t go away until earlier this year, when security experts introduced a number of online portals that can un-encrypt files affected by Cryptolocker, essentially neutralizing the threat, until now that is. A recently updated version is threatening users once again.

Cryptolocker 2.0, aka. CryptoWall

Possibly because of efforts by security firms to neutralize the Cryptolocker threat, the various developers of the malware have come back with an improved version, CryptoWall and it is a threat that all businesses should be aware of.

With CryptoWall, the transmission and infection methods remain the same as they did with the first version: It is most commonly found in zipped folders and PDF files sent over email. Most emails with the malware are disguised as invoices, bills, complaints, and other business messages that we are likely to open.

The developers did however make some “improvements” to the malware that make it more difficult to deal with for most users. These changes include:

• Unique IDs are used for payment: These are addresses used to verify that the payment is unique and from one person only. If the address is used by another user, payment will now be rejected. This is different from the first version where one person who paid could share the unlock code with other infected users.
• CryptoWall can securely delete files: In the older version of this threat, files were deleted if the ransom wasn’t paid, but they could be recovered easily. In the new version the encryption has increased security which ensures the file is deleted. This leaves you with either the option of paying the ransom or retrieving the file from a backup.
• Payment servers can’t be blocked: With CryptoLocker, when authorities and security experts found the addresses of the servers that accepted payments they were able to add these to blacklists, thus ensuring no traffic would come from, or go to, these servers again. Essentially, this made it impossible for the malware to actually work. Now, it has been found that the developers are using their own servers and gateways which essentially makes them much, much more difficult to find and ban.

How do I prevent my systems and devices from being infected?

Unlike other viruses and malware, CryptoWall doesn’t go after passwords or account names, so the usual changing of your passwords won’t really help. The best ways to prevent this from getting onto your systems is:

• Don’t open any suspicious attachments – Look at each and every email attachment that comes into your inbox. If you spot anything that looks odd, such as say a spelling mistake in the name, or a long string of characters together, then it is best to avoid opening it.
• Don’t open emails from unknown sources – Be extra careful about emails from unknown sources, especially ones that say they provide business oriented information e.g., bank statements from banks you don’t have an account with or bills from a utilities company you don’t use. Chances are high that they contain some form of malware.

Windows 8.1 will be released on October 17, 2013, followed by a full launch on October 18, 2013.  Although Windows 8.1 is not a “new” operating system, the major updates created for 8.1 have made the upgrade more than a simple service pack.

Enterprise Benefits:

1.  Mobility

Windows 8.1 benefits a wider range of employees to include a combination of productivity and mobility.  IT can manage Windows 8.1 devices, such as desktops, laptops, and tablets, with a universal management client.

2.  Tablets

Enabled hardware for Windows 8  offers the option to have a standard operating system for enterprises, but allow individual users to select their device, such as desktops, laptops, and tablets, and have a consistent interface across these devices. 

3.  Application Development

Streamlining Windows 8.1 allow developers to design applications that can work across devices, such as desktops, laptops, tablets and smartphones.

4.  IT Support

To reduce the strain on IT resources for business mobility, standardizing on Windows 8.1 allows a majority of IT support to become simplified. 

5.  Total Savings

Standardizing on Windows 8.1 will reduce the cost for development, maintenance and support.  Also, reducing costs by eliminating licensing/support costs of a enterprise environment with varied devices.

6.  Restore Optimization

Windows 8.1 has the ability to restore factory settings for the operating system.  For all businesses, this is an advantage and a simple way to reduce costs and recover time for IT departments. 

7.  IT Operations

Windows 8.1 is a services pack for Windows 8 that includes new features, not just fixes.  Creating user documentation can be streamlined for Windows 8.1 for all applications.  Additionally, future service packs will follow in the footsteps of Windows 8.1 to include new features; then IT departments can frequently provide updates to user documentation.

8.  Reduced Confusion

To reduce user confusion, after a user joins to Windows Intune Management Service the user gains access to the Company Portal.  The company portal has access to the applications, data, and device settings.  Also, users can troubleshoot their own devices using the service desk self-help portal.

9.  Security

Microsoft is enhancing security with Windows 8.1 with Remote Business Data Removal and the new Internet Explorer.  Remote Business Data Removal provides control over encrypted data that can be wiped from any device.  The new Internet Explorer has Anti-Malware included to scan binary extensions to prevent infections.

10.  Education

Windows 8.1 offers an evaluation of current infrastructure, how to execute migrations plans and ways to educate users on how to use the new version.  Microsoft ends support for Windows XP on April 8, 2014, business should consider the option of upgrading to Windows 8.1. 

For more information regarding Windows 8.1 click here.