I Think We Have a Crypto Virus, Now What?

I Think We Have a Crypto Virus Now What

One of the most dreaded events when it comes to cybersecurity is turning on your computer and finding a warning message that your computer has been infected with a virus.

This particular type of malware has caused hospitals, municipalities, and businesses of all kinds to have their operations come to a screeching halt because they were locked out of their critical files.

One form of ransomware is the Crypto Virus (also referred to as the CryptoLocker Virus). It typically enters a computer as a trojan horse and can come from a malicious file attachment in a phishing email or link to a site that does a drive-by download of the virus onto your computer.

If your business computers aren’t properly protected with network security, they can become infected with the Crypto Virus, and that infection can spread throughout your entire network.

Infection Warning Signs

Receiving an alert on your screen is typically the way that most people know they’re infected with the Crypto Virus. The alert will usually state that your computer is infected, your files are encrypted, and a ransom payment must be made to get the decryption key.

There will also often be a time limit, giving you a certain number of hours or days to pay the ransom with a warning that the files will be destroyed when time expires.

Other infection signs that you may notice before seeing the alert are:

  • Your computer slowing down unexpectedly
  • A “processing” sound that your PC is doing something in the background
  • The available space on your computer being reduced

What Does the Crypto Virus Do?

The Crypto Virus uses the process of asymmetric encryption to encrypt files on a device and make them unreadable by the user. It then seeks out more files to encrypt and will look for any hard drive or other connected media, including shared network drives, USB devices, external backup drives, etc.

It’s particularly dangerous because it also searches for files in cloud storage systems that the device may be connected to so it can encrypt those as well.

Users are basically locked out of all their files, causing major downtime and the associated costs of lost business and lost productivity, not to mention the price of restoration. 

The average ransomware demand is projected to increase 37% in 2020.

Cybercriminals have become emboldened due to the number of ransomware victims that pay to get the key to return access to their files. Over the last three years, the average ransom demand has continually increased:

  • 2018: $4,300
  • 2019: $5,900
  • 2020 (projected): $8,100

Here’s What to Do If You are Infected with the Crypto Virus

The Crypo Virus can quickly spread throughout a business network. Even if your Colorado business has employees distanced and working from home due to COVID-19, the ransomware can spread through any shared network drives or cloud accounts. So, you want to act quickly.

Here are the steps to take with infected devices.

Step 1: Disconnect and Isolate the Device

You want to try to cut off the ability for the Crypto Virus to spread to any other devices, so disconnect the infected device from the internet as well as any local area networks.

Step 2: Assess the Extent of the Virus Damage

Find out how far the encryption has gone and how many files/drives/cloud accounts may have been impacted.

Check all other devices in your business (computers, servers, mobile devices, local backup drives), your cloud storage accounts and cloud services.

Do not try to run a virus removal yet, because you could end up making it impossible to recover the files, if you don’t have a backup.

Step 3: Have a Professional Assess Your Options

Next, you’ll need to see what options you have to get your files back and your business back in operation. Many companies panic, and just pay the ransom before completing this step, due to the costs of being down.

Downtime can cost businesses over $10,000 per hour.

The fact is that paying the ransom should be the last resort, because there’s a good chance that the criminal won’t come through with their end of the bargain. There are cases of Crypto Virus attacks where the decryption key did not work to restore the files.

Best case scenario is that you have a full backup of the files that were encrypted.

Step 4: Removal & Restoration (If You Have a Backup)

If you have a file backup, then you’ll want to have an IT professional (like B-Comp Services) do a malware removal to get rid of all traces of the Crypto Virus, then do a system restore from your backup program.

If you don’t have a backup, then you may have to deal with losing those files and needing to recreate them. You can pay the ransom if you have no other option, but just be aware that this may not work to get your files back, and it encourages the attackers to keep doing what they’re doing.

Step 5: Protect Your Business from Being Hit by Ransomware Again

Ransomware like the Crypto Virus are often introduced via email phishing attacks, so you want to put strong safeguards in place to protect against phishing and ensure your business is resilient.

These safeguards include:

  • Employee phishing awareness training 
  • Firewall and Advanced Threat Protection (ATP) on network & devices
  • Strong antivirus/anti-malware protection for computers
  • Anti-phishing email protections (like those in Microsoft 365)
  • DNS filtering to block malicious websites
  • Reliable cloud-based backup and recovery system for all business data

Keep Your Business Protected from Ransomware Attacks

Protect your business from a devastating ransomware attack by working with B-Comp Services. We can ensure you have safeguards in place to avoid the Crypto Virus as well as multiple other online threats.

Contact us today for a free security consultation at 303-282-4934 or through our contact form.