What is a crypto virus?
A crypto virus is a type of ransomware virus like Locky or Cryptowall that encrypts files on a compromised computer and demands a ransom in return for a decryption code.
How does the crypto virus work?
Crypto virus attacks are usually initiated when a user clicks a link in an email for a malicious website or opens a malicious attachment that appears to be an invoice, shipping notice, a fax report or a Word document. Once the crypto virus is launched, it encrypts a large number of files on a user's computer or on servers, hard drives and other storage devices throughout the organization.
To decrypt the data, attackers demand a ransom, which often comes with a deadline. Attackers may threaten to delete the victim’s files, if they do not pay the ransom within the set timeframe.
Even if the victim follows the attacker’s demands, there is no guarantee, that the attacker will provide the decryption key, and it may encourage further attacks instead.
What are some types of crypto viruses?
Common types of crypto viruses include:
- Locky – Locky, also known as Locky Ransomware, typically arrives as an email with an attachment that looks like gobbledygook. Once the attachment is opened, the Locky ransomware gets saved to the victim’s drive and encrypts files which may include Office files, videos and images amongst others. The victim then receives instructions on how to pay a ransom, to get their files back.
- Cryptowall – the Cryptowall virus uses a Trojan horse to encrypt files on a compromised device. It is typically launched via spam email, a malicious online ad, a compromised website, or another from of malware. When executed, Cryptowall encrypts any files on the drive with specific extensions and leaves files with instruction for how to pay the ransom and acquire the decryption key.
- Cryptolocker – Cryptolocker works similarly to the previous examples. After the harm is done, the user sees a message, informing them that the files have been encrypted and how to pay the ransom to get the decryption key.
How to identify a crypto virus attack?
Identifying a crypto virus attack can be challenging, but there are several signs you can look out for, that indicate your device might have been infected:
- Suspicious emails – always be cautious about suspicious emails that you may receive and make sure to report them to your security team.
- Changes to file names – if you notice that file names have been changed or that you’re unable to access specific files, it might be a sign, that your system has been infected.
- Pop-up messages – if you receive suspicious pop-up notifications, demanding a ransom payment, chances are high, that you’ve fallen victim to a crypto virus.
- Unusually slow device performance – if your device seems to have issues with its performance, such as high bandwidth usage or you notice unusual network activity, it may indicate a crypto virus attack.
How to defend against a crypto virus
Crypto virus attacks are on the rise, with as many as 4,000 attacks each day and more than $1 billion in ransom paid each year, as estimated by the U.S. government.
The cost of a crypto virus is much higher than the ransom paid to regain access to files – the loss of productivity and potential loss of data also adversely affect the bottom line.
To protect against ransomware, you need a multi-layered approach that focuses on preventing attacks as well as mitigating the effect of successful crypto virus attack. That's where Mimecast comes in.
Stop a crypto virus with Mimecast
Mimecast provides industry-leading solutions for email security, archiving and continuity, delivered via a cloud-based subscription service that lets you achieve resilience in the face of crypto virus attacks and other advanced threats.
Mimecast email security services offer tools to fend off viruses, malware, spam and data leaks, as well as advanced threats like phishing, spear-phishing, impersonation fraud and ransomware.
To enable ransomware prevention, Mimecast scans the URLs in every incoming and archived email, every time a user clicks on a link. If the destination website is deemed to be suspicious based on Mimecast's advanced threat intelligence, the link will be blocked and the user will not be able to load the site.
Mimecast also scans attachments and preemptively sandboxes any file that appears to be malicious. Alternately, if a user requires faster access to files attached to email, Mimecast can transcribe an attachment to a safe format and deliver it to the user without delay.
Mimecast tools to recover from a crypto virus
Despite best efforts, sometimes users or security measures may fail to detect ransomware in an email. When an attack is successful, Mimecast reduces the cost and damage by providing access to data held in an off-site archive. With multiple, encrypted copies of email, files and IM conversations stored in Mimecast's secure cloud archive, administrators can quickly recover from an attack and provide users with access to copies of email and files that the crypto virus may have encrypted.
Learn more about defeating a crypto virus with Mimecast and about Mimecast tools for training end-users in Cryptolocker prevention.