Ransom Cryptolocker

how did we combat ransom cryptolocker

Client’s Challenge

A New York City company faced a modern date kidnapping – data cryptolocker. When the client tried to open any documents on their computer he could not. There was only a cold pop-up message on the screens:

(…)Your personal files are encrypted!(…) The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files… To obtain the private key for this computer, which will automatically decrypt files, you need to pay $500.

Their computers were attacked by Ransom.Cryptolocker, which is a Trojan horse that encrypts files and prompts the user to buy a password to decrypt them. The client was at a loss and after consulting the problem with his onsite only IT technician, he decided to pay the ransom of $500.

It solved the problem partially. Half of the files in the computer worked fine, but the other half suffered data loss and important information was missing.  Everyone in the company felt demoralized by this experience and needed a solid prevention plan to never deal with a similar issue again. They contacted AlfeNet to seek help in terms of lost data – see if we can retrieve it, as well as develop security plan for their network.

 

AlfeNet Solution

Our business is run by the motto “An ounce of prevention is worth a pound of cure.” That is why we invest in good up to date software that can detect any potential danger before harm is done or a hostage situation arises. The solution in this particular case was installation of Symantec Endpoint Protection Manager on every computer in the company so we can remotely monitor network security. We set up security groups and assigned user rights to establish these members can do within the scope of a domain. We also created stricter security rules.

 

Solution Highlights

  • End-to-end protection of all the internet accessible devices (laptops, desktops, tables, servers, messaging)
  • 24/7 network monitoring and 100% discoverability of malware, spyware and viruses
  • Protection against spam and phishing
  • Laptop and desktop backup and recovery (automated, event-driven backups)
  • Easy and cost efficient network security management

 

Measurable Business Results

The goal of protecting client’s network from any sort of external attack has been achieved. Our diagnostic software detects multiple potential threats weekly, however it is being fished out and removed from the system. The return on investment is about 70% (70 percent in savings compared to purchase of point products).

 

Equipment used

Software and Licensing:

  • Endpoint Protection 12.1.6 MP6 (Build 7061)