What is Cryptolocker? (& Why You Should Still Care in 2022)
Cryptolocker hasn't been making news recently, but do you suddenly have to worry about it throwing a comeback session like famous 90's pop stars?
We interviewed Peter Swarowski, ITS' Director of Operations, to clarify if Cryptolocker is still a relevant threat in 2022 and what's the latest news in cybersecurity. ITS, as a Managed IT Service Provider (MSP) focusing on Cybersecurity solutions, relies on his expertise to keep our clients safe from data breaches.
We'll go over his answers and help you understand:
- What is Cryptolocker?
- Is Cryptolocker still a threat?
- What are current threats to watch out for?
- How can you prevent these threats from attacking you?
And by the end of this article, you'll be better prepared to repel cybercriminals from your business's valuable data.
What is Cryptolocker?
There are two different definitions of Cryptolocker, according to Swarowski.
1. Cryptolocker Definition (Mid 2013 - 2014)
Cryptolocker, in mid-2013, was a specific piece of malware that would encrypt files and hold them ransom.
"So back in 2013 to 2014, Cryptolocker was very opportunistic," Swarowski said. "It would get on a machine and trick somebody into downloading or running it and then it would encrypt what it could on that machine. It would usually look for certain files like image files, word documents - stuff like that."
He noted that Cryptolocker was more focused on individuals. But it didn't take long for tech-savvy criminals to jump on this opportunity to develop it for larger targets.
"Over time," he said, "they increased in sophistication, and Cryptolocker - and cyber crime - became much more of a mature market. So it grew. More talented crypto experts said they could improve it, then built a business around it. They began doing ransomware as a service," Swarwoskyi said grimly.
It sounds just as horrifying as you think it sounds. Hackers would build software based on Cryptolocker's original methodology and then create playbooks for people who bought into their scheme. They'd target larger and larger organizations and hit big paydays on businesses desperate to get their data back.
Due to this sophisticated business model, Cryptolocker developed its second definition.
2. Cryptolocker Definition (Present)
Now, Cryptolocker is generally used as a shortcut for ransomware - particularly "crypto locking ransomware."
Cybercriminals will extort individuals and organizations by holding their data hostage.
"Bad actors get into a network to encrypt files," Swarowski said, "and then hold the decryption keys ransom to say, 'Hey, you need to pay me!' Then they'll give you decryption keys to get your business back up and running."
Is Cryptolocker Still a Threat?
On one hand, Swarwoski said businesses don't need to worry about Cryptolocker-specific malware.
On the other hand, companies - whatever their size - absolutely need to worry about data getting encrypted and being held ransom.
"That risk," he said, "has only increased exponentially over the years. Many different groups of bad guys exist, and they've only gotten better at what they do. They've recently started doing double extortion. So, they not only encrypt your data, but before they encrypt it, they'll steal it."
Once hackers have your data, during negotiations, they'll threaten to sell it on the internet if you don't pay their asking price. Depending on your industry, this can ruin your business.
What are current threats to watch out for?
Cryptolocker, now commonly referred to as ransomware, is still a booming industry and is expected to grow.
In 2022, According to Swarowski, Lockbit 2.0 had the highest attack percentages in the tech landscape. But other popular ransomware software exists such as:
Swarowski also warned that all businesses need to watch out for ransomware attempts. In fact, 70% of these ransomware attacks target small to medium-sized businesses (SMBs). So if you think your business is too small for hackers to target, think again.
"Sometimes businesses think hackers aren't interested in me when the reality is, they are," Swarwoski said. "Hackers may not be targeting you as an organization from nothing, but they may send out all kinds of phishing emails. They might get a hit and that initial access to the network."
When that happens, disaster strikes as most SMBs aren't prepared for extortion attempts. Without processes for ransomware attacks, businesses often give in to the hacker's demands or suffer the consequences of lost data, customer trust, and time.
How Can You Prevent Issues with Cryptolocker and Other Ransomware?
The best way to stop ransomware in its tracks is to have an adequate cybersecurity process in place. By following cybersecurity best practices, your defenses will put off hackers. Of course, they'll still try to breach your security - but they have a more challenging time and often move on to easier-to-hack organizations.
Don't make yourself an easy target; check if you follow these practices in your company:
1. Implement an engaging cybersecurity awareness program
Employees are the most significant security risk your organization has. A strong security awareness program is one of the best practices to keep your organization safe.
2. Follow a tried and tested cybersecurity framework
Unfortunately, if you're looking for the best tool to stop ransomware, you won't find it. According to Swarwoski, "There's no shortcut. There's no one tool or one system that does everything."
Instead, you want to find an industry-standard cybersecurity framework and have your IT personnel follow it.
Some examples of well-known frameworks are:
- The NIST Framework
- The CIS Guidelines
- The ISO 27K Framework
- The PDCA Cycle
- HIPPA Guidelines
All of these frameworks are a combination of the best cybersecurity practices. There isn't - strictly speaking - a best framework. Just one that works for your business.
Sometimes you'll have to follow multiple frameworks based on government regulations. For example, if you're in healthcare, you'll need to buff up your cybersecurity by following the HIPPA guidelines along with your other cybersecurity processes.
3. Get cyber insurance
Many businesses wonder if they need cyber insurance, and the answer to that question is always a yes. If you're in the healthcare, education, and finance sectors, you'll need this even more as those are the top three industries targeted by hackers in 2022.
It's even more important to choose the right kind of cyber insurance.
"You really want to go to people who are specialized in this and have their advice on what to do," Swarowski said. "You may end up in a terrible spot where you have to assume criminals stole everything."
And in this scenario, having a cyber insurance company coordinate with your IT staff is a priceless tool in your arsenal. They, along with your IT staff and - possibly - a third-party evaluator, can guide you through the process of getting back stolen data and money.
But all of these steps are useless if you don't…
4. Hire a strong IT team
Your team members are the foundation of your cybersecurity. Protecting your data is an uphill battle without a good team behind you. Ask yourself if you'd trust your current IT staff to keep your data safe and if they can recover your data if you're unlucky enough to experience ransomware.
If the answer to those questions is a "no", you need to get more capable IT staff quickly.
Need help protecting your business from Cryptolocker & ransomware?
Keeping information safe is easier said than done. Even though ITS focuses on cybersecurity solutions, we understand the struggle to keep data safe as there isn't a single point where you can say, "Hey, we're 100% protected now!"
It's a constant process that starts with pinpointing vulnerabilities in your systems. Begin a free network assessment and save yourself time from manually going through each part of your network infrastructure.