IT and Business Insights for SMB Solution Providers

Safeguarding Data from the CryptoLocker Virus

Using a disaster recovery and business continuity solution from Axcient, two IT service providers helped several customers restore files after they were infected with the virus. By ChannelPro

The CryptoLocker virus is wreaking havoc on unsuspecting businesses, leaving them scrambling to access and recover their data. While the number of total infected companies is difficult to determine, the so-called ransomware virus-which encrypts files and requests payment from infected companies to provide the decryption key-is affecting companies nationwide. Two solution providers recently saved several of their clients from severe data loss resulting from this virus using a solution from disaster recovery and business continuity provider Axcient.

The CryptoLocker virus is often spread in email messages that include a PDF of a scanned image of a signature from an express delivery service, such as FedEx, or a note confirming a wire or money transfer. Once the PDF is opened, the encryption software targets specific extensions within files and folders on local and mapped drives. The user is then prompted to pay $300 to recover the files by a certain deadline. If the user does not pay, the files can't be decrypted and are rendered useless.

Ceeva, a Pittsburgh-based IT service provider and Axcient customer, aided several companies in restoring their files after learning that they were infected with the CryptoLocker virus.

"We recently received a call from an accounting firm, saying they couldn't open the files from one of its servers," says Rick Topping, vice president of sales at Ceeva. "We realized the files had been encrypted and there was no way to decrypt them. We also discovered that other companies had paid the ransom, but either never got the decryption key or the code didn't work. The only way to recover the client's files was to restore from backup. "

Like Ceeva, Phoenix-based MYTEK Network Solutions experienced the same situation with its customers. "In the past two weeks, we've had five customers come to us because their networks were infected with CryptoLocker," explains Theo Soumilas, senior account executive at MYTEK Network Solutions. "The virus doesn't discriminate against company size. Any user who unknowingly downloads it to his or her computer can quickly infect an entire network."

With the cost of downtime estimated to be an average of $163,000 per hour, according to analyst firm the Aberdeen Group, every minute counts. By using Axcient, Ceeva and MYTEK were able to restore more than 100,000 files that had been affected by the virus and get their customers back in business. The Axcient solution gives companies a hybrid solution in which an appliance protects data locally and then transmits it to the Axcient cloud for off-site protection. If needed, it is possible to do a failover of the server to the local appliance while restoring files, or to virtualize the server or the entire IT environment, in the Axcient cloud.

"We value our partnerships with MYTEK and Ceeva," says Justin Moore, CEO of Axcient. "These companies understand that backup alone is not enough in today's business environment. A true business continuity solution is the only way to ensure businesses can continue operating even when faced with a major disaster, be it fire, flood, or a raging virus."

Tips for Protecting Networks
Axcient suggests the following steps for IT providers to follow to avoid the potential dangerous financial impact that downtime from the CryptoLocker virus can have:

  1. Set up software restriction policies (SRPs) to block executable files from running in the areas where CryptoLocker launches itself.
  2. Ensure all servers and workstations are part of the backup schedule and that they are all running anti-virus programs. Schedule daily anti-virus updates and subscribe to news alerts from your anti-virus provider to be warned of the latest threats.
  3. Explain to clients that they should never open file attachments unless they have been scanned by their anti-virus solution.
  4. Help clients draft security policies with rules for connecting new devices to the network, password policies, and use of third-party software, among others. Educate customers on the different types of threats, including electronic and human. These actions are the best defense against security breaches and in preventing viruses.
  5. Suggest that security alerts, reminders, and policies be posted in high-traffic areas such as kitchens, hallways, and conference rooms.
  6. Craft a disaster recovery plan. Identify critical servers, workstations, and applications and draft a plan that addresses your clients' business needs for continuous operation.
  7. Implement a business continuity solution for full data and application protection. The ideal solution should allow you not only to do frequent backups, but also to failover and virtualize servers, locally and in the cloud, for maximum protection and to eliminate downtime.

About the Author

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.