Page 43 - index
P. 43
This kind of infection does not just occur to individuals but also to companies whose servers have
been infected, making the original data impossible to recuperate as the infection takes place on a
root level. As a result, the virus then gets spread to as many computers within the company as it
can infect, resulting in many inaccessible files and a very high ransom demand.
What can be done about CryptoLocker?
CryptoLocker is a very difficult virus to get rid of and once caught, the likelihood of recuperating the
original data is close to zero. This is unless the user has kept spare copies of their data in an
unaffected separate drive. The idea is to keep spare copies of the original files before the infection
takes place, as there is very little which can be done after the files are infected.
There are however instances where services such as Kroll Ontrack file recovery where able to
recuperate and salvage some files from CryptoLocker infected hard drives. This can be seen in their
blog here. It shows the case of a pharmaceutical company who got 46 of their hard drives affected
by the virus because of one of their employees miss-handling their personal data and visiting
unsafe websites.
In this case, the targeted company used a file system called the Netapp WAFL file system, which
creates checkpoints of the data by saving different instances of those files overtime. This allowed
Kroll Ontrack to recuperate older versions of the files which enabled them to access the original
unencrypted copies of the files.
Since then, some tools have been made available on the internet which can help restore some of
your files to a previously backed up version.
Regular file backup programs such as CrashPlan can help to ensure our files get regularly backed-
up so that previous versions can be accessed. This is more of a preventive measure than a
solution.
43 Cyber Warnings E-Magazine – September 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
