Since CryptoLocker attacks network attached drives even in the Cloud, we have to focus on a backup plan that provides a point-in-time restoration rather than a revision restoration. Additionally, even though the virus itself is easy to remove, we have to focus on early detection. Below are our additional safeguards that we suggest adding to your computer system.
Point-in-time restoration: Since this threat can encrypt any files that are shared even those in the Cloud or on a server, an offline backup is essential. Since most backups today are disk-to-disk, we suggest rotating disk backups between two or three devices. This means getting an additional NAS or USB drive to swap out at least twice a week. We already recommend a three-tiered backup approach – local data redundancy, data backup to media and offsite storage, but additional drives that serve as offline storage is essential for this particular threat. Our Cloud backup solution, Mozy Pro, is good protection as it creates daily images that are stored for 90 days
Early detection: Add MalwareBytes or HitmanPro real-time protection to every computer on your network that receives email or connects to another computer. This will run in the background and report if the CryptoLocker virus has been downloaded by reporting the registry entry.
Prevention option: Removal of local administrator rights from all or selected users is a strong prevention option, but it does impact the way you work with your computer. For instance, if you remove local administrator rights the user will not be able to install programs or printers.
Without getting too technical, I want to let you know how to add to your protection for this very malicious threat. There have been many victims that have paid the ransom as they have no other option to recover their data. This threat is so serious that it cannot be ignored.
If you would like more information on protection options, please email me at firstname.lastname@example.org.