Foration Blog

3 tips for detecting a CryptoLocker attack

Paul Weeden

Written by Paul Weeden

Founder & Managing Director at Foration. IT and technology fixer.

[fa icon="clock-o"] 7 December 2016 [fa icon="user"] Paul Weeden [fa icon="folder-open'] email security, cyber-attack, malware, CryptoLocker, Cybersecurity

If you’re not already aware, then CryptoLocker is a particularly nasty piece of malware with the potential to cause major disruption and heavy costs to your business.

Often referred to as ransomware, CryptoLocker has the ability to lock you out of the data on your system, until you pay a ‘ramsom’ for decryption. Meaning, in many instances, a near total shut-down of operations, and an expensive resolution. Not to mention the threat of significantly compromised data.

As you can therefore imagine, giving yourself the best chance to detect an attack of this kind should be a matter of high priority. In this article, we’ll examine some of the indicators for which you should be on the lookout.

File Extensions

CryptoLocker malware is embedded within files which, once opened, will infiltrate your system to disastrous effect. Recognising and quarantining or deleting these suspicious files is key to detecting and protecting your network from attack.

With CryptoLocker attacks on the increase then the number of new erroneous file extensions is constantly rising. This makes it imperative that your anti-virus software is frequently kept up to date, ensuring that it can pick up the latest threats.

The Spear-Phishing Threat

Spear-Phishing remains a major threat to your IT network, with the alarmingly high figure of 93% reported to contain some form of ransomware virus. This particular threat has grown especially prevalent thanks to more subtle, nuanced style attacks.

Attacks that are targeted specifically at a job within an organisation, with an unremarkable appearance, seemingly no different to other emails that the employee might encounter during the say. An HR manager receiving a bogus job application with an infected file posing as a CV, for instance.

A combination of effective, up-to-date anti-phishing software plus the increased education of users can help detect such threats, ensuring checks are run on ALL files from unknown sources, prior to opening.

Detecting Suspicious Behaviour

When files are opened and shared across the system, there will be a ‘normal’ pattern of behaviour within the network. For instance, a simple network file share is unlikely to cause that file to be renamed. Therefore, if these files are being renamed then it’s a clear indication that something is amiss within the system.

Putting into place network monitoring tools that can identify this type of irregular activity provides an early warning sign that CryptoLocker or a similar variant is present, allowing an opportunity to take urgent action to prevent it encrypting critical data.


The rise of the CryptoLocker and variant ransomware threat to business IT networks is something that needs to be taken with the utmost levels of importance. If your files become encrypted, then the chances are that you will have to pay up or lose them forever.

With this in mind, we strongly advise an ongoing strategy of detection and protection. Ensure that you have in place up-to-date and robust anti-malware and anti-phishing software, as well as effective network monitoring tools.

In addition, take preventative action to ensure that, should the worst occur, then your business critical data is retrievable. Regularly backup data to an external location, ideally an online cloud-based system away from your Windows software (which have the potential to become encrypted).

Fundamental to all of this, however, is the importance of raising awareness and education to these risks within the users of the network. Reiterating good practice such as NEVER opening files from an unchecked, unknown source and promoting a general sense of caution and daily vigilance.

Good practice, common sense and effective, updated security measures are the keys to ensuring you’re not the next CryptoLocker victim.

Email Security Diagnostic from Foration

Paul Weeden

Written by Paul Weeden

Founder & Managing Director at Foration. IT and technology fixer.

Subscribe to our Blog

Recent Posts