The CryptoLocker Ransomware virus has been making the rounds. It is a variant of malware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files. Here's how Datto partners were able to recover customer data after being hit with this malware.
What does “Crypt” mean to you? Until recently it may have brought up images of that creepy character from HBO’s Tales from the Crypt, or one of the many words that contain “crypt” such as encryption, cryptograph, or cryptical. No doubt today it takes on a different, more menacing meaning – it’s link to CryptoLocker.
The CryptoLocker Ransomware virus has been making the rounds. If you haven’t heard about it yet, and hopefully it hasn’t affected you, the U.S. Computer Readiness Team (US-CERT) defines CryptoLocker as a “variant of malware that restricts access to infected computers and demands the victim provide a payment to the attackers in order to decrypt and recover their files.”
I first became aware of CryptoLocker from the Datto Tech Support team. Chris Henderson, a member of our 24/7 support team, has successfully worked with multiple Datto Partners on their post-CryptoLocker data recovery. He also put me in touch with some of them so I could hear their successes first hand.
CorCystems and CryptoLocker
One of the Partners I spoke with about their experience is Pat DeMichele. Pat is a service manager with Connecticut-based CorCystems. Pat told me “Three of CorCystems clients’ have had to contend with the CryptoLocker virus. In most cases, as soon as the client called our tech support and once we were able to identify the files affected we were able were able to easily mount a restore point. With the Datto SIRIS/ALTO models installed it’s made it very easy to restore the data and maintain uptime.” To me, and I think for Pat as a solutions provider, a key component of the scenario is, “Providing Datto services has saved our clients a lot of money and heartache.”
CryptoLocker Hits Sound Technology Services Customers
Sound Technology Services, also located in Connecticut, had a similar experience. According to Brian Higgins, the owner of Sound, “One of my clients was hit by one of the first waves of the virus. Since CryptoLocker stores the list of files it encrypts in the registry of the infected machine, it is easy to mount a pre-infection backup and take the registry data and build a batch file to restore the original files from the Datto unit back to the server. “ The process took a less time than one might think. For Brian “[it took] approximately 20 minutes to build the batch file, and less than 45 minutes to restore only the encrypted files on a 250gb data store, and minimal interruption to the client. Another potentially disastrous situation turned into little more than a routine procedure, thanks to having proper protective measures (Datto in this case) in place.”
Have Your Customers Encountered CryptoLocker?
It’s great to hear our Partners’ success stories using Datto. They certainly also make a point to mention that they don’t experience the same positive results for their clients that don’t have Datto installed. Email me at firstname.lastname@example.org with your CryptoLocker stories.
You can check out Chris’ 4 Steps to Recover from CryptoLocker on the Datto site. Most importantly, Chris points out that “If there are ever any problems with the recovery we are here 24/7 to assist in any way possible.”
Holly Wainwright is Director of Marketing at Datto. Datto Inc. is an award-winning vendor of backup, data recovery (BDR) and intelligent business continuity (IBC) solutions, providing technology and support to more than 5,000 channel Partners throughout North America and Europe. Datto’s hybrid-cloud BDR/IBC technology provides instant on- and off-site virtualization of servers and workstations, serving the needs of small to medium-sized businesses.