30 Nov Protect against Cryptolocker with MDaemon and BackupAssist
Cryptolocker is making the headlines for all the wrong reasons at the moment.
In the run up to Christmas where there’s likely to be a plentiful supply of email purchase confirmations flowing, I wanted to share my recommendations for keeping your data safe and secure.
What is Cryptolocker?
This new form of virus (actually a trojan-horse) known as ransomware, arrives by email with an attached zip file, usually containing a PDF with a hidden double extension (.PDF.EXE). When opened, the virus encrypts your hard disk, your network shares, Dropbox (you name it basically!) and effectively holds it at ransom until you agree to pay an extortionate release fee using the virtual currency BitCoin.
How can I protect against it? Our recommendations.
- Back up everything ‘off line’ to a location not connected to your network* see update – we of course recommend using BackupAssist as it supports removable USB drives, RDX and tape destinations (free 30-day trial).
- If you use MDaemon email server, follow the instructions below to ensure your settings are optimised for best protection.
- Be doubly sure your antvirus software and security patches are fully up to date.
- Be security savvy – don’t open any unsolicited emails, particularly if they contain attachments. If it’s from a provider you know such as Amazon or Paypal for example, log in to your account where possible to check the information you’re receiving correlates with the action you’re being asked to perform.
How to tighten your MDaemon email server security settings
There’s a general trend in ‘spammy’ email that message sizes are growing but particularly with Cryptolocker attacks the files tend to up to a few hundred KB’s in size. For this reason, we recommend you raise the limit of the size of messages MDaemon will review to 500KB. This creates a small amount of additional resource overhead but it’s so marginal it’ll barely be detectable.
Recommendation 1: Increase your spam detection limit to 500KB
GO TO: Security -> Spam Filter -> Options
Simply enter 500 in the ‘Don’t filter messages larger than‘ box, click Apply and then Ok.
.Recommendation 2: Increase the frequency of antivirus updates
Because of the rapidly morphing nature of the Cryptolocker attacks, we’re advising you reduce the update window on virus definitions for best protection.
GO TO: Security -> AntiVirus -> AV Updater -> Scheduler -> AntiVirus Updates –> Schedule
If you’re not yet using any spam and virus pre-filtering service or the SecurityPlus add-on for MDaemon, I’d highly recommend you make sure that becomes an absolute priority.
I hope you found this useful – I will of course update you with any new developments that might be helpful.
- “We’re making too much money” Cryptolocker scum cut rates (theregister.co.uk)
- 7 things you need to know about BitCoin (pcworld.com)
- National Crime Agency Alert (nationalcrimeagency.gov)
- Seeing spam in MDaemon and unsure how to stop it? (zensoftware.co.uk)
- Spike in virus infected emails – take extra care (zensoftware.co.uk)
– – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – – –