The role of email hygiene in CRYPTOLocker / CryptoWall prevention

Ransomware must be one of the most disgusting type of threat organisations are facing today. We’ve all heard stories of small businesses being hit by CryptoWall or CryptoLocker and having to pay a ransom in Bitcoins to some unknown and far away, yet very well organized, criminals. In fact, Ramsomware is the fastest growing class of malware. As of late June 2015, the FBI said it accounted for more than 18 million US dollars in paid ransoms. And this is just the tip of the iceberg as most organisations will not declare losses to law enforcement.

Mitigation costs for a Ransomware attack are high. It’s either a full restore process from a good and recent backup – you all do backups, right? – or worse, payment of the ransom. Although Crypto deciphering tools are starting to emerge, the magic pill does not yet exist.


But how is it that Crypto-type malwares make it to our desktops in the first place? Well, it is usually through good old emails, your number one infection vector and security threat. Classic Anti-Virus softwares have problems with Ransomware. Criminals are morphing their Ransomware variants faster than AV can keep up. 0-hour malwares can then pass undetected. Sometimes executable files are camouflaged as PDF documents, zipped files or other common file formats.

A good prevention strategy is to block any form of executable files to reach your network. This approach will be able to stop 0-hour threats, before AV signatures become available. There is no good reason why two normal users would have to share executable files. If those users are IT professionals, then they very well know that there are other alternatives to safely transfer files, especially large ones.

Here at ZEROSPAM we’ve put a lot of effort into recognizing any kind of executable content and automatically placing it in quarantine, never reaching the network perimeter of our customers. Files can be renamed, zipped in a zip within another zip and their extension tampered with, we will still recognize the true nature of the file. This has allowed us to save thousands of Ransomware infections and this way, protect our customers from one of the most virulent and lethal form of malware existing today.