CryptoLocker is an increasingly popular form of ransomware which encrypts electronic data files, making them impossible to access by their original user. It will encrypt files which we really need and have spent a lot of time working on, from our text files to our game saves, going through our most important business data.
Once our files are affected, they emerge as a different encrypted format, making it impossible for us to open those files, instead showing as corrupted and unusable. The person responsible for infecting our files will then send us a ransom note / email asking us to pay a fee if we want to get our data back in an unencrypted format.
Infecting a RAID system
Whilst RAID is a virtualized system, it is still possible for ransomware to make its way through one of its drives and then get duplicated across other drives on the array. For example, a lot of RAID systems will have removable hard drive trays so that a drive can be removed and taken by staff to work on another site than the office.
If someone inadvertently downloads a CryptoLocker virus onto that drive and then replaces it into the RAID system, the array will build its database based on that drive and in the process it will spread the virus across every drive in the array, potentially corrupting all the data on our RAID system.
Recovering from CryptoLocker
The truth is that more often than not, most companies are unable to recover from such virus. Of course if your RAID system is affected, you should consult a RAID recovery company as they might still be able to partially recuperate some unaffected data across all the drives in the array.
Furthermore, some tools have been made available on the internet which can help restore some of your files to a previously backed up version. Regular file backup programs such as CrashPlan can help to ensure our files get regularly backed-up so that previous versions can be accessed. This is more of a preventive measure than a solution.
It is worth noting that software such as Malewarebytes can remove the CryptoLocker virus from infected computers, but unfortunately it does not recover the infected files themselves. So sadly, the matter of fact remains: if there are no existing previous unaffected copies of the files, then files affected by CryptoLocker will be difficult, if not impossible to recover
Prevention is key
The only true ways to avoid being a victim of the CryptoLocker ransomware is by using good prevention. Keeping spare copies of our files on a separate drive is a best practice all around, though of course it is not always allowed by certain workplaces. But at least when it comes down to individuals, the best advice is to back up our data onto a drive which is separate from our main system.
And finally, viruses often come from low security websites such as file sharing services providing pirated movies and music; amongst with other content which is not safe for work. Viruses mostly get caught by people so enforcing strict staff web browsing guidelines, as well as good staff training should limit those unfortunate instances.
As with a lot of problems, taking the right preventive measures is the best solution, as there is no 100% solution when it comes to ransomware.