Crab Alert – CryptoLocker

Crimson Crab have been warning about Cryptolocker for some time now.

CryptoLocker is a ransomware trojan which targets computers running Microsoft Windows. An attack can come from different sources for example disguised as a legitimate email attachment. When activated the malware encrypts certain file types stored locally and on mounted network drives. A message is then displayed offering to decrypt the data if payment is made by a deadline.

Fortunately two security firms are offering a tool to decrypt locked files which can be found at https://www.decryptcryptolocker.com/ please note that Crimson Crab can accept no liability for the use of tools provided by third party providers.

However, it is of paramount importance to maintain the security of confidential business information. If you handle data which can identify an individual and you decide the use to which that data is put (e.g. for marketing purposes or to provide a delivery address to a courier), then you have legal duties under the Data Protection Act.

The relevant duty in the case of CryptoLocker, is that of taking appropriate technical and organisational measures against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

This is where a well thought through, documented and most importantly implemented information security management policy comes into its own.

If you outsource the data handling to a third party you must make sure that they guarantee to take appropriate technical and organisational security measures, and you must take reasonable steps to ensure compliance with those measures.

In addition you need a written contract confirming that they will only act on your instructions in respect of data handling, and requiring them to take the appropriate technical and organisational measures.

This means that you need to carry out suitable and sufficient diligence before entering into an agreement and ensure that appropriate clauses are included in the agreement, it is inappropriate (and illegal) to let someone handle your data without a robust written agreement.

Data security breaches can be costly to fix, may make you liable for regulatory penalties and perhaps most significantly damage reputations.

Is your reputation at risk?

Not sure then please get in touch

This entry was posted in Crimson Crab and tagged , , . Bookmark the permalink.