Cryptolocker Ransomware Encrypts User Data For Extortion - Polidicks

[IMG]http://securityaffairs.co/wordpress/wp-content/uploads/2013/11/CryptoLocker-Ransomware.png[/IMG][IMG]http://cdn.blog.malwarebytes.org/wp-content/uploads/2013/10/assemcrypto.gif[/IMG] [quote=Malwarebytes] Spread through email attachments, this ransomware has been seen targeting companies through phishing attacks. Cryptolocker will encrypt users’ files using [URL="http://en.wikipedia.org/wiki/Public-key_cryptography"]asymmetric encryption[/URL], which requires both a public and private key. The public key is used to encrypt and verify data, while private key is used for decryption, each the inverse of the other. The bad news is decryption is impossible unless a user has the private key stored on the cybercriminals’ server. Currently, infected users are instructed to pay $300 USD to receive this private key. Infected users also have a time limit to send the payment. If this time elapses, the private key is destroyed, and your files may be lost forever. Source (Rest is really just an ad): [URL="http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/"]http://blog.malwarebytes.org/intelli...-need-to-know/[/URL] [/quote] Cryptolocker even runs across shared network folders and encrypts files. The ransom itself is paid through Bitcoin or MoneyPak's.

I've been reading about this stuff lately. It is maniacally genius.

The worst thing about this is, if the authorities shut down the servers that the criminals are using in an attempt to stop the fraud, they doom the computers that've been encrypted to unrecoverablility, even if the user pays the ransom, because the keys are now inaccessible. And unlike previous ransomware which was generally an annoyance if you knew a guy who could break the weak "encryption" on the files, [B]this crypto is done properly[/B], which means without that key, your shit is really gone.

[QUOTE=elixwhitetail;42930658]The worst thing about this is, if the authorities shut down the servers that the criminals are using in an attempt to stop the fraud, they doom the computers that've been encrypted to unrecoverablility, even if the user pays the ransom, because the keys are now inaccessible.[/QUOTE] Unless his encryption method was flawed, then the experts can break the encryption and offer a fix, which hopefully they won't charge for.

[QUOTE=frozensoda;42930666]Unless his encryption method was flawed, then the experts can break the encryption and offer a fix, which hopefully they won't charge for.[/QUOTE] Juuust faster than me. :v: I edited my previous post to include the detail that, this crypto seems to have been done right. That's what differentiates Cryptolocker from previous ransomware packages.

wow what a dick move

sorry guys

Since its using RSA it may be crackable if the RNG is bad, but if you get that thing you're most likely fucked

I love the fact that this have basically set the gateway for Bitcoins

luckily I got norton

[QUOTE=Desuh;42930762]luckily I got norton[/QUOTE] I've never put my faith in anti-virus, they are good yes, but common sense usually prevails.

You're only about two month late to post the story

[QUOTE=Thomo_UK;42930786]I've never put my faith in anti-virus, they are good yes, but common sense usually prevails.[/QUOTE] can common sense prevent against drive bys??

[QUOTE=LordCrypto;42930805]can common sense prevent against drive bys??[/QUOTE] yes thats why i never go outside

[QUOTE=LordCrypto;42930705]sorry guys[/QUOTE] I'll never trust your keys again!

[QUOTE=LordCrypto;42930805]can common sense prevent against drive bys??[/QUOTE] Yes! Adblock and Noscript can prevent all of this.

Only the more reason to constantly backup your important files.

Well considering it's per computer creating a private key for the data is probably not difficult and gaining control of the server will simplify that tenfold [editline]20th November 2013[/editline] [QUOTE=woolio1;42930847]Yes! Adblock and Noscript can prevent all of this.[/QUOTE] Not necessarily

Also, the fact that it's only spread by email attachments right now. Makes me wonder if it's not an .exe.

[QUOTE=woolio1;42931124]Also, the fact that it's only spread by email attachments right now. Makes me wonder if it's not an .exe.[/QUOTE] It is an exe. People simply don't read the file extension when they open file named freeporn.jpg.exe

[QUOTE=woolio1;42931124]Also, the fact that it's only spread by email attachments right now. Makes me wonder if it's not an .exe.[/QUOTE] There can be multiple strains, so one may be an Exe and another a PDF. I haven't done much research into cryptolocker, so I can't tell you much about it [editline]20th November 2013[/editline] [QUOTE=B!N4RY;42931168]It is an exe. People simply don't read the file extension when they open file named freeporn.jpg.exe[/QUOTE] No. Windows by default hides known file extensions like .exe. Blaming the user for this is stupid.

[QUOTE=B!N4RY;42931168]It is an exe. People simply don't read the file extension when they open file named freeporn.jpg.exe[/QUOTE] to be fair though, modern OS's don't have full file extensions view-able by default, which i think is really dumb but hey, take it how it is [editline]20th November 2013[/editline] welp ninjad

[QUOTE=Mike Tyson;42931174] No. Windows by default hides known file extensions like .exe. Blaming the user for this is stupid.[/QUOTE] Not entirely true on the windows part. Almost all browsers and email provider shows the full filename with full file extension when you're downloading an attachment. All new browsers also gives you a warning if you tries to open an exe downloaded from the internet, so yeah it's the user's fault for being ignorant.

[QUOTE=B!N4RY;42931222]Not entirely true on the windows part. Almost all browsers and email provider shows the full filename with full file extension when you're downloading an attachment. All new browsers also gives you a warning if you tries to open an exe downloaded from the internet, so yeah it's the user's fault for being ignorant.[/QUOTE] that is true, but that's UAC at work. Now you people see why disabling UAC is really silly

[QUOTE=B!N4RY;42931222]Not entirely true on the windows part. Almost all browsers and email provider shows the full filename with full file extension when you're downloading an attachment. All new browsers also gives you a warning if you tries to open an exe downloaded from the internet, so yeah it's the user's fault for being ignorant.[/QUOTE] Users self-train to ignore dialogs that get in the way of what they want and learn that by clicking OK or yes they can make them go away so they can do what it is they wanted. Like open up britney.spears.drunk.in.public.again.avi.vbs (480kb).

[QUOTE=Mike Tyson;42931275]that is true, but that's UAC at work. Now you people see why disabling UAC is really silly[/QUOTE] Really silly because I'm not stupid and think I can handle not opening shady programs?

always read dialogs, don't open suspicious attachments using a computer 101

i've had a handful of clients get this virus they were lucky - we run backups of their data every 3 hours another one of our clients got it today...we dont have a backup of her data she's mad at us like we got her the virus haha right fuck you bitch

First rule of security on the Internet: [B]If you didn't ask for it, don't take it.[/B] That means offers of $millions by widows of Nigerian banking princes, that means email attachments you were not expecting from people you were not expecting to receive that kind of attachment from (like "Tracy Lords nude anal CLICK.mp4" from your boss's boss's boss's SEC-monitored corporate account), that means strange codecs for video files claiming to be porn in popups, everything. This one really simple rule would cut down on a good 60% of all security horseshit. Then you start looking at exploits targeting the machine instead of the human, whole other topic.

[QUOTE=elixwhitetail;42931999]First rule of security on the Internet: [B]If you didn't ask for it, don't take it.[/B] That means offers of $millions by widows of Nigerian banking princes, that means email attachments you were not expecting from people you were not expecting to receive that kind of attachment from (like "Tracy Lords nude anal CLICK.mp4" from your boss's boss's boss's SEC-monitored corporate account), that means strange codecs for video files claiming to be porn in popups, everything. This one really simple rule would cut down on a good 60% of all security horseshit. Then you start looking at exploits targeting the machine instead of the human, whole other topic.[/QUOTE] For the current moment, it seems to be email attachment related, so its definitely 100% on the user to practice safe computing at this point.