Cryptolocker Ransomware Encrypts User Data For Extortion - Polidicks

[QUOTE=Electrocuter;42930913]Only the more reason to constantly backup your important files.[/QUOTE] Newer versions of this will actually actively look for network accessible drives and encrypt them too. If you don't unplug the backup drive and still have read/write permissions to it, you may still be fucked.

[QUOTE=Zephyrs;42932099]Newer versions of this will actually actively look for network accessible drives and encrypt them too. If you don't unplug the backup drive and still have read/write permissions to it, you may still be fucked.[/QUOTE] And that's why it's important to make three backups on in at least two different locations. e.g. the cloud, or offsite storage (take a hard drive, throw it in a safety deposit box at the bank, rotate backup drives weekly). If your house burns down, sure, that's great that you had a NAS, but the NAS was in your basement and is now just so much charcoal like everything else. If you're smart, you pre-encrypt before sending to the cloud. Obviously, if you're a consumer, the cloud is not the solution if you are backing up like 50GB of new data every week. And if it isn't automated, it won't get done. :v:

Once the full ramifications of state-aided virus production become clear, this user-safety point will be moot. They basically handed over the keys to the kingdom with stuff like Flame, or stuxnet. I'm sure they put controls in to stave such an event, but if history has taught us anything, it's that the crackers WILL find a way. Those viruses are so advanced it's unreal. Combine the delivery power of a virus like that with the sheer difficulty of breaking this encryption, and you have got a recipe for the most damaging outbreak of viruses ever.

[QUOTE=Thomo_UK;42930786]I've never put my faith in anti-virus, they are good yes, but common sense usually prevails.[/QUOTE] Yeah, except without AV you'll never know if you have a virus anyway, so your method has no ground to stand on. I mean, whatever floats your boat, but that's essentially stating that you know that Schrodinger's cat is alive for fact, even though you never opened the box.

This thing has affected several businesses around the world and it probably only accepts bit coins which is worth a lot in today's Internet market.

Older versions of this had a vulnerability where the exe (or some dll associated with it) had the keys stored as plaintext inside of it. Meaning you could open it in notepad and find the key if you knew what it looked like.

i'm p sure if you had shadow copies enabled correctly on windows you may be able to recover some data after shit like this [editline]20th November 2013[/editline] and not to mention it spreads by email attachments by shit like "hello.jpg.exe" - seriously? i thought this was a long-gone problem now. don't email clients and shit have some sort of defense against suspicious attachments like this?

[QUOTE=Mike Tyson;42931275]that is true, but that's UAC at work. Now you people see why disabling UAC is really silly[/QUOTE] UAC, as in, UAC from DooM? Or UAC as in, UAC from Vista/7/8? Oh Christ, please spare me. I felt the urge to make that stupid joke. Won't happen again. I promise.

Well some people are certainly going to jail for a long, long time.

[QUOTE=garychencool;42932697]This thing has affected several businesses around the world and it probably only accepts bit coins which is worth a lot in today's Internet market.[/QUOTE] Actually bitcoins were added as a payment option later. It was at the time charging 2 bitcoins, which was the cheapest of the available options. Then they went up in price. I don't know what, if any, changes were made beyond that.

I know there was/is a virus sent over skype that affected SL users. the file name used the right to left override character so the file name looked like screenshot_1223rcs.png but it was actually a scr executable.

Thats just terrifying... And genius. And [I]terrifying.[/I]

Can't they just trace where the payment is being sent to?

[QUOTE=Adamhully;42938393]Can't they just trace where the payment is being sent to?[/QUOTE] I think the whole point of bitcoins is that you can't do that.

[QUOTE=Helix Snake;42938403]I think the whole point of bitcoins is that you can't do that.[/QUOTE] You can actually perfectly track bitcoin transactions But you can just use a mixer to swap your bitcoins out for someone elses, bam, clean

The best anti-virus is a disassembler. Just analyze executables you download from sources you don't know are trustworthy.

[QUOTE=GoldenGnome;42931772]always read dialogs, don't open suspicious attachments using a computer 101[/QUOTE] Its not always that simple... you could get a virus that encrypts your shit by just browsing casually, never downloading anything or clicking anything suspicious. Those browser exploits are usually circulating through pop-up ad systems that get triggered when you click anywhere on a webpage, even highlighting text. Its some sort of system thats embedded on to the ad page. It scans your browser for vulnerabilities such as flash,java, and a load of others. Then it decides which exploit to use to deliver and execute the payload on the computer silently without the user noticing anything.

[QUOTE=TNOMCat;42938778]Its not always that simple... you could get a virus that encrypts your shit by just browsing casually, never downloading anything or clicking anything suspicious. Those browser exploits are usually circulating through pop-up ad systems that get triggered when you click anywhere on a webpage, even highlighting text. Its some sort of system thats embedded on to the ad page. It scans your browser for vulnerabilities such as flash,java, and a load of others. Then it decides which exploit to use to deliver and execute the payload on the computer silently without the user noticing anything.[/QUOTE] I haven't heard of an actual browser exploit in a very long time. Just don't let your browser automatically run Flash/Java/whatever else and you're good.

[QUOTE=Altimor;42938801]I haven't heard of an actual browser exploit in a very long time. Just don't let your browser automatically run Flash/Java/whatever else and you're good.[/QUOTE] It actually happened to me a few months ago when I was searching for some info. I was just browsing, some annoying ad popped up, closed it immediately and after about 5 minutes when browsing casually suddenly full-screen ransomware out of nowhere. instant force-shutdown by holding power button, safemode boot, noticed it had used some strange file type in startup folder and I used that path in it to remove it. Found bits of it in appdata and various places aswell. Luckily it didn't actually encrypt anything. and I was using IE9 with java by default. And had latest Avast. After that I moved to chrome and removed java from all browsers....

RogueAmp did a video on this [video=youtube;D4t1rr7BBbM]http://www.youtube.com/watch?v=D4t1rr7BBbM[/video] I get really paranoid whenever my computer does something completely unexpected, especially when I get things like obscure BSODs. I keep regular backups onto a drive that's usually not connected and I have a plan for when things totally fuck up. I wish some people I knew were that careful.

We've had two clients hit by it about a month and a half ago, within a week of each other. Both came in an email attachment that was spoofed to look like it came from someone in the company. They fake emails from UPS, Fedex, Banks, Payroll companies. You really cannot blame the user for this. In both cases, it was simply easier and more cost effective to pay the ransom then wait for days for a back up to completely restore. One of my worst encounters with an infection.

That's why I back everything up on an external drive.

[QUOTE='[sluggo];42939060']That's why I back everything up on an external drive.[/QUOTE] Just make sure its not mapped to a network drive if you get infected. Its not smart enough yet to find hidden network shares and unmapped ones too, as far as im aware.

[QUOTE=Frankiscool!;42939041]We've had two clients hit by it about a month and a half ago, within a week of each other. Both came in an email attachment that was spoofed to look like it came from someone in the company. They fake emails from UPS, Fedex, Banks, Payroll companies. You really cannot blame the user for this. In both cases, it was simply easier and more cost effective to pay the ransom then wait for days for a back up to completely restore. One of my worst encounters with an infection.[/QUOTE] Try ShadowExplorer, shadow copies are on by default in windows

[QUOTE=TNOMCat;42938778]Its not always that simple... you could get a virus that encrypts your shit by just browsing casually, never downloading anything or clicking anything suspicious. Those browser exploits are usually circulating through pop-up ad systems that get triggered when you click anywhere on a webpage, even highlighting text. Its some sort of system thats embedded on to the ad page. It scans your browser for vulnerabilities such as flash,java, and a load of others. Then it decides which exploit to use to deliver and execute the payload on the computer silently without the user noticing anything.[/QUOTE] Those require specific exploits to work. The only one that comes to mind was the one circulating through exploits in Adobe PDF readers in 2010 through ads. You didn't even have to click on the ads for your system to get infected. Other than that (and these types of exploits get a LOT of publicity) practicing common sense means you'll likely never get viruses. I haven't used an anti-virus product since 2009 and I've never gotten a virus or malware.

[QUOTE=SPESSMEHREN;42939636]Those require specific exploits to work. The only one that comes to mind was the one circulating through exploits in Adobe PDF readers in 2010 through ads. You didn't even have to click on the ads for your system to get infected. Other than that (and these types of exploits get a LOT of publicity) practicing common sense means you'll likely never get viruses. I haven't used an anti-virus product since 2009 and I've never gotten a virus or malware.[/QUOTE] How do you know? A good virus is one that isn't noticed.

[QUOTE=Tobba;42939090]Try ShadowExplorer, shadow copies are on by default in windows[/QUOTE] Thats... good to know... How the hell did i not know about that?

[QUOTE=Frankiscool!;43125395]Thats... good to know... How the hell did i not know about that?[/QUOTE] Really, Frank?

[QUOTE=TNOMCat;42938778]Its not always that simple... you could get a virus that encrypts your shit by just browsing casually, never downloading anything or clicking anything suspicious. Those browser exploits are usually circulating through pop-up ad systems that get triggered when you click anywhere on a webpage, even highlighting text. Its some sort of system thats embedded on to the ad page. It scans your browser for vulnerabilities such as flash,java, and a load of others. Then it decides which exploit to use to deliver and execute the payload on the computer silently without the user noticing anything.[/QUOTE] As long as you keep your system up to date then you shouldn't have any issues with 0-day browser exploits. Exploiting browsers is harder than you think unless you never update your software.

Had a friend who worked at a small company where the server got hit with this. Luckily the previous month they had just finished installing a backup system that goes online at a set interval, backs up the data on the server and then promptly goes offline again. Needles to say it saved the company's ass, and was a wake-up call on that the security system were flawed.