Crypto-Locker Virus. Make Sure You Backup.

Does this affect other PCs on your LAN - and what about Nas drives?
 
modchild said:
By the sounds of it you'd think it would be easy but there seems to be a grey area around it. They claim to be a 'service' to prove how vulnerable your computer is. I'd still call it extortion TBH as they are asking for money for an unwarranted service but the cash is paid to a third party I think so tracing them is still a problem. I'd like to come face to face with the barstewards though.

It definitely didn't come in with the flash drive as I'd used the same drive on 5 laptops and 3 desktops in the previous few days and they have had no problems with it and I've only had problems with the files that were copied from my computer in the couple of days before the virus struck.
Click to expand...

I don't think it is easy at all. Can you explain further?

You say: "unless you call them up and pay the $300 they ask for to decrypt your files then you'll lose them".

How do you CALL THEM UP?

Did you call them?

If you called what happened?

:thinking:
 
neil_g said:
It scans and encrypts all local and mapped network drives apparently
Click to expand...

So even a backup drive would get encrypted? That is pretty serious. --> Multiple off-site / off-line backups needed...

kestral said:
I don't think it is easy at all. Can you explain further?

You say: "unless you call them up and pay the $300 they ask for to decrypt your files then you'll lose them".

How do you CALL THEM UP?

Did you call them?

If you called what happened?

:thinking:
Click to expand...

Can you visit them and pay by CASH :love::lol:
 
kestral said:
I don't think it is easy at all. Can you explain further?

You say: "unless you call them up and pay the $300 they ask for to decrypt your files then you'll lose them".

How do you CALL THEM UP?

Did you call them?

If you called what happened?

:thinking:
Click to expand...




You get all the details of where to call, and the number, on screen when the virus activates. It lasts for a certain time, there's a countdown on the screen, and when it ends your files will encrypt. Even if you copy your files to another drive after the virus activates the copied files will also encrypt (that's how I got encrypted files on a flash drive as well).

I'd got backups on external drives of almost everything so I didn't lose a lot in the end but it's still extremely annoying. If I'd known how hard it would be to decrypt the files and I didn't have backups then I would seriously think about paying, but that option would rankle with me even more.
 
neil_g said:
from what ive read the files encrypt at activation however the countdown is where the decryption tool is removed from the computer.
Click to expand...

That would make more sense. Otherwise you could hard reset, boot linux and save all your files, and possibly kill the bug - a bit too "generous" to be true
 
neil_g said:
It scans and encrypts all local and mapped network drives apparently
Click to expand...

we have got two desktop PC,s the wifes and mine that I do my photos on
they use the same bt home hub to connect to the web but they are not networked to each other
If my wife picks up the crytolocker or something similar on her pc could it get onto my pc?
I am very careful but to be honest the missus is always on facebook and game sites so am a bit concerned
 
ahh thanks that's good to know:)
I do back up my files but it would still be a hassle to get something like that
 
Heard about this a few places....what's the usual attack vector?

Running Nod32 on all my domain machines, don't do anything silly with files i don't know etc...
 
I've even had some of the files I'd got on a flash drive encrypted and it wasn't even connected to the computer
Click to expand...
I don't claim to be an expert in malware propagation but this is a new one for me.
 
What this virus does or does not do to all or part of anyone's machine, hardly seems to be the point.

Why the people that created it are not actually in jail yet, amazes me.

All I can think is that it has affected a very small number of PC's..:shrug:
 
joxby said:
What this virus does or does not do to all or part of anyone's machine, hardly seems to be the point.

Why the people that created it are not actually in jail yet, amazes me.

All I can think is that it has affected a very small number of PC's..:shrug:
Click to expand...
Because they're largely anonymous, hiding behind proxies in countries that have no rules for things like this.
 
There are countries where extortion is a legal occupation ??

Maybe there is just no one to pursue them, or that the number of people affected does not justify a pursuit.

Whilst internet fraud, credit cards/wotnot is largely an insured loss and confidence tricksters a common sense failure, this goes a step further.
 
joxby said:
There are countries where extortion is a legal occupation ??

Maybe there is just no one to pursue them, or that the number of people affected does not justify a pursuit.

Whilst internet fraud, credit cards/wotnot is largely an insured loss and confidence tricksters a common sense failure, this goes a step further.
Click to expand...
Legal/illegal it doesn't really matter. Good luck catching these people in their originating countries (see link). Even if you could find them hiding behind anonymous proxies..
http://gigaom.com/2013/06/25/new-go...ountry-highest-rates-in-india-central-europe/
 
Can the crypto-locker virus break out of a Sandboxed browser?
 
20 years on the internet ... NO virus.. I ahve always for ever used TEXT only email.. I dont recieve anything accept ASCII and I dont click on anyhting.. I also dont use microsoft products to go online altough am on PC.. every hacker and his dog wants to attack microsoft..

At the end of the day these warnings are all well and good and I am not nocking them.. But for me its a bit like saying ..dont hand out your credit card details to strangers on the street.. Its just common sense isnt it?

Dont click on anything.. no matter how big they promise to make your thingy :)
 
I've even had some of the files I'd got on a flash drive encrypted and it wasn't even connected to the computer
Click to expand...
What this virus does or does not do to all or part of anyone's machine, hardly seems to be the point.
Click to expand...
If this virus can infect disks that are not connected in ant way to a computer then people need to know.
 
redsnappa said:
If this virus can infect disks that are not connected in ant way to a computer then people need to know.
Click to expand...

it can't because that's physically impossible - the usb stick concerned must have been in contact with the pc at some point between infection and lockdown
 
I had one of these randsomeware things a while back. Something along the lines of 'this computer had been used for illegal activities' and had a county police logo and whatnot on it. I used a program called kaspersky which cleared the lot off and was back to normal within a few hours and didn't loose a thing

Though you need a 2nd computer or a friend to download it and burn it to disk.

Iirc you have to go into your bios and change startup order to boot the disk first rather than from hard drive

Worth noting and trying if you ever get this!
 
NOD32 protects against this and all varients.
 
Unfortunately once you get the notice that your files have been encrypted it's far too late.

They're encrypted with a 2048 RSA encryption and you must have the private key to decrypt them, which only resides on the extortionists servers.

If you don't pay the ransom then at the end of 72 hours this key is erased from their servers and you are royally screwed!

So unless you detect the virus and destroy it before it encrypts your files then it's a case of pay them or lose all your files:

http://krebsonsecurity.com/2013/11/how-to-avoid-cryptolocker-ransomware/#more-22877
 
From what I've read cryptolocker may piggyback on malware that's already on your system. That may explain why it could lay low on a removable drive? I'd suggest that getting 1 or 2 antivirus programs that are highly rated but not your usual software & running them 'On demand', ie. not loading on start-up, would be a good idea. It's easy to think that because your usual AV software says you're clean then you must be virus free.
 
So the moral of the story is to have decent protection and back up regularly. As always. :)
 
You must log in or register to reply here.
Back
Top