Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

CryptoLocker: A particularly pernicious virus
Wndows Secrets ^ | October 24, 2013 | Susan Bradley

Posted on 10/24/2013 11:15:25 AM PDT by brityank

CryptoLocker: A particularly pernicious virus

 

Susan Bradley

By Susan Bradley on October 24, 2013 in Top Story

Online attackers are using encryption to lock up our files and demand a ransom — and AV software probably won’t protect you.

Here are ways to defend yourself from CryptoLocker — pass this information along to friends, family, and business associates.

Forgive me if I sound a bit like those bogus virus warnings proclaiming, “You have the worst virus ever!!” But there’s a new threat to our data that we need to take seriously. It’s already hit many consumers and small businesses. Called CryptoLocker, this infection shows up in two ways.

First, you see a red banner (see Figure 1) on your computer system, warning that your files are now encrypted — and if you send money to a given email address, access to your files will be restored to you.

 


(Excerpt) Read more at windowssecrets.com ...


TOPICS: Computers/Internet; Education; Hobbies
KEYWORDS: hackers; hostage; internet; ransom
WS does a pretty good job of keeping tabs on the Microsoft stable, and cleaning up most of its crap!
1 posted on 10/24/2013 11:15:25 AM PDT by brityank
[ Post Reply | Private Reply | View Replies]

To: brityank

more info

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information


2 posted on 10/24/2013 11:28:44 AM PDT by mreerm
[ Post Reply | Private Reply | To 1 | View Replies]

To: mreerm

Good info, thanks!


3 posted on 10/24/2013 11:30:54 AM PDT by leapfrog0202 ("the American presidency is not supposed to be a journey of personal discovery" Sarah Palin)
[ Post Reply | Private Reply | To 2 | View Replies]

To: All

I had this hit me. I reset the registry using the “restore” feature in Windows 7. Start in safe mode, then just reset the registry to a version previously saved. I went back 3 months.
Hope it helps somebody.


4 posted on 10/24/2013 11:31:30 AM PDT by Tracker47
[ Post Reply | Private Reply | To 1 | View Replies]

To: brityank

good article brityank...anybody know if sandboxie protects from this??


5 posted on 10/24/2013 11:33:00 AM PDT by virgil283 (When the sun spins, the cross appears, and the skies burn red)
[ Post Reply | Private Reply | To 1 | View Replies]

To: brityank

We got hit by this one. According to some victims, if you pay the money, they will decrypt your files as promised. Otherwise, you better hope that you have a backup, or you are screwed.


6 posted on 10/24/2013 11:41:38 AM PDT by Boogieman
[ Post Reply | Private Reply | To 1 | View Replies]

To: Tracker47

That might stop the virus from running on startup, but it won’t decrypt any files that the virus has encrypted already. It seems to target Word and Excel files, and Adobe PDFs in some variants, and will even encrypt networks shares, if the infected computer has enough permissions to modify files across the network.

Luckily, the virus author did not set the virus “warning” message to display only after the encryption routine finishes. So, if you eliminate the virus as soon as you see the pop-up, you can probably stop it before it gets through all of your files.


7 posted on 10/24/2013 11:46:40 AM PDT by Boogieman
[ Post Reply | Private Reply | To 4 | View Replies]

To: virgil283

The virus targets data files. So if you are running in a sandbox or VM environment, sure, you can reset your OS and not be infected anymore. However, any data files that it has encrypted will still be encrypted.


8 posted on 10/24/2013 11:47:56 AM PDT by Boogieman
[ Post Reply | Private Reply | To 5 | View Replies]

To: brityank

So, what if I encrypt my files first?
Can they be re-encrypted?


9 posted on 10/24/2013 11:50:24 AM PDT by polymuser ("We have a right to debate and disagree with any administration!" (HRC))
[ Post Reply | Private Reply | To 1 | View Replies]

To: mreerm

Wow! Many thanks.


10 posted on 10/24/2013 11:52:37 AM PDT by brityank (The more I learn about the Constitution, the more I realise this Government is UNconstitutional !!)
[ Post Reply | Private Reply | To 2 | View Replies]

To: brityank

Public hangings are too good for the vermin perpetrating these crimes.


11 posted on 10/24/2013 11:57:46 AM PDT by Junk Silver
[ Post Reply | Private Reply | To 10 | View Replies]

To: brityank

Whoever is doing that should be put away for life


12 posted on 10/24/2013 11:58:33 AM PDT by GeronL
[ Post Reply | Private Reply | To 1 | View Replies]

To: brityank; rdb3; Calvinist_Dark_Lord; Salo; JosephW; Only1choice____Freedom; amigatec; ...

13 posted on 10/24/2013 11:59:29 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: polymuser

interesting question


14 posted on 10/24/2013 12:00:56 PM PDT by GeronL
[ Post Reply | Private Reply | To 9 | View Replies]

To: polymuser
So, what if I encrypt my files first?
Can they be re-encrypted?

Go read through the link that mreerm posted in #3.

It gives the following listing:


15 posted on 10/24/2013 12:01:40 PM PDT by brityank (The more I learn about the Constitution, the more I realise this Government is UNconstitutional !!)
[ Post Reply | Private Reply | To 9 | View Replies]

To: brityank

Almost as bad as the ObamaCare website

//kidding


16 posted on 10/24/2013 12:02:15 PM PDT by GeronL
[ Post Reply | Private Reply | To 1 | View Replies]

To: brityank
Some advice from a guy who has been around this block a few times:

1. Back up frequently to an external drive that you turn off or disconnect afterward.

2. Keep personal data on removable media - thumb drives - and only keep temporary work copies on your hard drive.

3. If you get zapped by these clowns, slick your box, restore from your last backup and laugh at them.

17 posted on 10/24/2013 12:12:02 PM PDT by Billthedrill
[ Post Reply | Private Reply | To 1 | View Replies]

To: polymuser

Yes, an encrypted file can be encrypted again.


18 posted on 10/24/2013 12:22:53 PM PDT by Boogieman
[ Post Reply | Private Reply | To 9 | View Replies]

To: brityank

tech bkmk


19 posted on 10/24/2013 1:14:54 PM PDT by Sergio (An object at rest cannot be stopped! - The Evil Midnight Bomber What Bombs at Midnight)
[ Post Reply | Private Reply | To 1 | View Replies]

To: brityank

Does it break of you create that registry key and set the permissions so the virus can’t write to it?


20 posted on 10/24/2013 1:21:03 PM PDT by tacticalogic ("Oh, bother!" said Pooh, as he chambered his last round.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: brityank
Wow, this looks like a real nasty virus. Hope it doesn't hit here, but I have everything backed up so if it does,

Format C:

and proceed is in order for me.

21 posted on 10/24/2013 2:24:40 PM PDT by ducttape45
[ Post Reply | Private Reply | To 1 | View Replies]

To: brityank

Knowing where the virus is likely to be hiding would be useful.


22 posted on 10/24/2013 3:06:50 PM PDT by JimRed (Excise the cancer before it kills us; feed & water the Tree of Liberty! TERM LIMITS NOW & FOREVER!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JimRed

will this affect Linux?

if someone has this Virus and they pop in a Knoppix or whatever live disc, will they be able to go into the Windows registry files and delete this beast?


23 posted on 10/24/2013 3:12:22 PM PDT by GeronL
[ Post Reply | Private Reply | To 22 | View Replies]

To: brityank

I hope that none of my fellow Mac users get or remain confident about our (to date) avoidance of these problems. Yes, Macs are more resistant BUT all it takes is someone persistent enough to find a vulnerability. I do FREQUENT external drive backups using Newer Technology Voyager SATA drive and rotating 3 HDs. Still, I have a fear that some morning I will wake the Mac and see a message such as this. Yes, I follow the sanitation rules but still you never can be 100%. What a world, the more capable we are, the worse we can be hurt!


24 posted on 10/24/2013 5:46:10 PM PDT by SES1066 (To expect courteous government is insanity!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: GeronL

Encrypted files are encrypted files. Linux will not help/.


25 posted on 10/24/2013 5:47:43 PM PDT by AppyPappy (Obama: What did I not know and when did I not know it?)
[ Post Reply | Private Reply | To 23 | View Replies]

To: AppyPappy

But using Linux would reduce the risk of getting infected, to begin with. Note that the target vector is an “exe” (executable) that would require Wine to run on Linux. And WINE by nature would limit the infection to a sandbox: you wouldn’t lose any of your regular files to encryption.


26 posted on 10/24/2013 6:41:13 PM PDT by mbj
[ Post Reply | Private Reply | To 25 | View Replies]

To: mbj

Yes but doing Linux after the fact won’t help


27 posted on 10/24/2013 6:59:28 PM PDT by AppyPappy (Obama: What did I not know and when did I not know it?)
[ Post Reply | Private Reply | To 26 | View Replies]

To: SES1066

That jumped out to me also.

As mreerm pointed out and I listed above, there are many paths through Open Office, various Media files, and .pdf-types to have others be so complacent and dismissive of the potential for future damage.


28 posted on 10/24/2013 8:28:51 PM PDT by brityank (The more I learn about the Constitution, the more I realise this Government is UNconstitutional !!)
[ Post Reply | Private Reply | To 24 | View Replies]

To: polymuser

Yes. Like putting a lockbox in a lockbox.


29 posted on 10/25/2013 4:39:34 AM PDT by AFreeBird
[ Post Reply | Private Reply | To 9 | View Replies]

To: Boogieman
According to some victims, if you pay the money,

Since that's obviously extortion, can't the company that receives the money be tracked down and busted?

30 posted on 10/25/2013 4:48:09 AM PDT by Hot Tabasco (Make sure you have removed the kleenex from your pockets before doing laundry)
[ Post Reply | Private Reply | To 6 | View Replies]

To: brityank

A friend who is a computer consultant told me about this virus about a month ago.

I’m surprised there hasn’t been more news about this. It’s one of the worst viruses my friend has seen.

The FBI should be all over this. Oh, wait! There’s a lot more money in going after the Silk Road.


31 posted on 10/25/2013 5:44:19 AM PDT by Rum Tum Tugger
[ Post Reply | Private Reply | To 1 | View Replies]

To: Hot Tabasco

They are pretty clever about it. They only accept payments from prepaid credit cards to an online payment processor that seems hard to track them through.


32 posted on 10/25/2013 6:18:52 AM PDT by Boogieman
[ Post Reply | Private Reply | To 30 | View Replies]

To: Ernest_at_the_Beach; ShadowAce; martin_fierro; AdmSmith; AnonymousConservative; Berosus; ...

Thanks brityank.


33 posted on 10/25/2013 6:54:28 PM PDT by SunkenCiv (http://www.freerepublic.com/~mestamachine/)
[ Post Reply | Private Reply | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson