Skip to comments.CryptoLocker: A particularly pernicious virus
Posted on 10/24/2013 11:15:25 AM PDT by brityank
CryptoLocker: A particularly pernicious virus
Online attackers are using encryption to lock up our files and demand a ransom and AV software probably wont protect you.
Here are ways to defend yourself from CryptoLocker pass this information along to friends, family, and business associates.
Forgive me if I sound a bit like those bogus virus warnings proclaiming, You have the worst virus ever!! But theres a new threat to our data that we need to take seriously. Its already hit many consumers and small businesses. Called CryptoLocker, this infection shows up in two ways.
First, you see a red banner (see Figure 1) on your computer system, warning that your files are now encrypted and if you send money to a given email address, access to your files will be restored to you.
(Excerpt) Read more at windowssecrets.com ...
Good info, thanks!
I had this hit me. I reset the registry using the “restore” feature in Windows 7. Start in safe mode, then just reset the registry to a version previously saved. I went back 3 months.
Hope it helps somebody.
good article brityank...anybody know if sandboxie protects from this??
We got hit by this one. According to some victims, if you pay the money, they will decrypt your files as promised. Otherwise, you better hope that you have a backup, or you are screwed.
That might stop the virus from running on startup, but it won’t decrypt any files that the virus has encrypted already. It seems to target Word and Excel files, and Adobe PDFs in some variants, and will even encrypt networks shares, if the infected computer has enough permissions to modify files across the network.
Luckily, the virus author did not set the virus “warning” message to display only after the encryption routine finishes. So, if you eliminate the virus as soon as you see the pop-up, you can probably stop it before it gets through all of your files.
The virus targets data files. So if you are running in a sandbox or VM environment, sure, you can reset your OS and not be infected anymore. However, any data files that it has encrypted will still be encrypted.
So, what if I encrypt my files first?
Can they be re-encrypted?
Wow! Many thanks.
Public hangings are too good for the vermin perpetrating these crimes.
Whoever is doing that should be put away for life
Go read through the link that mreerm posted in #3.
It gives the following listing:
Almost as bad as the ObamaCare website
1. Back up frequently to an external drive that you turn off or disconnect afterward.
2. Keep personal data on removable media - thumb drives - and only keep temporary work copies on your hard drive.
3. If you get zapped by these clowns, slick your box, restore from your last backup and laugh at them.
Yes, an encrypted file can be encrypted again.
Does it break of you create that registry key and set the permissions so the virus can’t write to it?
and proceed is in order for me.
Knowing where the virus is likely to be hiding would be useful.
will this affect Linux?
if someone has this Virus and they pop in a Knoppix or whatever live disc, will they be able to go into the Windows registry files and delete this beast?
I hope that none of my fellow Mac users get or remain confident about our (to date) avoidance of these problems. Yes, Macs are more resistant BUT all it takes is someone persistent enough to find a vulnerability. I do FREQUENT external drive backups using Newer Technology Voyager SATA drive and rotating 3 HDs. Still, I have a fear that some morning I will wake the Mac and see a message such as this. Yes, I follow the sanitation rules but still you never can be 100%. What a world, the more capable we are, the worse we can be hurt!
Encrypted files are encrypted files. Linux will not help/.
But using Linux would reduce the risk of getting infected, to begin with. Note that the target vector is an “exe” (executable) that would require Wine to run on Linux. And WINE by nature would limit the infection to a sandbox: you wouldn’t lose any of your regular files to encryption.
Yes but doing Linux after the fact won’t help
That jumped out to me also.
As mreerm pointed out and I listed above, there are many paths through Open Office, various Media files, and .pdf-types to have others be so complacent and dismissive of the potential for future damage.
Yes. Like putting a lockbox in a lockbox.
Since that's obviously extortion, can't the company that receives the money be tracked down and busted?
A friend who is a computer consultant told me about this virus about a month ago.
I’m surprised there hasn’t been more news about this. It’s one of the worst viruses my friend has seen.
The FBI should be all over this. Oh, wait! There’s a lot more money in going after the Silk Road.
They are pretty clever about it. They only accept payments from prepaid credit cards to an online payment processor that seems hard to track them through.