Skip to comments.CryptoLocker: A particularly pernicious virus
Posted on 10/24/2013 11:15:25 AM PDT by brityank
CryptoLocker: A particularly pernicious virus
Online attackers are using encryption to lock up our files and demand a ransom and AV software probably wont protect you.
Here are ways to defend yourself from CryptoLocker pass this information along to friends, family, and business associates.
Forgive me if I sound a bit like those bogus virus warnings proclaiming, You have the worst virus ever!! But theres a new threat to our data that we need to take seriously. Its already hit many consumers and small businesses. Called CryptoLocker, this infection shows up in two ways.
First, you see a red banner (see Figure 1) on your computer system, warning that your files are now encrypted and if you send money to a given email address, access to your files will be restored to you.
(Excerpt) Read more at windowssecrets.com ...
Good info, thanks!
I had this hit me. I reset the registry using the “restore” feature in Windows 7. Start in safe mode, then just reset the registry to a version previously saved. I went back 3 months.
Hope it helps somebody.
good article brityank...anybody know if sandboxie protects from this??
We got hit by this one. According to some victims, if you pay the money, they will decrypt your files as promised. Otherwise, you better hope that you have a backup, or you are screwed.
That might stop the virus from running on startup, but it won’t decrypt any files that the virus has encrypted already. It seems to target Word and Excel files, and Adobe PDFs in some variants, and will even encrypt networks shares, if the infected computer has enough permissions to modify files across the network.
Luckily, the virus author did not set the virus “warning” message to display only after the encryption routine finishes. So, if you eliminate the virus as soon as you see the pop-up, you can probably stop it before it gets through all of your files.
The virus targets data files. So if you are running in a sandbox or VM environment, sure, you can reset your OS and not be infected anymore. However, any data files that it has encrypted will still be encrypted.
So, what if I encrypt my files first?
Can they be re-encrypted?
Wow! Many thanks.
Public hangings are too good for the vermin perpetrating these crimes.
Whoever is doing that should be put away for life
Go read through the link that mreerm posted in #3.
It gives the following listing:
Almost as bad as the ObamaCare website
1. Back up frequently to an external drive that you turn off or disconnect afterward.
2. Keep personal data on removable media - thumb drives - and only keep temporary work copies on your hard drive.
3. If you get zapped by these clowns, slick your box, restore from your last backup and laugh at them.
Yes, an encrypted file can be encrypted again.
Does it break of you create that registry key and set the permissions so the virus can’t write to it?
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.