Skip to comments.Semi-VANITY : Prevention of New Virus sweeping the Interwebs: CryptoLocker
Posted on 10/26/2013 1:29:26 PM PDT by NoLibZone
Heads up and Prevention of New New Virus sweeping the Interwebs: CryptoLocker
CryptoLocker is a ransomware program that was released around the beginning of September 2013. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.
One Easy Solution:
The easy to use free tool to change group polices to block your Hard Drive from unauthorized encryption: http://www.foolishit.com/vb6-projects/cryptoprevent/
First I scanned the CryptoPrevent using VirusTotal.com to make certain its clean. It is.
Then I used MalwareBytes to make sure I an clean.
Then I ran a new restore point.
Then I ran the one click CryptoPrevent and tested. It worked.
Image of the little app dialogue:
(Excerpt) Read more at bleepingcomputer.com ...
Everything I care about is backed up in a second file on my hard drive, on two thumb drives that alternate from week to week, and if it’s not too sensitive in two email addresses. In no case would I pay extortion money to terrorists, unless the FBI asked me to do so to track and prosecute them (or to put a drone missile where it would do the most good - drone strike for cyber-theft? Yep!).
Sounds like Obamacare.
Because they probably don't have free time to go to Latvia or Russia or Turkey or Brazil or South Korea or wherever else the hackers may be hanging out at. And even if they did, it would almost certainly take longer for the Federal Geek Squad to track down the hackers than it would for the encrypted files to get automatically deleted from your computer.
A quick Google of “cryptolocker” seems to finger cryptolocker as malware too. How does CryptoLocker have any cred as one of the good guys? Just curious ...
sorry my bad, misread & mixed up cryptolocker & cryptoprevent. Argh! Hate when that happens ..
I can’t rely on the Fed or local Unions to protect me.
The better best is prevention.
Whihc is easy.
I certainly hope there are a ton of people working on this problem. I also hope they find the people doing this and throw them in prison.
I don’t really want to type that URL
The easiest way to prevent this is to do all of your internet surfing from a virtual PC. I’ve been doing this for about 4 years. Any time the Virtual system acts up. I shut it off, erase it and clone in a new untouched virtual system and continue. It takes 10 minutes to clone the backup OS and start over.
does this thing affect Linux?
Run as a limited user, set UAC to high, don’t mindlessly click links in email, don’t open attachments and think before clicking on a file that has one of the following attachments:
BAT Batch File
BIN Binary Executable
CMD Command Script
COM Command File
CPL Control Panel
EXE Executable Windows
INF Setup Information
JOB Windows Task
Scheduler Job File
JSE JScript Encoded File
MSC Microsoft Common
MSI Windows Installer
MSP Windows Installer
MST Windows Installer
Setup Transform File
PAF Portable Application
PIF Program Information
PS1 Windows PowerShell
REG Registry Data File
RGS Registry Script
SCT Windows Scriptlet
SHB Windows Document
SHS Shell Scrap Object
U3P U3 Smart Application
VB VBScript File
VBE VBScript Encoded
VBS VBScript File Windows
VBSCRIPT Visual Basic Script
WS Windows Script
WSF Windows Script
It also crypts attached drives.
What are you using? I’ve used VMware, but started using Virtualbox on a computer that wouldn’t run VMware. I’m liking Virtualbox a lot better as I use it more.
“prompts you to send a ransom of either $100 or $300”
so it’s the obamacare of viruses?
I'd really like to see some verification from trusted Freepers before I go and install this thing on all my family's computers.
Who ya gonna call? Obamabusters!
BFL, gonna come back to this if anyone confirms the tool is clean.
There was another ransomware “FBI virus” which held computers hostage claiming child porn, and unlocking it for money, too:
Here (among many places) are instructions: http://www.trishtech.com/2011/05/disable-file-encryption-in-windows-7-using-group-policy/
It's straightforward, and if you don't use encryption it should be set this way, anyway.
This is a case where I would be perfectly fine with the government hunting the scum behind this scam down and exterminating them. Painfully. They are pure scum.
McAfee Internet Security gives a warning about going to the website www.foolishit.com
Surely you jest.”
Ding, Ding, Ding! We have a winner!
Thanks, Fred. Much appreciated. I'll check it out.
I just fixed my lady friend’s laptop from this crypto virus-malwarebytes-trojan (whatever). The virus doesn’t disable Windows restore to earlier date, so I simply shutdown the computer (Ctrl+Alt+Del), pressed power-button at least 10 seconds because it Windows hanged, then boot to Safe Mode, restored Windows to earlier date, and DONE! I had to download her Malwarebytes Pro and did full scan.
Done and done! Thanks, FS. The simplest solution is often the best solution.
Does it only go after Windows 7?
This person needs be caught and summarily executed. In a public and painful manner. Preferably burned alive at the stake on the Washington Mall, with major live network feeds to the whole world.