Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Backup the best defense against (Cri)locked files


19 Nov 2013   #1
Microsoft MVP

64-bit Windows 8.1 Enterprise
 
 
Backup the best defense against (Cri)locked files

Quote:
Crilock also known as CryptoLocker is one notorious ransomware that's been making the rounds since early September. Its primary payload is to target and encrypt your files, such as your pictures and Office documents. All of the file types that can be encrypted are listed in our Trojan:Win32/Crilock.A and Trojan:Win32/Crilock.B descriptions.

Crilock affected about 34,000 machines between September and early November 2013.

Once Crilock encrypts your file types, they are rendered unusable. The malware shows a message that covers your desktop and demands you pay a ransom to have access to your files again. The ransom can be paid with various online currencies such as BitCoin, CashU, MoneyPak, Paysafecard, and Ukash. Once you pay, the malware author will supposedly give you back the private keys used in encryption. However, we don't recommend doing this as there is no guarantee that paying will lead to recovering your documents and, in effect, you're giving criminals some of your hard-earned money.
Read more at: Backup the best defense against (Cri)locked files - Microsoft Malware Protection Center - Site Home - TechNet Blogs

My System SpecsSystem Spec
.

19 Nov 2013   #2

64-bit Windows 8.1 Pro
 
 

My System SpecsSystem Spec
19 Nov 2013   #3
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Another good reason to make frequent images for the system and the data.
My System SpecsSystem Spec
.


19 Nov 2013   #4

Windows 7 Pro. 64/SP-1
 
 

I'm wondering why they can't track the money trail to catch who is doing this.
The good guy's know the methods of payment so their must be an account registered to somebody or some company to receive the funds. Follow the money as they say. When caught have a Sunday after church hanging. Make sure CNN and Alcazar has reporter there.
That should slow down this kind of thing being done so often.
My System SpecsSystem Spec
19 Nov 2013   #5
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

That would be a useful job for the NSA - rather than snooping on th pope and other dignitaries.
My System SpecsSystem Spec
19 Nov 2013   #6

Windows 7 Pro. 64/SP-1
 
 

I believe you got a great idea whs.
They could do it with no problem if directed to do it.

In my opinion NSA is needed but it needs to be controlled.
To the best of my knowledge NSA is under the guidance of the White House and the NSC. NSA's directives can change in a heart beat.
Some one gave orders to NSA to snoop on lets say the Pope.
I don't believe that NSA does things on a whim.
My System SpecsSystem Spec
19 Nov 2013   #7
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

I really don't know how they operate. But they sure stirred up a bee's nest in Europe. People are appalled and disgusted about their practices. But our goverments are in one boat with them. They even have offices at our airports and ports with boots on the ground. How could they be there without our goverment letting them.

I wonder what the the US public would say if our secret services were snooping on the US president and members of congress and had people screened (and often rejected to fly) by our services in US airports.
My System SpecsSystem Spec
19 Nov 2013   #8

Windows 7 64-bit, Windows 8.1 64-bit, OSX Maverick
 
 

The payment by Bitcoin and/or MoneyPack aren't easy to track, these are basically cash based transactions. At the current time NSA has no authority/capability to follow the money trace, either in the US and/or foreign countries.

They can eavesdrop on the chancellor, check airlines passenger lists in foreign countries, but believe it or not, the financial transactions aren't that easy to trace. Mainly for the reason that financial institutions do not cooperate without a court order, even then they'll challenge the court order first. They also encrypt their data, both locally and over the wire that pretty much useless for the NSA, even if it is captured. No, it's not a simple SSL based encryption...

The better option for people is to have NSA take down the command and control servers for CryLock and/or block access to them, if they are in foreign countries. Grabbing the hackers would even be better, but it is not always possible when these people are in foreign countries. Sending in the drones would be overdoing it...

While backups are good to have the files accessible, if Crylock hits, choose the backup options carefully. It will encrypt the data on the local and network drives as well. Depending on the settings for the system restore, it could be a viable option. The system restore files, by default, cannot be modified. But then again, Crylock is downloaded by a root kit on the system, that in theory could modify the ACL for the system restore files. If you want to get technical...
My System SpecsSystem Spec
19 Nov 2013   #9
whs
Microsoft MVP

Vista, Windows7, Mint Mate, Zorin, Windows 8
 
 

Quote:
At the current time NSA has no authority/capability to follow the money trace, either in the US and/or foreign countries.


Quote:
While backups are good to have the files accessible, if Crylock hits, choose the backup options carefully. It will encrypt the data on the local and network drives as well. Depending on the settings for the system restore, it could be a viable option. The system restore files, by default, cannot be modified. But then again, Crylock is downloaded by a root kit on the system, that in theory could modify the ACL for the system restore files. If you want to get technical...
The way to go is to put your images on an external disk that is disconnected when no imaging activity takes place.
My System SpecsSystem Spec
19 Nov 2013   #10

Windows 7 Professional X64
 
 

Quote   Quote: Originally Posted by Brink View Post
Quote:
Crilock – also known as CryptoLocker – is one notorious ransomware that's been making the rounds since early September. Its primary payload is to target and encrypt your files, such as your pictures and Office documents. All of the file types that can be encrypted are listed in our Trojan:Win32/Crilock.A and Trojan:Win32/Crilock.B descriptions.

Crilock affected about 34,000 machines between September and early November 2013.

Once Crilock encrypts your file types, they are rendered unusable. The malware shows a message that covers your desktop and demands you pay a ransom to have access to your files again. The ransom can be paid with various online currencies such as BitCoin, CashU, MoneyPak, Paysafecard, and Ukash. Once you pay, the malware author will supposedly give you back the private keys used in encryption. However, we don't recommend doing this as there is no guarantee that paying will lead to recovering your documents and, in effect, you're giving criminals some of your hard-earned money.
Read more at: Backup the best defense against (Cri)locked files - Microsoft Malware Protection Center - Site Home - TechNet Blogs
Exactly how I got back my comp after FBIMONEYPAK locked my comp!

Trueimage saved me again.
My System SpecsSystem Spec
Reply

 Backup the best defense against (Cri)locked files




Thread Tools



Similar help and support threads for2: Backup the best defense against (Cri)locked files
Thread Forum
Win 7 Backup while pc is Locked Backup and Restore
Logging into locked laptop causes Acronis backup fail Backup and Restore
All my files are locked? AHH!! General Discussion
Backup Drive Files Security Locked Backup and Restore
Backup files fail to backup files in Program Files Backup and Restore

Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 01:34 AM.
Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App
  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33