Crypto Locker ransomware

Tews · 13 Sep 2013

I heard reports of a new piece of malware that is going around. This one is particularly nasty, It Encrypts all of the data on your drive and mapped network drives with a RSA 256 bit AES key. Once encrypted there is no way to decrypted. The only way to get the files back is from an off site backup (because if the backup drive is local it also gets encrypted) or to actually pay them the money in which they apparently decrypt your data.

Source... Crypto Locker - Virus, Trojan, Spyware, and Malware Removal Logs

Play it smart ... make regular backups of your system!!!

**Pauly** · 13 Sep 2013

WOW just read up on this and its a nasty piece of kit, just unplugged my raid NAS before leaving the office for the weekend

Borg 386 · 13 Sep 2013

Tews said:

Play it smart ... make regular backups of your system!!!

Exactly!

Backup Complete Computer - Create an Image Backup

lazarus2k · 23 Oct 2013

My brother got this horrible virus at work and not only he but also a few other guys, it seems it was a targeted attack or smth. Really scary stuff. For those who have the same problem, I recommend using Shadow Explorer.

ShadowExplorer - Recover Lost Files and Folders

Remove CryptoLocker virus and restore encrypted files

By the way, they were using fully updated antivirus software that didn't help. So, you may also want to use this tool:

CryptoPrevent | Computer Technician - PC Repair Software |Foolish IT LLC

Cheers!

xunile · 26 Oct 2013

I created a video describing some possible steps you can take to help prevent getting the CryptoLocker virus. It seems like most people infected get it through an email attachment which looks like a pdf. You can also mitigate the harm it does by having a good backup not connected to your PC as described in the previous posts in this thread. I got the info from the bleepingcomputer website's writeup on this virus.

Link to website: CryptoLocker Ransomware Information Guide and FAQ

richnrockville · 12 Nov 2013

As has been said so many times. BACKUP BACKUP BACKUP.

You can never have enough backups. Image backups are really important in cases like this.

Rich

Diosoth · 14 Nov 2013

And how much you want to bet that the people who do pay don't get their files unlocked?

Jacee · 14 Nov 2013

You may be interested in what (Grinler) Lawrence Abrams has to say .....

Soaring Bitcoin prices hurt the wallets of users paying CryptoLocker ransoms - News
And this http://krebsonsecurity.com/2013/11/c...up-the-ransom/

the crooks behind this scam began easing their own rules a bit to accommodate victims who were apparently willing to pay up but simply couldn’t jump through all the hoops necessary in the time allotted.
“They realized they’ve been leaving money on the table,” Abrams said. “They decided there’s little sense in not accepting the ransom money a week later if the victim is still willing to pay to get their files back.”

Faladu · 16 Nov 2013

What are the known spread methods for getting this virus in the first place?

Example:
Running a big executable that does all the dirty work that was disguised or part of something else a user wanted?

Jacee · 16 Nov 2013

How do you become infected with CryptoLocker
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

source: CryptoLocker Ransomware Information Guide and FAQ