Crypto Locker ransomware

[Tews]

I heard reports of a new piece of malware that is going around. This one is particularly nasty, It Encrypts all of the data on your drive and mapped network drives with a RSA 256 bit AES key. Once encrypted there is no way to decrypted. The only way to get the files back is from an off site backup (because if the backup drive is local it also gets encrypted) or to actually pay them the money in which they apparently decrypt your data.



Source... Crypto Locker - Virus, Trojan, Spyware, and Malware Removal Logs

Play it smart ... make regular backups of your system!!!

 

[Pauly]

WOW just read up on this and its a nasty piece of kit, just unplugged my raid NAS before leaving the office for the weekend

 

[Borg 386]

Play it smart ... make regular backups of your system!!!

Exactly!

http://www.sevenforums.com/tutorials/663-backup-complete-computer-create-image-backup.html

 

[lazarus2k]

My brother got this horrible virus at work and not only he but also a few other guys, it seems it was a targeted attack or smth. Really scary stuff. For those who have the same problem, I recommend using Shadow Explorer.

http://www.sevenforums.com/tutorials/132087-shadowexplorer-recover-lost-files-folders.html

Remove CryptoLocker virus and restore encrypted files

By the way, they were using fully updated antivirus software that didn't help. So, you may also want to use this tool:

CryptoPrevent | Computer Technician - PC Repair Software |Foolish IT LLC

Cheers!

 

[xunile]

I created a video describing some possible steps you can take to help prevent getting the CryptoLocker virus. It seems like most people infected get it through an email attachment which looks like a pdf. You can also mitigate the harm it does by having a good backup not connected to your PC as described in the previous posts in this thread. I got the info from the bleepingcomputer website's writeup on this virus.

Link to website: CryptoLocker Ransomware Information Guide and FAQ

 

[richnrockville]

As has been said so many times. BACKUP BACKUP BACKUP.

You can never have enough backups. Image backups are really important in cases like this.

Rich

 

[Diosoth]

And how much you want to bet that the people who do pay don't get their files unlocked?

 

[Jacee]

You may be interested in what (Grinler) Lawrence Abrams has to say .....

Soaring Bitcoin prices hurt the wallets of users paying CryptoLocker ransoms - News
And this http://krebsonsecurity.com/2013/11/cryptolocker-crew-ratchets-up-the-ransom/

the crooks behind this scam began easing their own rules a bit to accommodate victims who were apparently willing to pay up but simply couldn’t jump through all the hoops necessary in the time allotted.
“They realized they’ve been leaving money on the table,” Abrams said. “They decided there’s little sense in not accepting the ransom money a week later if the victim is still willing to pay to get their files back.”

 

[Faladu]

What are the known spread methods for getting this virus in the first place?

Example:
Running a big executable that does all the dirty work that was disguised or part of something else a user wanted?

 

[Jacee]

How do you become infected with CryptoLocker
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

source: CryptoLocker Ransomware Information Guide and FAQ

 

[grits]

Soooo, for someone that doesn't understand much of anything, nor has the equipment to do image & backup, do all you gurus agree that 'CryptoPrevent' would be the way to go?

 

[Layback Bear]

I don't think so. The bad guys would just encrypt their infection so the receiving person would think it's safe. When it's decrypted you get the infection.
I'm not a crypt expert but that is my thoughts.

 

[Callender]

Crypto Prevent is one solution

Hi, you could use Crypto Prevent - it looks like a decent solution but it can also block some legitimate apps so you'd need to know when to disable protection on a case by case basis.

You can create your own restriction policies like this:

Cryptolocker: How to avoid getting infected and what to do if you are - Computerworld

However, my preferred solution is to use the application whitelisting component of Secure Aplus (no antivirus version).

It allows a user to either choose to automatically block any digitally unsigned files from running or can be set to prompt the user for a choice of actions. In addition a user can define a trust level for any file by right clicking and choosing an option from the context menu.

There is also a very good script shield and you can add additional script containers.

One word of warning. If you use this method the initial scan of your machine will take some time.

Link if you wish to test drive: https://secureaplus.secureage.com/Main/release.php (No AV version).

FAQ (Application Whitelisting section is relevant):

https://secureaplus.secureage.com/Main/faq.php

In order for it to work you'd need to make sure that your email client and any plugin container is added along with any installed browsers and their plugin containers.

 

[xunile]

The best prevention is to not download email attachments, and definitely don't open any email attachments unless you know for sure who it is from and what they were sending. With that said, cryptoprevent is a nice extra layer of protection. It is still a good practice to have some kind of backup, preferably one that is off-site.