The Wall
Forum / THE MAIN WALL / CryptoLocker malware
  • Post a Reply to this Thread

    CryptoLocker malware (27 Posts)

  • Mark Eatherton Mark Eatherton @ 7:45 PM
    Contact this user

    CryptoLocker malware

    Wallies, My work PC has been infected by a malware called CryptoLocker. It encrypts ALL of your files so that you can not gain access to them. It holds your PC ransom fro 72 hours, giving you time to get the $300 ransom together. If you don't act within the 72 hours, your files are lost forever.

    I had a hard drive connected to my PC for backup, and guess what, you got it, it infected the back up drive as well!

    Needless to say, I am pissed, and embarrassed. I know exactly where it came from. My recently retired co-worker has all of her wok emails being directed to my email address.

    Every day at midnight Eastern time, I get my list of "quarantined" emails. In perusing them, I saw one addressed to her from a Xerox Copy machine, from iapmo.org which is what our organization uses for interoffice scans. I knew she was waiting for something from HR, so I decided to check and see if it was the document she was waiting for, and clicked on it. and BOOM, Cryptolocker got me...

    In in ALL of my 30+ years of using PC's. this is the first time I've ever been hit.

    I am sick....

    Anyone?

    ME
    It's not so much a case of "You got what you paid for", as it is a matter of "You DIDN'T get what you DIDN'T pay for, and you're NOT going to get what you thought you were in the way of comfort". Borrowed from Heatboy.
  • Steam_Starter Steam_Starter @ 8:02 PM
    Contact this user

    Crap...

    I just read about this today in an AP article.

    Unfortunately, there is nothing that you can do besides pay it using Greenbox or Bitcoins.

    These hackers absolutely suck....
  • Steam_Starter Steam_Starter @ 8:02 PM
    Contact this user

    Oops..double posted

    This post was edited by an admin on November 6, 2013 8:03 PM.
  • TonyS TonyS @ 1:28 PM
    Contact this user

    Bitcoin

    Sorry to hear that Mark, All I can say is if they are worth 300 bucks ...pay it.
    The federal reserve is not happy with bitcoin, it threatens dollar hegemony. At the same time if you invested in bitcoin when it started you made quite a bundle.
    If I had to guess, your part of a major false flag, perpetrated to rally people to back the government with whatever is necessary to eliminate Bitcoin.
    http://www.zerohedge.com/news/2013-03-21/us-begins-regulating-bitcoin-will-consider-virtual-transactions-money-laundering

    Search Bitcoin in zerohedges search box for some amusing reading.
    As for your files, use a detachable flash drive for backup and physically remove it when done backing up.
  • Dan Holohan Dan Holohan @ 2:29 PM
    Contact this user

    Mark,

    I subscriber to Carbonite. Everything on my PC is in their cloud. If I have a problem they send me a hard drive with everything on it, including all the programs. Worth it. 
    Site Administrator
    dan@heatinghelp.com













    Hug your kids.
  • conversiontime conversiontime @ 4:21 PM
    Contact this user

    nasty one and copycats will follow

    I do not recommend paying the ransom but depending on value of locked files then do what you feel is best. The fact is once encrypted these files are lost, even relying on the digital mafia to "decrypt" after payment is risky. There is a free preventative measure called crypto prevent by foolishIT but have not used it.

    Copycats will follow as this has upped the malware arms race and is a very profitable code. All must get into the habit of regular/daily backups of all important files to external (and unattached unless backing up) or cloud drives. Big talk I know but really you must always treat digital drives as one second away from total, irrecoverable failure.
    This post was edited by an admin on November 7, 2013 4:22 PM.
  • Mark Eatherton Mark Eatherton @ 6:49 PM
    Contact this user

    Thanks to everyone for their recommendations...

    I paid the ransom, and they released the files.

    What a PITA. I still have to send my PC back to corporate HQ's to have IT go over it with a fine toothed comb.

    Travel safely out there. There are pitfalls around every corner.

    ME
    It's not so much a case of "You got what you paid for", as it is a matter of "You DIDN'T get what you DIDN'T pay for, and you're NOT going to get what you thought you were in the way of comfort". Borrowed from Heatboy.
  • TonyS TonyS @ 11:47 PM
    Contact this user

    Hard to believe

    All the recent revelations about the NSA and their super abilities to snoop on everyone and everything and they can seem to find a couple of low life hackers who are stealing millions of dollars from thousands of people.
    Sometimes you just have to sit back and laugh Mark...take it in stride!
  • BobC BobC @ 8:11 AM
    Contact this user

    Wear a raincoat

    They are probably in the former soviet union client states or asia where the governments ignore them until they hit the wrong computer. The only protection against something like this is multiple backups.

    I use a mac as my primary computer and Time Machine backs up the computer every morning at 8:30, I can restore to any day I want for the last 30 days and once a month behind that (subject to the capacity of the backup drive) - that means any single file or the entire hard drive. I also have another drive that i use every couple of weeks with a different backup software as a backup to the backup and that drive is turned on ONLY when it's backing up. Hard disks can fail at any time, be ready for it.

    The hard drive on my 3 yr old 27" iMac died last week so I bought it into apple and they replaced the drive (for free because of a supplier problem they had when the machine was built). I got the machine back and restored my computer to where it was the day before the disk died in about 2 hours.

    It's just like the army where there was a box of rubbers beside the weekend pass rack - we all have to protect ourselves from whatever lurks out there.

    stay safe,

    Bob
    Smith G8-3 with EZ Gas @76,700 BTU, Single pipe steam


    Vaporstat with a 12oz cut-out and 4oz cut-in


    3PSI gauge
  • TonyS TonyS @ 2:11 PM
    Contact this user

    3 days after your post

    http://www.zerohedge.com/news/2013-11-09/bitcoin-touches-400-senate-starts-asking-questions-does-fed

    Its getting boringly obvious who infected your computer, so obvious I stopped wearing my tin hat. LOL
  • Tim McElwain Tim McElwain @ 8:27 PM
    Contact this user

    I have recently had

    the "FBI" virus and after that the "ICE" virus. My computer service was able to clean my hard drive and remove them. I absolutely refuse to pay any of these crooks who lurk on the Internet to sabotage. I am somewhat susceptible to these virus's as I communicate with several of my minister friends who are missionaries in Africa and also the Philippines. I now have a new protection which should block these from  entering my computer by automatically kicking my computer into "Safe Mode". Then I can go back a few days and restart the computer seems to work most of the time. My mistake like Marks is clicking on something I think is perfectly innocent.
  • Tim McElwain Tim McElwain @ 8:30 PM
    Contact this user

    I should mention

    I also use an off site backup and that is how my computer folks can reset my hard drive, it is worth paying for that service.
  • ChrisJ ChrisJ @ 8:35 PM
    Contact this user

    Antivirus

    Mark and Tim,

    Are you gentlemen running an antivirus program and if so may I ask which one?

    I have not had any machines effected running MS Security essentials but I'm wondering that is what either of you are running.  If so I may need to beef something up.

    Mark, hopefully they can clean your machine and ensure whatever caused this is definitely gone.  You don't need to locking everything again even though you paid.
    Weil-McLain EG-45 connected to 392sqft of radiation via two 2" risers into a 3" drop header and 2" equalizer. Using Rectorseal Steamaster water treatment to greatly reduce corrosion in the boiler.


    Boiler pictures.
    https://picasaweb.google.com/thetube0a3/Boiler?authkey=Gv1sRgCImUxIqv9436MQ#
  • Tim McElwain Tim McElwain @ 8:46 PM
    Contact this user

    I have a very sophisticated anti-virous

    rather not mention the name e-mail me at gastc@cox.net and I will give you the name. By the way it will not block these viruses as they are designed to find a way around your security. That is what makes them so nasty. I also have systems to block malware, ad ware and other types of invasive stuff. These things seem to be able to go right around security systems.
  • ChrisJ ChrisJ @ 8:48 PM
    Contact this user

    Ah

    Hi Tim,

    No, no need to tell me as I'm sure its better than what I'm using.
    I'm assuming the most common way to be infected is via email?
    Weil-McLain EG-45 connected to 392sqft of radiation via two 2" risers into a 3" drop header and 2" equalizer. Using Rectorseal Steamaster water treatment to greatly reduce corrosion in the boiler.


    Boiler pictures.
    https://picasaweb.google.com/thetube0a3/Boiler?authkey=Gv1sRgCImUxIqv9436MQ#
  • Tim McElwain Tim McElwain @ 8:46 PM
    Contact this user

    I have a very sophisticated anti-virous

    rather not mention the name e-mail me at gastc@cox.net and I will give you the name. By the way it will not block these viruses as they are designed to find a way around your security. That is what makes them so nasty. I also have systems to block malware, ad ware and other types of invasive stuff. These things seem to be able to go right around security systems.
  • Tim McElwain Tim McElwain @ 9:18 PM
    Contact this user

    Not necessarily

    my computer people tell me visiting certain websites particularly pornography sites which are very low on security. Good reason to stay away from that junk.

    I got my viruses visiting a site discussing an article from P & E magazine and getting distracted and leaving my computer on that site when I came back an hour later I had the virus.

    The other one was when I was visiting a heating website and clicked on a reference on the site and bang here was this virus (FBI)  which locked my computer up and demanded $300.
  • SWEI SWEI @ 12:49 AM
    Contact this user

    This one is different

    once it's encrypted your files it makes no difference whether you remove it or not.

    Resisting these buggers is hard when you use "standard" operating systems and applications.
  • Mark Eatherton Mark Eatherton @ 8:12 AM
    Contact this user

    What he said...

    This one is so new that the anti-virus companies have not caught on yet.

    Of interesting note, it also infected and encrypted the remote hard drive I use for back up. I didn't know you MUST disconnect the drive once it's done backing up your main PC. I am very glad I wasn't VPN'd into the companies main frame or our whole company would have been affected.

    I too dislike having to pay ransom, but after doing some research, due to the fact that they also hit my backup, I would have lost ALL of my files, plus the time involved in having my IT department trying to track down and scrub my drives, so decided to go ahead and pay the fee for de-encryption.

    A word of caution, (numerous actually), there are some very enterprising companies on the net that claim they can remove the virus on line. And according to my trusted IT person, they can, but it is virtually impossible for these companies to decrypt the files, and if you don't ask, they won't tell you that they will lose most of your data. They charge ALMOST as much as the original thiefs!! (wanted $285 to remove the virus with NO guarantee of salvaging any files). Almost seems like collusion, and I've ALWAYS suspected these companies of creating virisus just so they can sell their goods and services...

    Lastly, the email LOOKED official and looked like it was from my company AND it came disguised as a PDF, which I had always understood to be one of the most secure forms on the net as it pertains to viral virility.

    I was told by a member of the FBI task force on computer crimes that this is some nasty stuff coming down the pike, and it uses an encryption program developed by our own government (military grade stuff) that is virtually unbreakable. His suggestion was to have three methods of backup, one remote, two hard copies, and keep the backup copies disconnected when not backing up.

    I can see how a small company, or even a big company could be put out of business real easily with this thing. We are all SO dependent upon these machines, that it could kill ya...

    Triple back up, and don't open any attachments unless you are expecting them. You. Can't be too safe out there... We too run typical antivirus software but it didn't catch this bug. Too new.

    ME
    It's not so much a case of "You got what you paid for", as it is a matter of "You DIDN'T get what you DIDN'T pay for, and you're NOT going to get what you thought you were in the way of comfort". Borrowed from Heatboy.
    This post was edited by an admin on November 10, 2013 8:15 AM.
  • SWEI SWEI @ 1:07 PM
    Contact this user

    PDF

    has been a favorite carrier of malware for years now.  If you open (or preview) them using something other than Acrobat Reader, the likelihood of mishap decreases exponentially.  The same thing applies to .DOC, .XLS, and even .TXT files.

    Ransomware has been around for years, but this is the first such attack to reach critical mass.  Bitcoin transfers are essentially impossible to trace.
  • TomS TomS @ 8:51 AM
    Contact this user

    Payment

    How did you make the payment? It would seem that any electronic form of payment could be traced.
  • Condoman Condoman @ 2:13 PM
    Contact this user

    txt files?

    I can believe doc & xls files because they can execute VBS and cause damage,  and  that goes for any MS Office application.  Any txt file would need an environment to make the machine execute instructions, that will not happen with a txt file.

    I use a derivative of Firefox and have the NoScript addon.  This will keep any scripting language imbedded in web pages from being executed.  On web sites I trust it is disabled (like my bank).  This is generally a good protection against virus and malware that hang out in web pages.
  • Rod Rod @ 4:01 PM
    Contact this user

    Ransom Malware

    I got one sent to me last year in December by email. It was an "official " looking Fed Ex form saying that they tried to deliver a package and I needed to click the tracking number to either schedule a repeat delivery or to pick it up at the listed Fed EX location.  It listed a friend's name as the sender. I went ahead and clicked the tracking number and almost immediately my brain went "NO!!" It locked up my computer and demanded a fee to fix it. I use Norton as an antivirus but it didn't make any difference. It ended up wiping out most of my programs and files.
    I mention this as the Christmas season is coming up so be extra cautious on executing any form sent to you by email no matter what it is or who it is from.
  • SWEI SWEI @ 5:27 PM
    Contact this user

    TXT files

    If they are truly ASCII or UTF will do nothing.  But binaries labeled as TXT files have been used to exploit buffer overflows in Notepad (or the Mac TextEdit.)

    I also use (and highly recommend) NoScript with FF.  Allow a couple of weeks to get your whitelist dialed in. 
  • Condoman Condoman @ 7:50 PM
    Contact this user

    That is possible

    SWEI:

    That is why my default editor is UltraEdit.  Been using it for 15 years plus.  Good information,  thanks.

    Rod:

    I don't know what email you use but my rule is that you must know what the link leads to before clicking it.  This is old fashion but, I have been a PMail user for many years.  It is a desktop based email client.  When I see a link I can mouse over it and view the actual link that will execute.  It is so restrictive that you can not view imbedded pictures.  Most emails have a "click here if trouble viewing this page" option that saves the day.

    I must confess that I stopped using Firefox recently when a new release killed an add-on that I liked.  It lead me to Pale Moon "Pale Moon is an Open Source, Firefox-based web browser for Microsoft Windows, focusing on efficiency and ease of use."  It still supports the add-on that I like and is efficient with many fewer updates.

    Thanks

     
  • TonyS TonyS @ 8:47 AM
    Contact this user

    Mark, I hope you

    purchased some extra bitcoins when you paid your ransom. Because you are now way ahead of the game. This is insane.

    http://www.zerohedge.com/contributed/2013-11-19/bitcoin-surges-over-900-gold-vulnerable-fall-1200oz
  • Mike Reavis Mike Reavis @ 7:53 AM
    Contact this user

    crytolocker

    I had heard of this, and am unsure as what to do.

    I have just unplugged my back-up harddrive. Thanks for the nudge.

    Mike
  •  
Post a Reply to this Thread