Cryptolocker: new malware encrypts your files, demands ransom within 96 hours

Status
Not open for further replies.
firehawk12 said:
I wonder, if this thing gets into your Dropbox folder and Dropbox syncs all those files, are all your files on Dropbox fucked as well?
(Or any other cloud service, for that matter).
Click to expand...

You need versioning to stay safe, that way you can roll back to known good files. Ideally you'd also want an offline backup, as this malware only encrypts the documents it can see through your computer network.

People will be fine if they don't open attachments in seemingly legit emails, and (so it seems from reading here) keeping your AV up to date.

I imagine the malware will find new ways to spread, so that's not the last thing you'll need to keep clean, but it's a good start.
 
Yup, this is pretty hardcore. I work at a computer place and we had some clients get this. Unlike the vast majority of infections we see, there's really not much you can do here at the moment except for either restore from a back-up if you have one or pay the price (in bitcoins of course). It's a killer when it hits a major system and they don't have a back-up. The situations we've seen so far came from opening email attachments.
 
Amikami said:
Damn. Thats terrifying. So what sort of stuff should one look out for? What might be the main sources of such a malware. At this point I'm afraid to google.
Click to expand...

Watch where you browse, and don't open attachments you're not expecting.

Turn on file extensions. These guys have been known to hide viruses by sending files like "Resume.pdf.exe". They can assign the PDF icon to the executable, and windows will hide the real file extension (.exe) by default.
 
Amikami said:
Damn. Thats terrifying. So what sort of stuff should one look out for? What might be the main sources of such a malware. At this point I'm afraid to google.
Click to expand...
Pretty much anything illegal, really.
I suppose the real fear would be someone inserting this malware into a big public site that everyone accesses, like Google or a government website or something.

I assume it would be impossible, but the damage would be tremendous.
 
Kurashima said:
Yup, this is pretty hardcore. I work at a computer place and we had some clients get this. Unlike the vast majority of infections we see, there's really not much you can do here at the moment except for either restore from a back-up if you have one or pay the price (in bitcoins of course). It's a killer when it hits a major system and they don't have a back-up. The situations we've seen so far came from opening email attachments.
Click to expand...

What kinds of emails if that can be answered? I'm curious to know in what form this monster comes in. Is it apparent junkmail?
 
j_k_redtail said:
Watch where you browse, and don't open attachments you're not expecting.

Turn on file extensions. These guys have been known to hide viruses by sending files like "Resume.pdf.exe". They can assign the PDF icon to the executable, and windows will hide the real file extension (.exe) by default.
Click to expand...

It's amazing that something like that in Windows is enabled by default. It causes so many problems for layman users. ><;

Some of avast's default settings are downright obnoxious (no I don't need my Antivirus to SPEAK to me), but it beats getting infected.
 
So Malwarebytes Anti-Malware Free version isn't going to help. You need the paid version?
 
Mr. Nobody said:
sounds like I better get Avast Free.

Guess MSE won't cut it alone
Click to expand...

More like Avast internet security, you can stream a single movie or a flash advert and get screwed.

There was another similar virus pretending that it is a government anti-piracy organisation which remotely locked up your computer for illegal activities until your paid your fee. It happened to a few of my friends when they streamed movies online.
 
Right now someone that has this is backing up their files and the files on their external harddrive are being encrypted.
 
Sophia said:
The free version does not actively protect your PC. It only scans it when you request. By the time you knew you were compromised, you'd be too late.
Click to expand...
Damn I've had Malwarebytes because so many people here on GAF recommended it a few years back. Should I go Avast now or stick to MB?
 
Darkmakaimura said:
Damn I've had Malwarebytes because so many people here on GAF recommended it a few years back? Should I go Avast now or stick to MB?
Click to expand...

I use both free versions of avast! and Malwarebytes actually. Even if you don't have the paid version, Malwarebytes is an absolutely amazing security tool for the average user. Everyone should have it, really.

Avast! can actively block stuff, and Malwarebytes can remove the nasties that avast can't get to.
 
Amikami said:
What kinds of emails if that can be answered? I'm curious to know in what form this monster comes in. Is it apparent junkmail?
Click to expand...

Reports state that the emails often mimic notifications from UPS, FedEx, XeroxWorkCentre ("scanned document"), banks, and the like. They do come in popups too - in some of the seeder parts of the web.
 
Nilaul said:
This guy probably has so much money that he can dissapear and do whatever he wants.
Click to expand...

I've heard 5 million dollars a year is not unheard of for successful ransomware.

Amikami said:
What kinds of emails if that can be answered? I'm curious to know in what form this monster comes in. Is it apparent junkmail?
Click to expand...

Apparently they're disguised in phishing emails, that is emails that appear to be from legitimate sources.

Hear a great explanation of CryptoLocker on Security Now #427:

- Youtube link (with background on such malware)
- Youtube link (straight to the story)
 
Sophia said:
I use both free versions of avast! and Malwarebytes actually. Even if you don't have the paid version, Malwarebytes is an absolutely amazing security tool for the average user. Everyone should have it, really.

Avast! can actively block stuff, and Malwarebytes can remove the nasties that avast can't get to.
Click to expand...
Okay, wasn't aware I could run two of these types of programs. I know you could only run one anti-virus software on a PC at a time but I guess it's different with anti-malware?

Edit: Oh, I see.... Avast is anti-virus. I'm currently using MSE with Malwarebytes. So keep MSE or go Avast now....
 
At least this is just ransomware and not scareware as well. I've seen a bunch of people who freak the fuck out when they get the FBI Paypack one swearing up and down they've never looked at kiddie porn and have NO idea how that got on their computer.
 
golem said:
I dread the day my parents catch this.. And i know they will. I should just buy them all Macs
Click to expand...

Yeah, tell me about it. I'm not at any risk myself, but I'm worried my stepdad, in his infinite foolishness, will get infected. In which case he'll have no choice but to reformat.

rhfb said:
At least this is just ransomware and not scareware as well. I've seen a bunch of people who freak the fuck out when they get the FBI Paypack one swearing up and down they've never looked at kiddie porn and have NO idea how that got on their computer.
Click to expand...

Give it time. I bet eventually a scareware version will appear too. It just seems like a logical step.
 
j_k_redtail said:
Watch where you browse, and don't open attachments you're not expecting.

Turn on file extensions. These guys have been known to hide viruses by sending files like "Resume.pdf.exe". They can assign the PDF icon to the executable, and windows will hide the real file extension (.exe) by default.
Click to expand...

firehawk12 said:
Pretty much anything illegal, really.
I suppose the real fear would be someone inserting this malware into a big public site that everyone accesses, like Google or a government website or something.

I assume it would be impossible, but the damage would be tremendous.
Click to expand...

j_k_redtail said:
Reports state that the emails often mimic notifications from UPS, FedEx, XeroxWorkCentre ("scanned document"), banks, and the like. They do come in popups too - in some of the seeder parts of the web.
Click to expand...

Coreda said:
Apparently they're disguised in phishing emails, that is emails that appear to be from legitimate sources.

Hear a great explanation of CryptoLocker on Security Now #427:

- Youtube link (with background on such malware)
- Youtube link (straight to the story)
Click to expand...

mugurumakensei said:
A co-worker got infected by an infected file from one of our clients.
Click to expand...

Thanks all for the responses, and will watch those links there. Man this is horrible.
 
What the hell? Rage inducing stuff. Thanks for the warning, OP. I've got my shit backed up on an external, but after reading this thread I feel that isn't going to cut it anymore.
 
Yeah, I got a virus like this once -- the FBI Moneypak virus.

When you start your computer an FBI logo and warning screen pops up, saying that your computer has been flagged by the FBI for trying to access illegal porn or bestiality porn. It demands that you pay an FBI "fine" using Moneypak. You can't bypass the screen at all. You are completely locked out from using the PC to do anything.

I went crazy trying to get rid of it before my girlfriend got home, because there's no way she would buy the "It's actually a virus" explanation, and would probably believe I'd been looking at all kinds of sicko stuff. I wonder how many relationships that virus ruined. I guess that was the idea of it -- to make people think "I'd better pay this ransom fast before my wife/GF sees it!"

Anyhow, I'm sure I got it from some weird Javascript pop-up on a"gentleman's streaming website" (whose letters rearranged spell xxnx), so don't think it can't happen to you just because you don't click on strange emails or authorize web pages to install shit on your PC. I clicked on no e-mails, did not say "Yes" to running any executables or installations.
 
Nilaul said:
More like Avast internet security, you can stream a single movie or a flash advert and get screwed.

There was another similar virus pretending that it is a government anti-piracy organisation which remotely locked up your computer for illegal activities until your paid your fee. It happened to a few of my friends when they streamed movies online.
Click to expand...

cool thanks man. I just bought a years worth of Avast Internet Security
 
Keyouta said:
Don't run two at once. Choose one, stick with it.
Click to expand...

Yes, running two actual antiviruses at the same time is generally a bad idea, as they'll interfere with each other.

BigJonsson said:
So those phishing e-mails actually get people? :(
Click to expand...

You would be surprised at how crafty these emails can be. The average layman computer user can easily be tricked into thinking its a legit email, allowing web content to be displayed for that particular email, and suddenly they're compromised.

Or you can be like my stepdad, and look at porn without using software such as NoScript to disable things at a domain level. Or install Screensavers thinking they're entirely trustworthy... the list goes on really.
 
Technosteve said:
running two AV software just in case
Click to expand...

This is just not only stupid but counterproductive. Never run 2 AV's software at the same time. And no, Malwarebytes AM is not an AV program per se.

Darkmakaimura said:
Damn I've had Malwarebytes because so many people here on GAF recommended it a few years back. Should I go Avast now or stick to MB?
Click to expand...

Usually MSE + MB is enough, but this time it seems like the paid version of MB is better than just one AV. Glad i have mine.
 
ugh, I need to call my wife's parents. I just cleaned out an ungodly amount of malware from their system a couple weeks ago. They are like prime targets for this shit.
 
BigJonsson said:
So those phishing e-mails actually get people? :(
Click to expand...

Well, there was semi-recently the famous case of RSA - the inventors of public key cryptography ffs - having their network infiltrated and their entire database of master keys for their one-time password system stolen. All from a spearphishing email a receptionist opened.
 
Shit I haven't gotten a virus in years and have never paid for AV software...
...but I've got to say this is so malicious that it has me contemplating buying the Pro version of Malware Bytes.

Is it worth $25?
 
It's too good. Whoever created this is over-reaching, will get caught and put in bars.

I'm going to make my Sandy Bridge desktop into an Ubuntu file server that crontab's a script to archive stuff and unmount the volume, and then only is used periodically.
 
Piano said:
Shit I haven't gotten a virus in years and have never paid for AV software...
...but I've got to say this is so malicious that it has me contemplating buying the Pro version of Malware Bytes.

Is it worth $25?
Click to expand...

Depends on how much your data is worth to you.

Remember: this is only going to get worse.
 
Status
Not open for further replies.

Similar threads

Starship Flight 11 launch within the hour
39
499
ReBurn replied
The Why Files
26
985
Diatribe1974 replied
JFK Assassination Files Released!
2
55
5K
DKehoe replied
The "Bing Wallpaper" app is malware
Business 
1
956
Trogdor1123 replied
Village Roadshow Files for Chapter 11 Bankruptcy
News 
13
1K
TheInfamousKira replied
Top Bottom