Support NeoGAF

[ixix]

In addition to the old classic executable in the email trick there are some reports that it's being installed by way of Java exploits. Update your Java if you've got it, peeps.

And don't install the malware toolbar it'll try to foist on you when you do. Truly we in this modern world are singing the song of screwed.

 

[reKon]

Fuck whoever made this. I'm going to ask IT at work about this

 

[Cuyejo]

Considering you have to pay, that means you have to deposit the money somewhere, so it can be fairly easy to track the perpetrator isn't it?

 

[RedSwirl]

I guess it's a good thing I constantly have script blocker engaged. I probably can't just rely on MSE for real-time protection anymore though huh.

 

[Dai101]

In addition to the old classic executable in the email trick there are some reports that it's being installed by way of Java exploits. Update your Java if you've got it, peeps.

Oh yes. This too. The old U-KASH ransomware that disguised itself as your country Federal police used a java vulnerability to install in your PC.

 

[CornBurrito]

Well shit how do I know if I am secretly infected or not?

 

[tirminyl]

Nasty. I hope to god someone doesn't fall for this to work and infect our systems. Yeesh.

 

[BlackJace]

Considering you have to pay, that means you have to deposit the money somewhere, so it can be fairly easy to track the perpetrator isn't it?

Bicoins evade tracking.

 

[Regiruler]

Well shit how do I know if I am secretly infected or not?

If the point is to ransom you, it will tell you so that you will pay them.

 

[Coreda]

Considering you have to pay, that means you have to deposit the money somewhere, so it can be fairly easy to track the perpetrator isn't it?

But it still has to go somewhere, right? I mean, is there no end point that can be found?

Not sure about payment through MoneyPak, but Bitcoin is pretty much perfect anonymity. The whole system was designed to prevent anyone from tracing transactions to people, if you follow best practices.

 

[dmr87]

Nasty, thanks for the heads up. I'm not worried myself but it will and screw over less knowledgable people, like parents etc.

-Don't open unknown emails, with or without attatchments. Avoid shady sites, links and don't download unkown/random files.

-Surf the web with for example Firefox, noscript is an amazing addon along with adblock, not much getting through there without your knowledge.

-I use MSE and Malwarebytes, can't remember the last time I even had any malware though, I have it installed just in case.

 

[CornBurrito]

If the point is to ransom you, it will tell you so that you will pay them.

What if it sits in stasis for awhile, waiting for me to back up my (already infected) files and fuck up my backup?

 

[PS3GamerKyle]

Damn... For people in a financial bind, this is the stuff of nightmares.

Very sophisticated stuff. I'm impressed.

 

[tirminyl]

Nasty. I hope to god someone doesn't fall for this to work and infect our systems. Yeesh.

Well shit how do I know if I am secretly infected or not?

Try to open a file ;-) Watch the video linked in the OP, normally you can tell by weird processor names running on your machine but everyone should have some type of scanning software on their system, even if they aren't Chip

 

[BigJonsson]

NoScript for firefox but is there one for chrome too?

 

[Sophia]

Not sure about payment through MoneyPak, but Bitcoin is pretty much perfect anonymity. The whole system was designed to prevent anyone from tracing transactions to people, if you follow best practices.

While not as anonymous as Bitcoin, MoneyPak is preferred by a lot of ransomware authors precisely because it is harder than average to track.

What if it sits in stasis for awhile, waiting for me to back up my (already infected) files and fuck up my backup?

Hmm, not likely, but I doubt anyone knows its full payload yet so who knows?

At any rate, install Avast or Malwarebytes Pro if you're worried.

 

[Cuyejo]

Not sure about payment through MoneyPak, but Bitcoin is pretty much perfect anonymity. The whole system was designed to prevent anyone from tracing transactions to people, if you follow best practices.

Bicoins evade tracking.

oh shit!, this is some devious stuff.

Remember to backup your data people, even if it's in the cloud.

 

[not psycho]

If the point is to ransom you, it will tell you.

Until they decide to have it sit back for a month and infect your monthly back up on an external drive. Then ransom you.

Ugh, this is awful. I wouldn't fall for any of the methods I've heard of for this, but it seems like they'll just keep getting better at it.

 

[CornBurrito]

While not as anonymous as Bitcoin, MoneyPak is preferred by a lot of ransomware authors precisely because it is harder than average to track.



Hmm, not likely, but I doubt anyone knows its full payload yet so who knows?

At any rate, install Avast or Malwarebytes Pro if you're worried.

I don't think I can have Avast and McAfee run at the same time. And my school forces us to run McAfee in order to use the internet.

 

[ReturnOfTheRAT]

I've heard 5 million dollars a year is not unheard of for successful ransomware.



Apparently they're disguised in phishing emails, that is emails that appear to be from legitimate sources.

Hear a great explanation of CryptoLocker on Security Now #427:

- Youtube link (with background on such malware)
- Youtube link (straight to the story)

Another Security Now fan? Yes, that was a good explanation on Wednesday's show.

 

[RedSwirl]

NoScript for firefox but is there one for chrome too?

Yes. It's called "NotScripts." They even make you use a password for it.

Can anyone confirm how effective script-blockers are against this kind of thing though? The Chrome version pretty much blocks all Javascripts until you allow them.

 

[Sophia]

I don't think I can have Avast and McAfee run at the same time. And my school forces us to run McAfee in order to use the internet.

Install Malwarebytes free or pro then. If you use the free version, do a scan fairly regularly with it (weekly or so)

Yes. It's called "NotScripts." They even make you use a password for it.

Can anyone confirm how effective script-blockers are against this kind of thing though? The Chrome version pretty much blocks all Javascripts until you allow them.

I can't speak for NotScript, but from what I've heard its nowhere near as effective as NoScript on Firefox.

As for NoScript, it will absolutely block this kind of malware, but like any security feature it is entirely dependent on how strong the link is. If you have a weak link (I.E. you or someone else is a total moron and liberally allows domains to run) then it isn't as effective, obviously.

 

[RustyNails]

Guys here's an idea. Don't open any attachment from a sender you don't know. Ok?

 

[Nilaul]

I don't think I can have Avast and McAfee run at the same time. And my school forces us to run McAfee in order to use the internet.

http://ericolon.wordpress.com/2013/02/13/10-reasons-not-use-mcafee-antivirus/

 

[Piano]

I'll say YES. The real time protection it has is better than most AV's.

According to my Google-fu it's not a subscription, which is good. I think I'll get a copy for my dad, too.

Thanks for the heads up, GAF.

 

[Timedog]

Guys here's an idea. Don't open any attachment from a sender you don't know. Ok?

It infects networks.

 

[CornBurrito]

http://ericolon.wordpress.com/2013/02/13/10-reasons-not-use-mcafee-antivirus/

I like how you think I don't know this. Did you bother reading the second half of my post? I kind of require internet at college.

Install Malwarebytes free or pro then. If you use the free version, do a scan fairly regularly with it (weekly or so)

Aight I can at least get that.

 

[RedSwirl]

Is Malwarebytes Pro a one-time payment or an annual subscription?

 

[oni_saru]

Right now someone that has this is backing up their files and the files on their external harddrive are being encrypted.

does disconnecting from the network help or is it too late?

crap now i'm worried!!

 

[Piano]

On second thought, as an independent / unnetworked PC user with a brain does this pose any real risk to me?

Is it totally dependent on the user running a malicious .exe?

 

[RustyNails]

It infects networks.

But there's a genius who opened the attachment and spread the virus, right?

 

[b&jy77VjiKn$#F]

Will MBAM Pro real time protection interfere with other antivirus? In my case it's avast free.

 

[Nilaul]

I like how you think I don't know this. Did you bother reading the second half of my post? I kind of require internet at college.

.

I posted this just incase for any other people that may just use MCafee.

 

[Net_Wrecker]

This is cyber punk as EFF

 

[Iadien]

Reading through the reddit through and someone linked something called cryptoprevent, anyone try it?

 

[sappyday]

Should I go with MSE + MB or Avast + MB?

 

[WhiskeyDiver]

I've already told all of the people I care enough about this. I pretty much said, "If you get infected by this, be prepared to pay to get your files back, or you can kiss your shit goodbye. "

As the most knowledgeable person in my family PC wise by 50 grand canyons plus 4 trips around the sun, I'll probably have the bullshit fortune of getting infected by this goddamn thing somehow. Luckily, I have anything I care about backed up on an external HDD. Oh and I didn't throw out my windows install disc + serial #, so my compu-body is ready.

 

[DominoKid]

Whoa this is some ill shit.

 

[j_k_redtail]

It infects networks.

To be fair: this program is not yet omnipotent. It attacks mapped drives, but not mapped shares (a mere oversight, I'm sure), and there hasn't been a case of direct PC-to-PC transmission over a local network.

 

[b&jy77VjiKn$#F]

Reading through the reddit through and someone linked http://www.majorgeeks.com/files/details/cryptoprevent.html, I wonder if it works?

Don't, unless you know exactly what you are doing.

 

[Chichikov]

On some level, you got to appreciate the execution, but fuck, this is nasty. We really need to start rethinking cyber-law enforcement, this shit will only get worse (and you will see copycats of this, guaranteed).

On second thought, as an independent / unnetworked PC user with a brain does this pose any real risk to me?

Is it totally dependent on the user running a malicious .exe?

Given the the currently known infection vectors, it shouldn't, but if they (or a copycat) find or buy a zero day exploit and start infecting computers using it, you could be fucked.

 

[Keyouta]

does disconnecting from the network help or is it too late?

crap now i'm worried!!

Just keep your antivirus and anti malware software up-to-date. Read up a little on it too if you want more info. Oh, and don't install more than one antivirus, if you didn't already know that.

 

[Sophia]

If you're worried about being infected or your security, just simply install Avast! Free and Malwarebytes free. Right now both programs are excellent more or less, and Avast blocks the malware from ever running. The real danger is in variants of the malware coming up anyhow.

Reading through the reddit through and someone linked http://www.majorgeeks.com/files/details/cryptoprevent.html, I wonder if it works?

Don't use this. At least until multiple experts declare it safe. MajorGeeks is usually a safe site, but this just seems awfully shady.

 

[Piano]

Apparently MSE isn't good any more these days and I should jump ship to Avast?

 

[Dai101]

Is Malwarebytes Pro a one-time payment or an annual subscription?

AFAIK the Pro version is lifetime for one home computer. Corporate license is for 1 year.

Will MBAM Pro real time protection interfere with other antivirus? In my case it's avast free.

Yup. Malwarebytes works together with most AV software.

 

[smurfx]

i remember there being something similar out there and eventually people found out the keys and were able to bypass it. i'm sure this is different though.

 

[Angelus Errare]

There are people saying/suggesting that Java is also used as an infection point; just a heads up.

Thankfully I haven't had Java installed on my PC in years....because it's the devil.

 

[Ether_Snake]

Computer data protection software sales will skyrocket.

 

[Ifrit]

wow, for the first time I'm thinking of jumping from MSE to Avast Free

 

[DTKT]

I've also read some reports from sysadmin mentioning that it actually jumps between mapped drives. It leaves shared file alone, but I can't even imagine what kind of havoc it could do on a large network.