Cryptolocker: new malware encrypts your files, demands ransom within 96 hours
- Thread starter j_k_redtail
- Start date
- Status
It seems to be aimed at businesses since it attacks various text documents and jpegs.
Since it spreads through email exe you should be okay if you know your shit. I know hotmail/outlook auto block email exe so I would imagine other big email hosts do as well.
For home users you could probably password rar a backup of your text and pic files to keep them safe.
According to google if MSE is up to date it should also detect this malware. Someone please correct me if wrong.
Since it spreads through email exe you should be okay if you know your shit. I know hotmail/outlook auto block email exe so I would imagine other big email hosts do as well.
For home users you could probably password rar a backup of your text and pic files to keep them safe.
According to google if MSE is up to date it should also detect this malware. Someone please correct me if wrong.
Well according to the reddit thread, only Avast and Malwarebytes Pro work without fail
But reformatting starts to become fun after the first 50 times. You start to see how fast you can get everything up and running again.
Totally fun.
King Mystery
Member
Does it affect Linux?
From what I've read it doesn't catch it quickly enough to stop it.
Intheflorsh
Banned
I can get Symantec Endpoint for free, but no one has mentioned it in this thread so I'm not sure if it's any good. Should I grab it or spring for Malware pro?
But things aren't getting slower than they were. I'm on 4.6 GHz i7-3770K, Samsung 840 Pro, 16 GB RAM, and Windows 8.1. Pretty much restarting is all BIOS posting, which is 5-10 seconds.
Doesn't seem to. But it talks about network mounts being how it propagates, so maybe Linux could be a carrier if you're using samba.
stanley1993
Neo Member
is bitdefender good? is there any way i can know?
Any reason given why mse isn't reliable in this case? I know it relies on windows update to update definitions so those with it set to manual updating could be a concern.
I've always found mse to be pretty good at catching shady files. It usually deletes them while being extracted so that can't be accidentally run.
Edit: Are there reports of people catching this thing simply surfing the webs? Google says its an exe you have to download and run, typically found in a zip file.
According to reports, MSE does not detect the malware fast enough, if it detects it at all. Right now the only two anti-virus/anti-malware programs that catch it are Avast! and Malwarebytes Pro.
EDIT: Okay, according to Bitdefender, their software also protects users. So that makes three known security programs that can block it before activation and encryption.
stanley1993
Neo Member
thank you. i am relieved, for now atleast.
edit: i hope this includes all bitdefender software. i believe i have the antivirus software(the cheapest).
DXLelouch153
Banned
my mom has bitdefender
should i just delete it and install Avast for her just incase?
should i just delete it and install Avast for her just incase?
Coreda
Member
I guess the sting in the tail is that if you're on a shared network and one user gets the malware installed then the shared files will get encrypted regardless.
Not the end of the world for most users in that situation, as they likely have backups, but still a damn pain.
Sucks to be the user who is clueless and gets hit. To be honest though the number of people I've met who genuinely don't care that much when their computer gets reformatted by tech 'repair' staff is surprising. "I didn't have anything that important on there anyway."
b&jy77VjiKn$#F
Member
Bitdefender is really good. But I'm not sure if it has acknowledge this ransomware though.
Not as good as the Firefox version, I feel. I really wish Google would offer an exception or lend a hand to NoScript to let them make an official port to Chrome instead of people having to do offshoots of it. :/
This is actually a very friendly virus. Most viruses that do this sort of thing won't actually restore your files once they get your money.
That's perhaps the worst thing about it. What's good for society as a whole is that people simply refuse to pay the ransom. Then people stop making malware like this, because it's not profitable. Unfortunately, the thing that is best for the individual person who lost important data is often just to pay the ransom.
This strikes me as particularly dangerous malware for that reason.
NotTheGuyYouKill
Member
Stole the words outta my mouth.
I meant how fast can you get all your programs back, reconfigured, and running as they were before. Basically back to the state you were program/work wise.
It's stupid and largely a waste of time. I only started doing it out of unfounded paranoia that MSE may not have been working properly after reports of it being sorta crappy started coming out. That said, I don't really care for Avast or AVG either for some reason. Nothing I do on the computer is shady or incredibly stupid (as far as I can tell). Everything I have installed is legal and the only email attachments I open are either from myself (school assignments) or from people I'm expecting them from.
But that FRESH COMPUTER feeling so good.
DXLelouch153
Banned
yet another reason for my next labtop(gaming labtop) to be a Mac
It's actually a rather ingenious setup. I applaud the authors for their creativity, as they're probably making off with hundreds of thousands of dollars. Not everyone involved will get caught either, most likely.
I actually enjoy looking at progress bars (being a robot and all) and I don't think I'd like doing what you're wasting time on. o_o
I just pulled the sharing privileges for a school dropbox - not taking any risks, especially not when a minor inconvenience could protect us from this bad boy.
I usually clean install four times a year, but if I were to be hit right now, it'd be devastating. Even with all the stuff I have backed up to other drives, they're all internal and stay mounted, and I only have the bare necessities in the cloud.
If anything, at least I'll have to start considering protection more seriously now.
King Mystery
Member
External drive and keep it safe. Do that once a month/year and keep that shit in an offline location.
Also to double-up, use your OS's restore points. You can "roll back" before the encryption apparently and then be safe. Provided you nuked the Malware of course.
Well it's not like I sit there and stare at the computer reinstalling stuff. I'll do something else in the meantime, and I have a backup USB of most of the stuff I absolutely need. The only thing that really takes a while is reinstalling Windows updates.
Also for what it's worth I would never recommend doing this to anybody.
Coreda
Member
Quite possibly an entire thread in itself. I use Image for Windows, and do a cold image backup using a live CD (kinda unnecessary) to an external drive. However it's easier to just run the app on Windows using a scheduler.
Fornaximus
Member
I need to remind my mom to never open email attachments. Thankfully my dad is an Apple fanboy. I cringe at the thought of him using Windows. His viruses would have viruses.
Would this thing (or any variation alter) be able to encrypt an already encrypted TrueCrypt volume?
I have an external drive that I can keep disconnected when not backing up, but I was thinking about making a TrueCrypt volume on an internal drive I have and only opening it to do a backup, then closing it again.
I realize this specific ransomware looks for specific file types, but could any ransomware encrypt already encrypted files?
I have an external drive that I can keep disconnected when not backing up, but I was thinking about making a TrueCrypt volume on an internal drive I have and only opening it to do a backup, then closing it again.
I realize this specific ransomware looks for specific file types, but could any ransomware encrypt already encrypted files?
Dropbox stores previous versions of files, so you'd be able to get the pre-encrypted file back even if somebody you trusted did get infected.
Yes. Encryption algorithms view files as nothing but blobs of 0s and 1s. It doesn't matter if those files are music files, text files, random data, or encrypted data. An encryption program knows how to turn arbitrary input into a random-looking file using a passkey, and how to turn the random-looking file back into the original input when the same passkey is provided again.
That isn't the reason people have been criticizing MSE. MSE has been slow about detections in general for awhile now.
Night_Trekker
Member
I am pretty sure it encrypts everything it can see on your harddrive, so yes. Something being encrypted doesn't mean that encrypted data can't further be encrypted.
You know, I always wondered about this. If you have 10 GB of space, does it store the previous versions in unused space? What if you're near full? How long does it go back? How much space is *really* allocated to a 10 GB account?
It seems to be 'as much as you need'. Though, you only get 30 days worth of history unless you pay.
If you used a ridiculous amount they'd probably check you're not breaking any ToS, and/or throttle your transfer rate so you wouldn't have the bandwidth to abuse the storage.
Xzibit.jpg
confident it won't hit me, haven't had a computer virus for like 15 years. I practice good security measures (keep all software updated, don't open files you don't have a strong feeling are safe, use sandboxie for anything you have even the slightest worry about are just a few measures)
Upsetting how so many antivirus programs don't seem to be catching this though. But that should change in the coming days as awareness of this malware seems to be exploding at the moment.
I do have Windows Defender (Win 8.1) enabled and it updates pretty much daily just for a little extra precaution against stuff like this. If it doesn't protect against it, hopefully it will shortly.
However I *am* worried about people in my family and at work getting this installed. Trying to spread some awareness now.
Upsetting how so many antivirus programs don't seem to be catching this though. But that should change in the coming days as awareness of this malware seems to be exploding at the moment.
I do have Windows Defender (Win 8.1) enabled and it updates pretty much daily just for a little extra precaution against stuff like this. If it doesn't protect against it, hopefully it will shortly.
However I *am* worried about people in my family and at work getting this installed. Trying to spread some awareness now.
Crimson-Death
Member
I have a friend whose computer has been infected twice with the ZeroAccess virus, and it was a bitch to eradicate it from the computer.
That's one of those ransom FBI viruses.
And oh my fucking god, what a pain it was to fix the aftermath of countless errors and fucked up changes the virus made to the computer. Erasing services, being unable to access files, to erase them, a hundred other things.
A couple weeks ago he got infected with something less nasty and he was able to kill it himself.
For those interested in these zombie botnets, it's an interesting read, and more so if you know the lingo which I don't.
http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess-botnet.aspx
We will explore the financial aspects of the botnet, examining how click
fraud and Bitcoin mining can earn the botnet owners a potential
$100,000 each day.
So I guess that's why they do it.
And now a virus encrypts the files? I feel bad for the hapless.
What a fucking nightmare.
Confidence won't do it for me,
My computer hasn't been infected in a decade, but i still have Avast installed, and I am not turning it off now.
Good to know after years it's still strong and relevant and it's free!
Let me also recommend Anti-rootkit utility TDSSKiller, which is the one that delivered the coup de grace to my friend's ZeroAccess problem back then.
But always backup, backup, backup.
That's one of those ransom FBI viruses.
And oh my fucking god, what a pain it was to fix the aftermath of countless errors and fucked up changes the virus made to the computer. Erasing services, being unable to access files, to erase them, a hundred other things.
A couple weeks ago he got infected with something less nasty and he was able to kill it himself.
For those interested in these zombie botnets, it's an interesting read, and more so if you know the lingo which I don't.
http://www.sophos.com/en-us/why-sophos/our-people/technical-papers/zeroaccess-botnet.aspx
We will explore the financial aspects of the botnet, examining how click
fraud and Bitcoin mining can earn the botnet owners a potential
$100,000 each day.
So I guess that's why they do it.
And now a virus encrypts the files? I feel bad for the hapless.
What a fucking nightmare.
Confidence won't do it for me,
My computer hasn't been infected in a decade, but i still have Avast installed, and I am not turning it off now.
Good to know after years it's still strong and relevant and it's free!
Let me also recommend Anti-rootkit utility TDSSKiller, which is the one that delivered the coup de grace to my friend's ZeroAccess problem back then.
But always backup, backup, backup.
Crimson-Death
Member
Especially important files that would hurt if you lost them.
- Status