Support NeoGAF

[Night_Trekker]

I don't run any anti-virus except for Windows Defender maybe once a month.

I should start backing things up properly.

Something that automatically backs up your harddrives periodically to the cloud is your best bet. Or make backups to an external drive regularly, but don't leave that drive plugged in otherwise.

Also, it is my understanding you'll be in bigger trouble if you run your Windows account as administrator. (Gives the program more access to more files.) So don't do that.

 

[thesuperfunk]

This shit is just pure evil .. time to put that spare 1TB external drive to good use!

 

[golem]

everyone crapping on MSE should realize only 5 out of 49 AV's detected this virus as of yesterday morning.

Which is pretty sad because its been in the wild for quite a while now

 

[Cuyejo]

More people should use Sandboxie, it's a little program which basically virtualizes or isolates any specific program you chose to, for example, isolating the web browser is a good idea since it will protect against zero day exploits. Let´s say this Cryptolocker somehow gets in your PC due an unpatched Java in Firefox, it´ll be rendered ineffective since it is in an isolated space, in other words it can´t touch files outside its "sandbox".

Also it's free, but there is a paid version (15 euros) which adds some handy features.

 

[fallagin]

Hopefully the people doing this get the FBI all up in their ass.

 

[Dr.Acula]

The white-hats are on the case!

A DNS sinkhole campaign is underway and in high gear to block computers infected with CryptoLocker from reaching the malware's Command & Control servers. A DNS sinkhole is a method used by security researchers to monitor Botnets and to block communication between an infected computer and its Command & Control server. This method is now being used against CryptoLocker, a file encrypting ransomware that requires a $300 USD ransom from victims in order to get their files back. We have been monitoring and helping CryptoLocker victims since its release in early September. This infection has been devastating for its victims.

For quite a while, we have noticed that an unknown organization has started redirecting, or sinkholing, CryptoLocker domains to sinkdns.org hostnames. When CryptoLocker attempts to communicate with certain domains it will instead be sent to a server hosted in the sinkdns.org domain. The connection will also contain the http headers Server: You got served! and X-Sinkhole: malware cryptolocker sinkhole. By sinkholing the domains, communication between an infected computer and the malware's Command & Control server is not able to take place. If CryptoLocker is unable to communicate with a C&C server and receive a public key used to encrypt files, it will endlessly loop till it can. By breaking this communication, security researchers aim to halt CryptoLocker before it further encrypts other infected computer's files.

 

[shira]

The white-hats are on the case!

I would have preferred if they made a reverse crypto program that required the ransom guys to pay $300.

 

[Coreda]

The white-hats are on the case!

Isn't one of the issues though that the malware authors coded it in such as way as to create and use new, random domains periodically. I guess that means the whitehats just have to play catch-up each time.

 

[Dr.Acula]

Isn't one of the issues though that the malware authors coded it in such as way as to create and use new, random domains periodically. I guess that means the whitehats just have to play catch-up each time.

The most interesting part is that there is some anonymous group taking deliberate action against this cryptolocker scheme. So there's a lot of research going on by good guys too.

There's a whole cyberwar going on out there!

 

[Joel Was Right]

The cynic in me feels this malware was produced by a Cloud company

 

[Dr.Acula]

The cynic in me feels this malware was produced by a Cloud company

I'm listening to this:

Hear a great explanation of CryptoLocker on Security Now #427:

Youtube link (straight to the story)

And they keep saying that "CARBONITE CLOUD SERVICES" will defeat cryptolocker

 

[BuggyDClown]

This made me think of a genius idea.

Freemium Antivirus software for PC. Oh look we have located a virus trying to instal, would you like us to block it? That will be 19.99.

In app purchase to stop malicious content. The Application will charge you to stop this evil bitch from encrypting everything, essentially holding you hostage but at a lower cost.

Offer non invasive spyware/malware protection for free. Then for the bad ones charge.

 

[Almighty]

Damn that sounds horrible. In all honesty I am surprised it took this long for it to happen. I will have to make sure to let my parents know about it.

 

[Sophia]

This made me think of a genius idea.

Freemium Antivirus software for PC. Oh look we have located a virus trying to instal, would you like us to block it? That will be 19.99.

In app purchase to stop malicious content. The Application will charge you to stop this evil bitch from encrypting everything, essentially holding you hostage but at a lower cost.

Offer non invasive spyware/malware protection for free. Then for the bad ones charge.

This actually exists already. Crazy world we live in, huh?

 

[Elfforkusu]

I'm listening to this:


And they keep saying that "CARBONITE CLOUD SERVICES" will defeat cryptolocker

Conveniently, Carbonite is one of their regular sponsors for the show. ;>

 

[BuggyDClown]

This actually exists already. Crazy world we live in, huh?

Hahaha, I love it. In a horrible fucked up kinda way but I do love it.

 

[G-Fex]

This actually exists already. Crazy world we live in, huh?

I think I had this one.

I remember I had a HORRIBLE one that every website was just spam pages. No websites would work and no browser would work. Going on the internet was useless. It beat the crap out of Malwarebytes and I had to clean install everything, that was the only way to kill it.

 

[wsoxfan1214]

I honestly wouldn't care if the makers of this were wiped from the face of the planet.

Pathetic shitheads.

 

[mxgt]

This thing is fucking brutal, customer of ours now has 6 years of encrypted business data and there's nothing we can do about it

 

[Tworak]

it's apparently quite the experience. we've locked down appdata and localappdata with a gpo and hope that's good enough. there were some reports of it appearing in roaming as well but I don't think that has been confirmed yet.

The cynic in me feels this malware was produced by a Cloud company

if anything the malwarebytes guys did it

 

[KAP151]

Think about the amount of money these shitheels will walk away with.

Malware was at worst an annoyance. This however, is a whole new breed. It will only get worse.

 

[GaimeGuy]

Think about the amount of money these shitheels will walk away with.

Malware was at worst an annoyance. This however, is a whole new breed. It will only get worse.

At least they decrypt the files if you pay up

 

[Valnen]

The scum that does this needs to be fired off into the sun in a rocket. I'm always super paranoid about viruses.

Yeah. They need to be locked up for good. This shit is unacceptable. The crazy thing is they probably also steal your credit card info if you decide to pay them.

 

[Cyprus]

This scares me. I used to run with three drives. But one of them died and I don't have any backups. Would this program be able to encrypt my encrypted hard drive?

 

[Enco]

Scary.

Malware bytes Pro is the best thing I paid for for my PC. It's so fucking good.

I have a ton of backups so should be ok. Might add more versioning.

 

[Arrogant Bastard]

Yeah. They need to be locked up for good. This shit is unacceptable. The crazy thing is they probably also steal your credit card info if you decide to pay them.

An individual would have to be insane to pay the ransom with their credit card. Greendot prepaid visa or something.

 

[dejay]

More people should use Sandboxie, it's a little program which basically virtualizes or isolates any specific program you chose to, for example, isolating the web browser is a good idea since it will protect against zero day exploits. Let´s say this Cryptolocker somehow gets in your PC due an unpatched Java in Firefox, it´ll be rendered ineffective since it is in an isolated space, in other words it can´t touch files outside its "sandbox".

Also it's free, but there is a paid version (15 euros) which adds some handy features.

This looks interesting, I'll give it a look. Thanks!

 

[Cyprus]

Making a hard backup of My Documents, My Pictures and My Videos. Everything else is trivial.

 

[DarkFlow]

Lucky for me I have nothing on my computer that I care about losing. Ransom away!

 

[CrackPebbles]

Fixed ransomware twice(fbi warning) those were simple, this shit is alarming. I have never backed up a file so I guess ill go learn a thing or two.

 

[XT Vengeance]

I can't wait until they catch this fuck and lock him up for life. Personally I'd prefer they hang him.

 

[Prophet Steve]

At least they decrypt the files if you pay up

Which might make it all the more evil.

If something like this gets popular, and if you pay nothing happens, they would make less money because people would recommend against paying up. Sure, people that do not know anything about this and do not ask a different person would still pay if it does not work, but this way even tech-savvy users can say that you either have to pay or you lose your files.

 

[MIMIC]

Just scanned my comp.

Just tracking cookies

 

[davepoobond]

holy shit, i saw something about this at work. i think they got hit with some of it and they had to delete them and reput the archives back up

it better not fuck with my video archives...

 

[Chinner]

so whats the best anti virus combo? i use mse but i get that it doesn't provide full coverage, whats best to use that gives best coverage but makes thing least obtrusive? is spybot even relevant anymore?

not that it matters, if this happened to me i would probably wipe and restore.

 

[karasu]

What's best for backups or cloud stuff?

 

[Cyprus]

What's best for backups or cloud stuff?

I never trust cloud backup. Get an external hdd, then use that as a backup. Only keep it plugged in and powered on when you're backing up files.


PSA: everyone here should check out sync toy.

http://www.microsoft.com/en-us/download/details.aspx?id=15155

 

[Omni]

This thread has reminded me to back up my laptop. Had 30GB of RAW photos that I had completely forgotten about and would have been lost if something happened to my computer.

HP simple save is great. With a click of a button it looks at all the files that weren't there before and backs them up.

 

[Enco]

I never trust cloud backup. Get an external hdd, then use that as a backup. Only keep it plugged in and powered on when you're backing up files.


PSA: everyone here should check out sync toy.

http://www.microsoft.com/en-us/download/details.aspx?id=15155

Not this cloud scare again..

You realise everything you do on the internet is 'in the cloud' right?

A cloud backup option is pretty much a must. An external HDD backup is a great addition. Unplugging a HDD backup and only plugging it in for backing up is a HUGE pain.

Why must you make computing difficult?

1. Use one of Dropbox/GDrive/SkyDrive
2. Use CrashPlan with an external drive
3. Use CrashPlan with a remote computer (a friend/family member)
4. Set CrashPlan to backup once a day

Sorted. No need for inconvenience. Cloud backups have versions you can fall back on. CrashPlan can back up to multiple destinations on a schedule and it also has versions.

What's the point of an awkward backup system that you'll never use?

 

[Shao Kahn Brewing a Stew]

Makes me wish MSE steps the game up. Its a very simple software that I like using, but seems to me that they're slacking off lately. I had to manually delete some shitty files hiding in my PC that MSE didn't pick up.

 

[moojito]

Installed avast! free on the back of reading this thread. I have to say, it's looking pretty nice these days. I remember when it was an ugly, annoying mess of a program. The hardened mode aka "enable this on your parents' pc" thing seems interesting, as well.

 

[strafer]

What is the safest site to download Malvarebytes from?

 

[Omni]

Unplugging a HDD backup and only plugging it in for backing up is a HUGE pain.

Well that's just a HUGE exaggeration.

 

[Timedog]

Well that's just a HUGE exaggeration.

It's a pretty big pain if you're lazy as shit like me.

 

[Chinner]

It's a pretty big pain if you're lazy as shit like me.

WHAT IF you cut off your finger and replace it with a usb stick and then you can attach it to your stump so y0u can putt your finger into the computer with ease. it would be like a sexual version of robocop.

 

[Omni]

It's a pretty big pain if you're lazy as shit like me.

Is cloud backup any better though? I mean... you're dependant on so many things. Like your Internet speed, for one. Trying to backup GBs of data on the cloud is arguably a more tiring experience than just getting a sync program and doing it automatically to an external that you plug in once or twice a month.

 

[Vyroxis]

This is why I am happy I have no important files anywhere. I have no qualms wiping my drives and starting from scratch.

 

[Timedog]

it would be like a sexual version of robocop.

WHOA

 

[Orbis]

Is cloud backup any better though? I mean... you're dependant on so many things. Like your Internet speed, for one. Trying to backup GBs of data on the cloud is arguably a more tiring experience than just getting a sync program and doing it automatically to an external that you plug in once or twice a month.

Only if you plan on repeatedly backing up many GBs of data. For some people, this is mostly going to be a possibly lengthy one time process, followed by much smaller backups of new files. I have several gigabytes of photos for example, but that's in total, so I don't have to keep backing these up. I also use an external drive though.

Just some info on Dropbox and this 'ransomware' though; because Dropbox automatically syncs your files, if Cryptolocker encrypts everything in your Dropbox folder, these files will be picked up and uploaded by Dropbox and overwrite the cloud version. No need to panic if this happens; obviously you'll first want to disable Dropbox on the infected PC, clean the PC of this infection, then you can restore previous versions of any encrypted files from the Dropbox website. Dropbox keeps old versions of files for 30 days I believe, at no cost to your overall storage space.

And generally there's no real need to panic over this particular piece of software. It's not massively widespread, but it should serve as a reminder to check your security and backup methods generally.

 

[Enco]

Well that's just a HUGE exaggeration.

Do you really think your average joe blow will remember to do this or be bothered? I consider my self fairly savvy and even I would forget and not bother.

Why making something like this annoying when we have automatic backups available?

Is cloud backup any better though? I mean... you're dependant on so many things. Like your Internet speed, for one. Trying to backup GBs of data on the cloud is arguably a more tiring experience than just getting a sync program and doing it automatically to an external that you plug in once or twice a month.

Huge files are best backed up automatically to an external HDD, yes.

Small files that 99% of people are concerned with can be easily backed up to the cloud.

All I'm saying is that an automatic solution is infinitely better than a manual backup. No questions asked.

The best backup is one that's up to date and one you actually use.