Sapiens
Member
Yes! Me too. My one windows installation is purely there fore "just-in-case" situations and is isolated via vmware.
Cryptolocker: new malware encrypts your files, demands ransom within 96 hours
- Thread starter j_k_redtail
- Start date
- Status
Yes! Me too. My one windows installation is purely there fore "just-in-case" situations and is isolated via vmware.
Funky Papa
FUNK-Y-PPA-4
cloud_sleep
Member
How does one go about safely automatically backing up to Dropbox, for example. On my PC, I have a Dropbox folder which syncs with my Dropbox cloud storage. So, in the event of my PC getting infected by this malware and my files encryoted, wont the encrypted files from my PC Dropbox folder get copied to the Cloud also?
Whats the best way to avoid this?
BronsonLee
Member
Dropbox saves previous versions of files in case things go wrong, if memory serves. You can get them via the Web interface. I think it's up to 30 days history.
CrashPlan have a fully free version.
Their website doesn't really represent this for some reason (probably to get people to buy it) but their free version has no time limit or anything like that.
Haven't tried that before. Might as well check it out.
Store all your files on Dropbox. They'll be backed up online. If something like this messes them up, go to the Dropbox website and you can restore an older version of your files. Dropbox keeps many version in case something like this happens. A backup for a backup.
For even more security, backup your Dropbox to anther HDD using CrashPlan.
cloud_sleep
Member
Thanks.
Duplicati (mentioned above) also looks promising as a way to backup to my Google Drive account.
I see that Malwarebytes Pro blocks this before it can do any damage to your system but reviews of the program aren't very good (the on-access protection, I mean). What else would you guys recommend? I'm currently using Windows Firewall, MSE and NoScript and I haven't had a virus problem in years.
Stumpokapow
listen to the mad man
Guy asks how and if tablets can get malware. You respond with you can get malware just by opening a page and then a long rant about how PCs get malware. Let me ask again for the user--how do tablets get malware? Can tablets get malware? How much tablet malware is in the wild?
j_k_redtail
Member
Posted this on the end of the last page -
I would not count on this as your only defense.
How so? NoScript seems to work the same on Chrome as I remember it in Firefox, aside from the strange installation.
RustyNails
Member
jhmtehgamr20xx
Banned
As long as MSE is one of the 5, that's good enough for me.
I DON'T recommend AVG, especially the Free Edition. Almost totally nerfed my computer w/ a bad update, deleted graphics, plug and play, and sound drivers and forced me into two days of painful driver troubleshooting and a System Restore (which I've never had to use before then) to get everything back 100% again. Crazy part is last thing I did before all that shit was listen to some music on Youtube.
Got rid of it, best decision regarding AV I ever made.
The Abominable Snowman
Member
I have been dealing with this damned virus at work since last week -_- (Desktop Support)
It sucks having to explain that the files are lost forever.
It sucks having to explain that the files are lost forever.
..or to pay for it. Might be the better choice in some cases. These guys were really smart in their "pricing", so almost every affected could afford it if they really wanted to.
One time purchase. You might be able to find a voucher code to get it for cheaper too.
It always gives me popups on IP's it's blocked. Never affected me in a negative way so I don't think it has many false positives.
When you update your java you also need to uninstall the old java versions otherwise they can still use the exploit.
Thanks. Done and done.
I was wondering what the difference was earlier when it said only the Pro version could block it, then I read up and realized the free version (which I've been using since time out of mind) doesn't do real-time scanning, which I never really considered before.
Better safe than sorry, IMO... $25 now is better than a potential $300 or lost files later on. I've got some stuff backed up, but it's mostly there in case of a hard drive failure.
I've known of them, I just haven't seen something like this before.
I don't think any have been as bad as this. If you aren't adequately equipped/knowledgeable to block it or don't have a decent backup system then you're completely fucked
The only common ransomware that I've seen is that Moneypak thing, and that's still possible to remove. Cryptolocker essentially destroys your files if you don't pay and it's a lot more serious than anything I see on a regular basis.
Does Malwarebytes Pro completely replace MSE or should they be run at the same time?
It was mentioned in this thread earlier but yes, this can happen. Dropbox stores old versions of your files for 30 days so you're OK there. I'm not sure about Skydrive.
It was mentioned in this thread earlier but yes, this can happen. Dropbox stores old versions of your files for 30 days so you're OK there. I'm not sure about Skydrive.
It could probably encrypt your Dropbox files, but I think Dropbox keeps short-term backups so you could revert it? No idea about Skydrive.
Edit: Synonym posts?
Probably, since the Dropbox/SkyDrive files are local on your computer which the malware would have access to. But on the bright side, I know that Dropbox support has the ability to roll back your entire Dropbox folder to a specific date if you want them to; all you gotta do is submit a support ticket.
probably because this ransomware uses public-key cryptography against you. And if it encrypts files, they're baically unsalvageable even from mounting the hard drive in an external OS and using file recovery software on it.
The podcast that someone here posted said that dropbox wasn't really safe but I would imagine it would be ok providing you don't have the actual program installed on your pc that gives access to it. I know nothing on stuff like this though so I am probably wrong.
Hah, same.
This really isn't any worse than many others that have been around before. These types tend to be more rare, since usually they just lock your PC instead of actually encrypting the files, but this isn't really new by any stretch of the imagination. Though I'll admit that my views on this are heavily skewed since I used to analyse many different types of malware on a daily basis, almost like a religion; so I guess I've lost touch of how often the average user encounters this sort of thing, which is to say, not very.
You're correct. If you use Dropbox/SkyDrive/Google Drive as file storage through your web browser ONLY (i.e. no PC client installed on your PC) the malware can't mess up your files, since there's no local copy on your PC to encrypt.
Part of my job is dealing with laptops from all over the country and I see Moneypak ransomware and other viruses several times a week. Even if it's tough to clean, I can always recover all important files. Cryptolocker destroys these files for good unless the user has been backing them up (almost no one does this) so it's going to make me kind of miserable.
So like, assuming that your user does not have admin privileges to alter the files or its permissions, changing file or mount permissions would easily break this, wouldn't it?
pelicansurf
Needs a Holiday on Gallifrey
As I was typing up a warning email to my co-managers, just realized our entire network is infected. What a joy.
I'll go ahead and recommend the same piece of software that I always do in these types of threads:
Sandboxie
Spend just 5-10 minutes learning the basics of this program, and you'll never* have to worry about any sort of malware again. It's so secure that you could even download a sample of this ransomware and run it for fun. It's not going to be able to do much.
*99% secure. Nothing is 100% when it comes to PC security
Sandboxie
Spend just 5-10 minutes learning the basics of this program, and you'll never* have to worry about any sort of malware again. It's so secure that you could even download a sample of this ransomware and run it for fun. It's not going to be able to do much.
*99% secure. Nothing is 100% when it comes to PC security
freenudemacusers
Member
thanks for this link, I'll definitely put this on the parent's computer next time I'm up.
CrazedProfessional
Member
Just hire a Decker to get your key back. 
Seriously? What protection services did you guys have running in your PC or server's? Any firewall/antivirus applications? Hopefully you have a backup system running.
I was basically about to ask this. Has Windows Defender/MSE been updated to catch this? I'd rather not install a third-party anti-virus.
I've just uploaded a sample of this malware to Virustotal (it scans the file with a bunch of different AV engines and tells you if they detect the file). The results are here:
https://www.virustotal.com/en/file/...0a3c34fc2008e210ccfe6dae/analysis/1382805599/
Pretty much every AV, provided you have the latest updates, will detect it.
CrazedProfessional
Member
MSE isn't quite up to date on these things, they've fallen behind ever since Windows 8 was released. Priorities I guess.
Thanks, couldn't find it out from Binging.
- Status