I use Crashplan and it's cheap as hell for infinite storage.
Cryptolocker: new malware encrypts your files, demands ransom within 96 hours
- Thread starter j_k_redtail
- Start date
- Status
Oracle Dragon
Member
I run a Linux virtual machine on Virtual Box for access to any sites I consider suspect. Every time I shut it down it restores a clean snapshot.
freenudemacusers
Member
Thanks for this. My parents run AVG, so it looks like they are ok for the time being.
BTW, if they are total noobs and need to be walled away from the horrors of the internet, what would you recommend I install on their system?
mega.co.nz is really good. Its free and provides 50gbs.
stanley1993
Neo Member
I dont understand how that works since http://labs.bitdefender.com/2013/10/cryptolocker-ransomware-makes-a-bitcoin-wallet-per-victim/ states that bitdefender users are protected.
Thanks, was super easy to setup. I'm tinkering with it now.
pelicansurf
Needs a Holiday on Gallifrey
We have backups running, but not cloud. We just need to hope that the backups dont run daily(i didnt set them up), otherwise we're screwed. We contracted it yesterday, but it was our main info server. We have other servers, not infected since the potential user who got it, only had write access to the one server.
Just walling off their browser would solve most problems, which is what Sandboxie would do. Or, if you want an all in one system (firewall + AV + light sandboxing) that can monitor the entire system, then Comodo Internet Security (the free version) will do the job.
Personally, I prefer Sandboxie since it's more configurable, and you can configure it for rock solid protection (you can do the same with Comodo, but it still wont be quite as secure). But for a more set and forget approach, that will still give you very good security, then I'd recommend Comodo.
Darkmakaimura
Can You Imagine What SureAI Is Going To Do With Garfield?
Hoping that MSE gets to this. I really don't want to switch over to Avast at this point.
Yeah, I've just checked again and Virustotal haven't updated their Bitdefender database since 2009/02/18. I guess their license ran out and they haven't bothered to renew it. Everything else is up to date though (apart from Kingsoft).
freenudemacusers
Member
thanks, I'll bookmark this post for later.
j_k_redtail
Member
Thank you - added to OP.
The Abominable Snowman
Member
Well, that isn't 100% and on top of that my users would try to get the company to reimburse for it.
And aside that, just no. The authors are devious and should be arrested, not awarded.
stanley1993
Neo Member
O yes, I see, thank you.
Saved. On-topic, this had me all paranoid last night lol.
Suikoguy
I whinny my fervor lowly, for his length is not as great as those of the Hylian war stallions
This concept has been around for years.
Although, I am surprised it took this long for it to hit significant distribution of a version of the idea.
This is truly supervillian-grade stuff. I was actually in awe for a few minutes before the horror settled in.
There's a bunch of similar posts to this so let me make something clear:
Malware such as this doesn't "spread" or "infect" other computers like that. It's a program that does the damage when it's run for the first time. The only way for it to do any damage is to actually run the EXE or having it be executed through some code execution attack vector (like the Java browser plugin). It's very rare to have a virus that can actually spread like that nowadays.
However, it can encrypt files in shared network drives and automatically-synced cloud storage folders like Dropbox. The encrypted files will "spread" but all they do is become unreadable: they won't cause any harm to other PCs. If you have versioning enabled in Dropbox, it should be possible to revert back to unencrypted versions of the files.
Tips to avoid infections of any kind on Windows PCs:
1) Be wary of any program you download and install on your PC. The vast majority of installers require elevated privileges and thus they can do whatever they want to your machine. Avoid "shareware" and "freeware": if you want/need to go free, look for an open-source solution first. Just because it's on the top of your Google search results or CNET downloads it doesn't mean it's safe.
2) If you need to run a program you don't trust, use a sandboxing solution like Comodo Internet Security and Sandboxie. This will prevent the program from making any permanent changes to your PC. You can also use either of those programs to sandbox your browser, effectively preventing any zero-day exploits from harming your computer.
3) Don't use Java. If you have to use Java, uninstall/disable the browser plugin. If you have to use the plugin, use Firefox, which keeps the Java plugin disabled by default so you can enable it only on the website that needs it. Do *not* allow the Java plugin to execute on a website unless it's absolutely necessary, like your bank's website. Actually, avoid accessing your bank website on a normal browser if possible: use a tablet, phone, a virtual machine, etc.
4) Avoid opening e-mail attachments you weren't actively expecting to receive, even if they come from people you know. You can never know if someone's e-mail account has been hijacked or spoofed. If you need to open the attachment, prefer loading it into Google Drive and viewing it there (if you're using gmail, you can do it without ever downloading the files into your PC). Google Drive will twarth any attempts at disguising EXE files as documents and script-ridden Word/PowerPoint/Excel files.
There's a bunch of similar posts to this so let me make something clear:
Malware such as this doesn't "spread" or "infect" other computers like that. It's a program that does the damage when it's run for the first time. The only way for it to do any damage is to actually run the EXE or having it be executed through some code execution attack vector (like the Java browser plugin). It's very rare to have a virus that can actually spread like that nowadays.
However, it can encrypt files in shared network drives and automatically-synced cloud storage folders like Dropbox. The encrypted files will "spread" but all they do is become unreadable: they won't cause any harm to other PCs. If you have versioning enabled in Dropbox, it should be possible to revert back to unencrypted versions of the files.
Tips to avoid infections of any kind on Windows PCs:
1) Be wary of any program you download and install on your PC. The vast majority of installers require elevated privileges and thus they can do whatever they want to your machine. Avoid "shareware" and "freeware": if you want/need to go free, look for an open-source solution first. Just because it's on the top of your Google search results or CNET downloads it doesn't mean it's safe.
2) If you need to run a program you don't trust, use a sandboxing solution like Comodo Internet Security and Sandboxie. This will prevent the program from making any permanent changes to your PC. You can also use either of those programs to sandbox your browser, effectively preventing any zero-day exploits from harming your computer.
3) Don't use Java. If you have to use Java, uninstall/disable the browser plugin. If you have to use the plugin, use Firefox, which keeps the Java plugin disabled by default so you can enable it only on the website that needs it. Do *not* allow the Java plugin to execute on a website unless it's absolutely necessary, like your bank's website. Actually, avoid accessing your bank website on a normal browser if possible: use a tablet, phone, a virtual machine, etc.
4) Avoid opening e-mail attachments you weren't actively expecting to receive, even if they come from people you know. You can never know if someone's e-mail account has been hijacked or spoofed. If you need to open the attachment, prefer loading it into Google Drive and viewing it there (if you're using gmail, you can do it without ever downloading the files into your PC). Google Drive will twarth any attempts at disguising EXE files as documents and script-ridden Word/PowerPoint/Excel files.
Darkmakaimura
Can You Imagine What SureAI Is Going To Do With Garfield?
Previous post says that an old version of Bitdefender detects it so I'm not sure I would take Virustotal is 100 percent accurate.
Besides, wasn't it said somewhere else in this thread that although MSE will detect it, by the time it does it's too late?
That was explained here:
The updated version of Bitdefender will catch it just fine, the version VT was using was ridiculously out of date, so no wonder it didn't detect it. As long as Virustotal are using updates from today (which they are on all but two of the AVs) then there's no reason to doubt it.
Darkmakaimura
Can You Imagine What SureAI Is Going To Do With Garfield?
I hope MSE actively detects it now.
That's what happens as soon as I execute the file.
If I used the default settings then it wouldn't even let me execute it, since it detects it as soon as I extract the EXE from the ZIP file.
Yep, and AVG will catch it in real time too.
Darkmakaimura
Can You Imagine What SureAI Is Going To Do With Garfield?
Okay that's good news. I'm using MSE (Windows 7) but my ignorance on such matters assumes WD on Windows 8 is the same thing. I rarely if ever open EXE files from a source I don't know anyhow but always better safe than sorry.
That's what happens as soon as I execute the file.
If I used the default settings then it wouldn't even let me execute it, since it detects it as soon as I extract the EXE from the ZIP file.
makingmusic476
Member
I had been thinking of upgrading to Malware Bytes Pro, because I liked the free trial when I reinstalled MWB Free awhile back. This made me pull the trigger.
I wouldn't recommend paying to get your files back. Just make sure you're protected and always keep backups of important files.
I wouldn't trust the free version of AVG. But that's for other reasons.
YES. MSE and WD are basically the same.
BTW:
People. Paranoia has never been useful, just use a good AV, couple with MB and do a scan. Just chill the fuck out.
pelicansurf
Needs a Holiday on Gallifrey
I wouldn't trust the free version of AVG. But that's for other reasons.
BTW:
People. Paranoia has never been useful, just use a good AV, couple with MB and do a scan. Just chill the fuck out.
I think it's more the corporations/businesses with their dumb effing employees that're worried about it, on top of the wide scale ramifications of poorly built networks by businesses that don't truly understand the importance.
That's just my view on things, since the network(and any remotely important files) for my current employer is completely fucked by this virus. Like... mega-fucked.
Huh?
Thanks! I may have to get a new AV since for whatever reason I can't update the one i"m currently using. The other day I tried, I think it installed some malware. orz
oh snap. that's the AV I have. haha :'D
perfect security right here
Cow Mengde
Banned
Our work place encountered something similar to this a while ago. It was more of the fake FBI virus. Luckily all our info is kept online, so we didn't loose anything.
Only be doing yourself a favor...
Fox Mulder
Member
you have to be a special kind of piece of shit to do this to people.
would love to read a follow up article detailing how these assholes are thrown in prison.
Somebody needs to invent a drive you plug into your computer, and every month it mechanically connects itself to a USB port and starts a backup. Once finished, it mechanically separates itself from the port, and you can physically see the mechanism and physically lock it.
Automated airgap backup solution.
Automated airgap backup solution.
Oh, it's a lifetime licence? Good to know.
That or Sandboxie, which is also a lifetime license for the Pro version. Malwarebytes is probably enough for most people though.
Samurai_Heart
Member
Subscribed for updates etc
Will detect it but stop? That's the question. The problem is apparently that even if the scanners detect it it may be too late because it's been running silently.
If they call catch it before that act, great.
- Status