x * $300 + y * $25 > x * $300
Cryptolocker: new malware encrypts your files, demands ransom within 96 hours
- Thread starter j_k_redtail
- Start date
- Status
x * $300 + y * $25 > x * $300
j_k_redtail
Member
Several of you asked what a cryptolocker email looks like. This is one I have in my inbox:
Attached was a zip file, containing FORM_101513.exe - the payload. I ignored it at the time but I'm sure someone on the University network opened it.
Attached was a zip file, containing FORM_101513.exe - the payload. I ignored it at the time but I'm sure someone on the University network opened it.
firehawk12
Subete no aware
Wow, I was wondering what would happen to cloud services that synced. That sounds like a nightmare.
Funky Papa
FUNK-Y-PPA-4
I'm dead sure that thing will use dozens if not hundreds of different looking emails to disguise itself.
Daniel Jackson
Member
Can't the bitcoins that victims send be tracked? Or are bitcoins really that untraceable?
Andrew Korenchkin
Member
How exactly does this infect your computer? Where does it come from?
Red Liquorice
Member
Who would run an unknown exe file?
email attachment....easiest way for dumb citizen to load virus.
I like how they named it STD.
Daniel Jackson
Member
a .pdf.exe with a pdf icon. Windows hides the .exe part of the filename, I can see how people might click on it without thinking
KillerMan91
Member
Luckily I always partition my hardrive to two parts (Disc C has windows files and not much else and disc D has everytihing else). Don't lose much even if I am forced to format and re install windows.
Daniel Jackson
Member
Always a good way to set up your system. But in case of a cryptolocker infection, it won't save you. This piece of ransomware will encrypt files on every drive it can find. A reinstall of Windows won't decrypt them, only the malware itself can do that.
Andrew Korenchkin
Member
I'll throw away anything that looks like spam. Luckily, I use my school account.
One of my pet peeves with Windows. They hide them by default to make your folders look cleaner (I guess) but the amount of security issues it brings is certainly not worth it.
CriterionDog
Member
Whoever made this is the scum of the earth.
FloatingDivider
Member
This is one of the windows design decisions that blows my goddamn mind, half of my family doesn't understand the concept of filetype extensions because of this. They operate based on the picture that the file has, actually no they don't, they just double click everything.
Also this virus is pretty cheeky, I'd be scared but I don't run java and I never open attachments anyway so I should be good.
Hypereides
Member
Woah. Now that's some fucked up shit.
I guess when the "regular" means of lureing people into paying shit starts to stagnate, malware programmers begin taking files as hostage to blackmail dollars outta them.
I guess when the "regular" means of lureing people into paying shit starts to stagnate, malware programmers begin taking files as hostage to blackmail dollars outta them.
Yep. I turn on file extensions for family members that don't know computers for this very reason.
Yup. Same here. I fix computers for a living and i've to turn on that for every motherfucking PC i get.
KillerMan91
Member
Oh well shit. Well I don't have anything thaaat important on my harddrive so formating both drives wouldn't hurt me that much (still of course it would suck). Hopefully I am able to avoid this.
I'd like to know this too. Why would anyone (who isn't breaking the law) need a totally anonymous currency? (And is helping those people who do need it worth the enormous benefit to criminals that it brings)?
I think this Cryptolocker will start a worrying trend of more "professional" style malware, like we're seeing with the developer(s) of this giving "customer support" to help with payment etc. It's slightly strange; a bit like someone mugging you, then walking you home and making you a cup of tea to help you calm down, but it will definitely be effective and make people much much more likely to pay up than the old ransomware scare tactics. I'm sure there are plenty of copycat programs in development as we speak unfortunately.
Phrozenflame500
Member
It's mostly the hardcore-Libertarian type that doesn't want Obummer's hands on their precious bank account.
But more on-topic, this is really nasty. Really the only option is to reformat the drive and reinstall everything. Hopefully everyone can get their anti-virus's up to speed.
NekoFever
Member
Has Microsoft ever commented on the reason for turning off extensions by default? It's baffling. At least disallow double extensions so that you can't name a file filename.pdf.exe.
There are plenty of people who are brainless and will click the files without thinking but it removes one vector for confusion.
There are plenty of people who are brainless and will click the files without thinking but it removes one vector for confusion.
So I switched over to Avast but it seems to be interfering with my ability to launch some programs. Any game I try to launch on Steam crashes and then causes Steam to hang and freeze.
Various other programs, like MSI Command Center are doing the same thing.
I assume it has something to do with its real-time scanning but don't know which components to turn off to get it working again without sacrificing security. It may be it scanning outgoing / incoming connections or .exe execution?
I'm scanning my computer right now just in case and will add a batch exception for the Steam folder...but since it's happening with other programs to I'd rather not hunt down program after program just to make them function properly.
Various other programs, like MSI Command Center are doing the same thing.
I assume it has something to do with its real-time scanning but don't know which components to turn off to get it working again without sacrificing security. It may be it scanning outgoing / incoming connections or .exe execution?
I'm scanning my computer right now just in case and will add a batch exception for the Steam folder...but since it's happening with other programs to I'd rather not hunt down program after program just to make them function properly.
RoadHazard
Gold Member
It almost made me laugh when I saw the executable pretending to be a PDF in the video. Yeeeah, I'd probably skip opening that... I also don't download weird shit from shady sources or attachments to suspicious emails in the first place, so I'm not too worried.
And even if I did somehow get this, I use GDocs for most documents and Dropbox for other files. Dropbox lets you roll files back to earlier versions going back 30 days, so even if they got encrypted they should be perfectly recoverable.
But yes, this is a really evil piece of software that will make many less computer-literate people's lives harder.
And even if I did somehow get this, I use GDocs for most documents and Dropbox for other files. Dropbox lets you roll files back to earlier versions going back 30 days, so even if they got encrypted they should be perfectly recoverable.
But yes, this is a really evil piece of software that will make many less computer-literate people's lives harder.
theprodigy
Member
sounds like a perfect excuse to shut down bitcoins and throw the creators of it in jail for life
Thanks for bringing this to my attention, OP. (Un?)Fortunately I manage both the AV *and* backup solutions for my company, so you bet your arse I'm looking into this as much as possible right now. Currently sussing out rules to block anything running from the AppDataLocal folder and make sure that those who manage our mail security are on top of their shit.
Coreda
Member
There's nothing inherently wrong with Bitcoins, they are a great concept. Just as there's nothing inherently wrong with cryptography, it's just some people are bad and use the technology to their own benefit.
Mmm, however it's mainly the (current) lack of embedded PDF icon that would alert the casual viewer. Add one of those and most wouldn't think twice to be honest, even more tech-savvy users (assuming they fell victim to the phishing/online attack in the first place).
No, it doesn't.
wsoxfan1214
Banned
...no?
dripdripsplash
Member
This is scary but also fascinating in a kind of weird way.
Shut up.
Valkyr Junkie
Member
This solution has nothing to so with the issue at hand. Removing this malware is trivially simple; your documents will just be gone forever. Reformatting is typically a solution when a PC is infected with so much malware reformatting is the best solution, however your documents aren't taken into that equation.
j_k_redtail
Member
Oh, I'm well aware. That was just one - I believe I have (had) three more in my inbox.
D
Deleted member 80556
Unconfirmed Member
Indeed, it's interesting (and very much disturbing) what a person can do to hundreds of computers with some lines of code.
Did a hard drive backup, installed Malwarebites Pro and updated my AV software. I feel like I should be OK against this Ransomware, especially since I had to deal with another one earlier on this year that involved fake antivirus software purchase demands.
Thanks for the link to Tech-GAF, guys!
Thanks for the link to Tech-GAF, guys!
Easy Speed Up manager is for Samsung net books.
http://www.samsung.com/us/support/faq/FAQ00032177/69609/
So we know MSE catches this virus and auto removes it before it can be run. But has anyone tried mailing the exe to an outlook or other email account and running it from the mail? I'm curious if mse would catch it there.
If there's a webpage java exploit varient of this thing that would be something to test with MSE as well. I don't have a dummy computer to try with but maybe someone else does.
I believe windows only hides the last extension. So if you had filename.pdf.exe it would show as filename.pdf. Since extensions are off seeing any extension should be a clear enough warning something is fishy.
If there's a webpage java exploit varient of this thing that would be something to test with MSE as well. I don't have a dummy computer to try with but maybe someone else does.
I believe windows only hides the last extension. So if you had filename.pdf.exe it would show as filename.pdf. Since extensions are off seeing any extension should be a clear enough warning something is fishy.
Well of course the virus maker is incentivized to provide support. If hackers just take peoples PCs then nuke them anyway, people will stop paying the ransoms,
If you don't catch other viruses, you won't catch this one. It's still dependent on running untrusted executables.
MSE will check any file before you run it.
The trick is that MSE, like all anti-virus programs, can only catch known exploits. Viruses get rewritten all the time, it's possible to catch unknown ones in the wild. Happened to me once, when no joke, I had a PC freshly installed facing the wild without a firewall for less than an hour.
RoadHazard
Gold Member
MSE scans all files before they are opened, right? Shouldn't matter if the file is accessed from a file explorer or an e-mail application. It's still a file being downloaded and then run on the computer.
Microsoft have an entry on Ransomware on their Malware encyclopaedia. They also have an detailed entry on Cryptolocker
This is the first time I have heard of the malware term Ransomware. Although apparently Mac computers were hit by some form of Ransomware back in July although it seemed to be browser based. Obviously this malware is shared between media file sharing websites.
This is the first time I have heard of the malware term Ransomware. Although apparently Mac computers were hit by some form of Ransomware back in July although it seemed to be browser based. Obviously this malware is shared between media file sharing websites.
velociraptor
Junior Member
What is the best free antivirus for Windows 8?
ElbowRocket
Member
This virus is only on Windows file systems right?
BocoDragon
or, How I Learned to Stop Worrying and Realize This Assgrab is Delicious
Yes. I heard that said on tonight's This Week in Tech podcast.
:Motorbass
Member
Well, I'm gonna DVD-backup some of the most important files tonight. Twice.
- Status