Beware: CryptoLocker Virus

Looks to be another nasty one.

A new computer virus is being called one of the strongest and most devastating viruses in history, strikes by literally holding the computer owners hostage, the Inquisitr reported.

The CryptoLocker Virus - which not only has the potential to destroy a computer hard drive, but holds the computer owners data ransom -infects computers through a legitimate-looking email, usually from a reputable company like FedEx or UPS. Once opened, the virus quickly spreads to the computer's hard drive and then offers the user a chance to rid the program for a hefty fee.

Crypto Locker Virus: New Aggressive Computer Virus Demands Ransom : News : University Herald
 
One reason why I only store programmes on the pc and access all data off NAS drives. A factory reset sees off any virus.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Sony Vaio
    Memory
    4Gb
    Graphics Card(s)
    Onboard
    Antivirus
    AVG
One reason why I only store programmes on the pc and access all data off NAS drives.
From what I've read about Cryptolocker, it will seek out all network drives and encrypt files on them too though, so your NAS won't be any good unless you disconnect it.
 

My Computer

System One

  • OS
    Windows 8.1, 10
One reason why I only store programmes on the pc and access all data off NAS drives.
From what I've read about Cryptolocker, it will seek out all network drives and encrypt files on them too though, so your NAS won't be any good unless you disconnect it.



Important stuff is also synced to the cloud, but an infected NAS would be an irritation.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Sony Vaio
    Memory
    4Gb
    Graphics Card(s)
    Onboard
    Antivirus
    AVG

My Computer

System One

  • OS
    W8.1, W7
    Computer type
    Laptop
    System Manufacturer/Model
    HP \ Toshiba \ Lenovo \ Dell E7440
    Browser
    FF

My Computer

System One

  • OS
    64-bit Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus CM5675
    CPU
    IntelCore i5 3.20Ghz
    Motherboard
    Asus CM5675
    Memory
    6.0Gb
    Graphics Card(s)
    Intel HD integtrated
    Sound Card
    SB Audigy
    Monitor(s) Displays
    Samsung 24'
    Screen Resolution
    1900x1080
    Hard Drives
    Segate 1tb
    Intel 120Gb SSD
    Internet Speed
    100mb down /10mb up

My Computer

System One

  • OS
    Win8.1 Pro, Desktop Mode
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Me
    CPU
    AMD FX-8150
    Motherboard
    Gigabyte GA-890GPA-UD3H
    Memory
    8.00 GB Dual-Channel DDR3 (9-9-9-28)
    Graphics Card(s)
    AMD Radeon HD 6570
    Sound Card
    Creative X-Fi Titanium
    Monitor(s) Displays
    PX2710MW
    Screen Resolution
    1920x1080@60Hz
    Hard Drives
    1x1TB Western Digital WDC WD1001FALS-00J7B1 ATA Device Caviar Black -

    4 x 2TB Seagate ST32000542A -
    1 x 4TB Seagate External
    Case
    Antec
    Cooling
    Noctua NH-D14
    Keyboard
    Logitech Illuminated Keyboard K740
    Internet Speed
    60meg cable
    Browser
    Cyberfox
    Antivirus
    AVG Security Suite
This is really nothing new. Ransomware has been floating around for close to a decade now. In most cases, even if you pay the ransom, you won't get your files back.

This really has the potential to take out a corporate network that uses shared drives... hope those backups are up to date.
 

My Computer

System One

  • OS
    Windows 8.1 Pro
    CPU
    Intel i7 3770K
    Motherboard
    Gigabyte Z77X-UD4 TH
    Memory
    16GB DDR3 1600
    Graphics Card(s)
    nVidia GTX 650
    Sound Card
    Onboard Audio
    Monitor(s) Displays
    Auria 27" IPS + 2x Samsung 23"
    Screen Resolution
    2560x1440 + 2x 2048x1152
    Hard Drives
    Corsair m4 256GB, 2 WD 2TB drives
    Case
    Antec SOLO II
    Keyboard
    Microsoft Natural Ergonomic Keyboard 4000
    Mouse
    Logitech MX

My Computer

System One

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    KINGSTON HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
    Graphics Card(s)
    EVGA GTX750
    Monitor(s) Displays
    LG 27MP33HQ 32" IPS LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 840 Evo 120 GB, 2 x SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    ANTEC TruePower New TP-550, 80 PLUS®, 550W
    Case
    ANTEC Three Hundred Illusion
    Cooling
    COOLER MASTER Hyper 212 Plus, 3 x 120mm 1 x 140mm Case
    Internet Speed
    20 + Mbps
    Browser
    Vivaldi
    Antivirus
    Avast
Last edited:

My Computer

System One

  • OS
    Windows 10 Home x64
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Custom
    CPU
    INTEL Core i5-750
    Motherboard
    ASUS P7P55D
    Memory
    KINGSTON HyperX Fury Black Series 8GB (2 x 4GB) 1866Mhz
    Graphics Card(s)
    EVGA GTX750
    Monitor(s) Displays
    LG 27MP33HQ 32" IPS LED
    Screen Resolution
    1920 x 1080
    Hard Drives
    Samsung 840 Evo 120 GB, 2 x SEAGATE 500GB Barracuda® 7200.12, SATA 3 Gb/s, 7200 RPM, 16MB cache
    PSU
    ANTEC TruePower New TP-550, 80 PLUS®, 550W
    Case
    ANTEC Three Hundred Illusion
    Cooling
    COOLER MASTER Hyper 212 Plus, 3 x 120mm 1 x 140mm Case
    Internet Speed
    20 + Mbps
    Browser
    Vivaldi
    Antivirus
    Avast
I just saw this...

October 28, Help Net Security – (International) Researchers sinkhole several Cryptolocker C&Cs. Researchers at Kaspersky Labs were able to sinkhole three domains serving as command and control (C&C) servers used by the Cryptolocker ransomware. Source: Researchers sinkhole several Cryptolocker C&Cs
 

My Computer

System One

  • OS
    Win 10 Pro 64bit
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Home built Intel i7-3770k-based system
    CPU
    Intel i7-3770k, Overclocked to 4.6GHz (46x100) with Corsair H110i GT cooler
    Motherboard
    ASRock Z77 OC Formula 2.30 BIOS
    Memory
    32GB DDR3 2133 Corsair Vengeance Pro
    Graphics Card(s)
    GeForce GTX 980ti SC ACS 6GB DDR5 by EVGA
    Sound Card
    Creative Sound Blaster X-Fi Titanium HD, Corsair SP2500 speakers and subwoofer
    Monitor(s) Displays
    LG 27EA33 [Monitor] (27.2"vis) HDMI
    Screen Resolution
    1920x1080
    Hard Drives
    Samsung SSD 850 EVO 250GB (system drive)
    WD 6TB Red NAS hard drives x 2 in Storage Spaces (redundancy)
    PSU
    Corsair 750ax fully modular power supply with sleeved cables
    Case
    Corsair Air 540 with 7 x 140mm fans on front, rear and top panels
    Cooling
    Corsair H110i GT liquid cooled CPU with 4 x 140" Corsair SP "push-pull" and 3 x 140mm fans
    Keyboard
    Thermaltake Poseidon Z illuminated keyboard
    Mouse
    Corsair M65 wired
    Internet Speed
    85MBps DSL
    Browser
    Chrome and Edge
    Antivirus
    Windows Defender, MalwareBytes Pro and CCleaner Pro
    Other Info
    Client of Windows Server 2012 R2 10 PC's, laptops and smartphones on the WLAN.

    1GBps Ethernet ports
What about when using a VM. All my every day use is within a VM that includes e-mail, downloading apps/programs and what not. The only use of my internet on my main system is for the app store, and upgrades (once a week).
 

My Computer

System One

  • OS
    Win 8, (VM win7, XP, Vista)
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP Pavilion p1423w
    CPU
    Intel Core i5 3330 Ivy Bridge
    Motherboard
    Foxconn - 2ADA Ivy Brige
    Memory
    16 GB 1066MHz DDR3
    Graphics Card(s)
    ATI Radeon HD 5450
    Sound Card
    HD Realteck (Onboard)
    Monitor(s) Displays
    Mitsubishi LED TV/Montior HD, Dell 23 HD, Hanspree 25" HD
    Screen Resolution
    Mit. 1980-1080, Dell 2048-115, Hanspree 1920-10802
    Hard Drives
    1 SanDisk 240Gig SSD, 2 Samsung 512Gig SSDs
    Case
    Tower
    Cooling
    Original (Fans)
    Keyboard
    Microsoft Keyboard 2000
    Mouse
    Microsoft Optical Mouse 5000
    Internet Speed
    1.3 (350 to 1024 if lucky)
    Browser
    Firefox 19.1
    Antivirus
    MSE-Defender
Using Firefox and NoScript saved me from getting infected with the FBI warning scam once. I don't know if it will work with the CryptoLocker virus or not and hopefully I'll never have to find out.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP ENVY 700-074
    CPU
    Intel Core i5 4430 @ 3.00 GHz
    Motherboard
    MS-7826 (Kaili)
    Memory
    12 GB
    Graphics Card(s)
    Nvidia GeForce GT 740
    Sound Card
    Integrated IDT 92HD68E2 Audio
    Monitor(s) Displays
    Samsung S27C230B
    Screen Resolution
    1920 x 1080
    Hard Drives
    240 GB Kingston SSDNow V300 Series
    PSU
    stock
    Case
    stock
    Cooling
    stock
    Keyboard
    Logitech K520
    Mouse
    Logitech M310
    Browser
    Fire Fox
    Antivirus
    Eset Smart Security 7
If you get a suspect email, is there a way of analysing the attachment for cryptolocker without getting infected?
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Sony Vaio
    Memory
    4Gb
    Graphics Card(s)
    Onboard
    Antivirus
    AVG
If you get a suspect email, is there a way of analysing the attachment for cryptolocker without getting infected?

How about just summarily deleting .exe attachments? I'm unclear as to how these infections occur. Unless the malware is able to exploit a bug, email programs, browsers, etc shouldn't launch executables automatically, right? So people must be launching them directly from the program or saving them and carelessly running them, right?
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
If you get a suspect email, is there a way of analysing the attachment for cryptolocker without getting infected?

How about just summarily deleting .exe attachments? I'm unclear as to how these infections occur. Unless the malware is able to exploit a bug, email programs, browsers, etc shouldn't launch executables automatically, right? So people must be launching them directly from the program or saving them and carelessly running them, right?

The .exe files are hidden in .zip files or disguised as a .pdf file, but when you click on it, it is an .exe file and too late.
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Sony Vaio
    Memory
    4Gb
    Graphics Card(s)
    Onboard
    Antivirus
    AVG
IMHO, if the suspect email gives you pause, play it safe and delete it ;)
 

My Computer

System One

  • OS
    64-bit Windows 8.1 Pro
    Computer type
    PC/Desktop
    System Manufacturer/Model
    Asus CM5675
    CPU
    IntelCore i5 3.20Ghz
    Motherboard
    Asus CM5675
    Memory
    6.0Gb
    Graphics Card(s)
    Intel HD integtrated
    Sound Card
    SB Audigy
    Monitor(s) Displays
    Samsung 24'
    Screen Resolution
    1900x1080
    Hard Drives
    Segate 1tb
    Intel 120Gb SSD
    Internet Speed
    100mb down /10mb up
I agree but this virus is disguised in legitimate emails from people you know or companies you deal with
 

My Computer

System One

  • OS
    Windows 8.1
    Computer type
    Laptop
    System Manufacturer/Model
    Sony Vaio
    Memory
    4Gb
    Graphics Card(s)
    Onboard
    Antivirus
    AVG
I just cleaned up a client's machine with this. He received an email from his domain but not a valid address (spoofed) which contained a .zip file which he saved and scanned. His AV didn't alert on this variant (it did the next day after definitions were updated). He receives excel files regularly and the icon displayed as an excel file. Of course he had Windows set to hide extensions for known file types, although he probably didn't know what the extension for excel is anyway, so he clicked it. It encrypted ALL of his data. Fortunately he had fairly recent backups and we wiped his machine and reinstalled. These are the tips I gave him among others:

1. Don't open strange attachments. The majority of my clients can't create a .zip file. Do you really think they sent you one? Most servers won't strip pdf or attachments but will strip .exe so it should make you wonder why the pdf attachment was zipped to begin with.

2. Understand that just because the email came from a trusted address it could be forged or they could be infected. Not expecting something or unsure? Pick up a phone or email back asking if they sent it to you and what it is.

3. Turn on file extensions and understand that a file name xyz.pdf.exe is not a pdf it's malware.

Hope this helps. This stuff is easy to remove but so far without paying the ransom you are SOL on your data. Also, if you delete the virus you have almost no chance of getting the data back.
 

My Computer

System One

  • OS
    Win 8.1
    Computer type
    PC/Desktop
Back
Top