Beware: CryptoLocker Virus

Looks to be another nasty one.

A new computer virus is being called one of the strongest and most devastating viruses in history, strikes by literally holding the computer owners hostage, the Inquisitr reported.

The CryptoLocker Virus - which not only has the potential to destroy a computer hard drive, but holds the computer owners data ransom -infects computers through a legitimate-looking email, usually from a reputable company like FedEx or UPS. Once opened, the virus quickly spreads to the computer's hard drive and then offers the user a chance to rid the program for a hefty fee.

Crypto Locker Virus: New Aggressive Computer Virus Demands Ransom : News : University Herald

 

[XweAponX]

Looks to be another nasty one.

A new computer virus is being called one of the strongest and most devastating viruses in history, strikes by literally holding the computer owners hostage, the Inquisitr reported.

The CryptoLocker Virus - which not only has the potential to destroy a computer hard drive, but holds the computer owners data ransom -infects computers through a legitimate-looking email, usually from a reputable company like FedEx or UPS. Once opened, the virus quickly spreads to the computer's hard drive and then offers the user a chance to rid the program for a hefty fee.

Crypto Locker Virus: New Aggressive Computer Virus Demands Ransom : News : University Herald

HA! Now THAT is the way to design a Virus. Not just to be destructive, like Sirefef, but to literally hold your data hostage for a PRICE.

This is a step beyond the regular destructive tactics used. But I doubt if PAYING these guys will actually rid your system of it.

I'll have to see if a fix for this has been thought up, it would have to run from an external disk.

 

[crawfish]

This is a step beyond the regular destructive tactics used. But I doubt if PAYING these guys will actually rid your system of it.

Au contraire! Assuming they can collect the money, it's in their interest to provide good service.

 

[rdwray]

My understanding is that Cryptolocker is designed to run from %AppData% and blocking all executablesshould prevent it from running. The suggestion (Link) is to use gpedit and add:

Local Computer Policy > Windows Settings > Security Settings > Software Restriction Policies > Additional Rules and add the following:

Path: %AppData%\*.exe
Security Level: Disallowed

Path: %AppData%\*\*.exe
Security Level: Disallowed

The problem I ran into is that in Windows 8; maybe others; %AppData%\*.exe does not block executables from running in that folder; I had to use %UserProfile%\*.exe. Would someone please enlighten me on what is correct? thanks....

 

[mikeytg]

This is a step beyond the regular destructive tactics used. But I doubt if PAYING these guys will actually rid your system of it.

Au contraire! Assuming they can collect the money, it's in their interest to provide good service.

They may reverse their encryption of your data, but how can you be sure they don't still have a hook into your system? The thing could reappear in a month or a year and demand money all over again. The only way out would be to copy and scrub your data to a backup and restore your system from scratch. Carefully.

 

[rdwray]

What I don't understand is that MS created the encryption that is being used and MS can't block it - give me a break!!!!!

 

[waltc]

What I don't understand is that MS created the encryption that is being used and MS can't block it - give me a break!!!!!

Heh... that's only because you don't understand what encryption is, evidently...

At any rate, I just read two articles in the Microsoft database that state that Malware definitions against Crypto Locker have been resident in both MSE (XP & Vista & W7) and MSE Defender in Win8/8.1 since October. I feel somewhat mollified.

 

[rdwray]

What I don't understand is that MS created the encryption that is being used and MS can't block it - give me a break!!!!!

Heh... that's only because you don't understand what encryption is, evidently...

At any rate, I just read two articles in the Microsoft database that state that Malware definitions against Crypto Locker have been resident in both MSE (XP & Vista & W7) and MSE Defender in Win8/8.1 since October. I feel somewhat mollified.

I know what encryption is and your "mollified" statement says the whole thing - it is embedded in MS's OS and Crypto Locker simply picked up on it. There is no way that a hacker can be kept out of anything if they want in and spend enough time; ask Target. I will lay you odds that ObamaCare website is under attack now and will not be known until several million ID's have been stolen.

The major problem is companies keep trying to write code to protect and hackers use it against them.

 

[JohnBurns]

Whoever finds the answer becomes a billionaire!

 

[rdwray]

Whoever finds the answer becomes a billionaire!

HEY, I'm working on this... Look out Gates...

 

[waltc]

What I don't understand is that MS created the encryption that is being used and MS can't block it - give me a break!!!!!

Heh... that's only because you don't understand what encryption is, evidently...

At any rate, I just read two articles in the Microsoft database that state that Malware definitions against Crypto Locker have been resident in both MSE (XP & Vista & W7) and MSE Defender in Win8/8.1 since October. I feel somewhat mollified.

I know what encryption is and your "mollified" statement says the whole thing - it is embedded in MS's OS and Crypto Locker simply picked up on it. There is no way that a hacker can be kept out of anything if they want in and spend enough time; ask Target. I will lay you odds that ObamaCare website is under attack now and will not be known until several million ID's have been stolen.

The major problem is companies keep trying to write code to protect and hackers use it against them.

My point is that if you knew what encryption was you'd understand that, once used, it's deliberately designed to be impossible to crack without a key. Hackers are absolutely the smallest population using encryption these days--anyone can use it to protect his data. It makes as much sense to blame Microsoft for hackers as it does to blame architects for bank robberies... The fault is in the criminal, I'm sure you would agree. The problem is hackers, period. If not for hackers, companies would not have to write defensive code at all. In the beginning, back in the DOS/Win3.1 days, there was very little if any defensive code written--it was all 100% functional. The virus creators had a field day! Windows today is an order of magnitude more difficult to hack than it was then. Honestly, I'm not sure what your point is...

 

[rdwray]

Leaving out the quotes:

How is code breaking done? The military has the ability to break any code that can be contrived via their super computers and they have proven it. MS has to know the length of the key, and by knowing that, they have the initiating force to break the encryption. If every virus sent out has a different key, (in this case 2 keys per infection) they need to put a little more effort into it. If this was a case of a national security problem by terrorists, there would be not stopping the effort to get rid of the virus.

To stop the use of this encryption, they need to reorganize the operating system in some manner that the new encryption cannot enter the system. My point is, the problem was created, fix it; we pay money for this stuff and reap the problems that they create.

 

[jimbo45]

Leaving out the quotes:

How is code breaking done? The military has the ability to break any code that can be contrived via their super computers and they have proven it. MS has to know the length of the key, and by knowing that, they have the initiating force to break the encryption. If every virus sent out has a different key, (in this case 2 keys per infection) they need to put a little more effort into it. If this was a case of a national security problem by terrorists, there would be not stopping the effort to get rid of the virus.

To stop the use of this encryption, they need to reorganize the operating system in some manner that the new encryption cannot enter the system. My point is, the problem was created, fix it; we pay money for this stuff and reap the problems that they create.

Hi there
there are only TWO ways to ensure your encryption cannot be broken one LOW tech solution and the second relies on hardware that is still largely in the theoretical stage.

The LOW tech way to do it is to use a ONE TIME PAD ( note to younger readers - this is does not mean a used iPAD !!).

One-time pad - Wikipedia, the free encyclopedia

The other way that will render encryption largely irrelevant is via the use of Quantum computers -- these process ALL STATES simultaneously so no matter what the complexity of the code a quantum computer using brute force would crack it easily -- note ALL combinations are processed "in one go" unlike a "classical computer" that would have to try combinations essentially sequentially.

Rendering encryption useless will cause a huge adjustment in Human social interaction since almost nothing could be hidden - with the exception of the one time pads.

It's actually quite amazing how in loads of situations relatively low tech can defeat the billons of dollars spent by governments and corporations around the world on espionage and surveillance equipment and methodology. !!!

Happy new year anyone

Cheers
jimbo

 

[rdwray]

Leaving out the quotes:

Hi there
there are only TWO ways to ensure your encryption cannot be broken one LOW tech solution and the second relies on hardware that is still largely in the theoretical stage.

The LOW tech way to do it is to use a ONE TIME PAD ( note to younger readers - this is does not mean a used iPAD !!).

One-time pad - Wikipedia, the free encyclopedia

The other way that will render encryption largely irrelevant is via the use of Quantum computers -- these process ALL STATES simultaneously so no matter what the complexity of the code a quantum computer using brute force would crack it easily -- note ALL combinations are processed "in one go" unlike a "classical computer" that would have to try combinations essentially sequentially.

Rendering encryption useless will cause a huge adjustment in Human social interaction since almost nothing could be hidden - with the exception of the one time pads.

It's actually quite amazing how in loads of situations relatively low tech can defeat the billons of dollars spent by governments and corporations around the world on espionage and surveillance equipment and methodology. !!!

Happy new year anyone

Cheers
jimbo

Interesting article. The point I was trying to make is that the code being used in this virus is known and should be breakable. I am sure that the length of the keys are long and would take a lot of iterations to make it happen.

If the hackers are producing random keys at the destination, then it would be useless to break any single instance because no two would be of the same variety. According to the hackers, they can restore the files, so they must have a "standard" key feeding the second key since it would be virtually impossible to have a key for every infected PC since they don't know which ones are infected. Oh come on, I know a hacker wouldn't lie and just take your money...

 

[JohnBurns]

I have installed CryptoPrevent and HitmanPro Alert, both which indicate they STOP CryptoLocker. Some members at Wilder's Security Forum seems to think they can. Would like to get feedback from this forum.

I found info which seems to indicate they may or may not be effective.

Neither product can offer you 100% protection from all variants of Cryptolocker since malware will change to avoid detection methods.
CryptoLocker requires Admin rights in order to be successful, so running your system on a Limited User account will probably offer better protection than what any security product can offer.

I also backup my entire system weekly or more often to an external disk with Macrium Reflect - this is my "just in case" action.

 

[Coke Robot]

Cryptolocker infects cop PC: Massachusetts plod fork out Bitcoin ransom ? The Register
This needs to be posted. This article I was reading a month ago was about a cop in Massachusetts who got infected with the cryptolocker virus and not even the FBI could decrypt the drive and so they had to pay the ransom of two Bitcoins (at the time of the article that was like 2,000+ US dollars).

I have to say, this is utterly brilliant in terms of ransomware. I'm surprised no one thought of doing this many years ago.

Having said that, it is quite scary as even the FBI couldn't undo the encryption in time.

 

[rdwray]

Back up your data offline.... Back up your data offline....

Those back up sites are not safe either. I personally keep 3 HDD; one I use online; one in a networked backup PC that does not accept data from the internet and the last one is in a drawer. I remember in the past having my HDD root infected and the only way to fix that is a low-level format. HDD are cheap, cheap, cheap....

 

[TechnoMage]

I have a neighbor lady, who is just a wonderful lady, mother and grandmother, but I know more about a nuclear reactor than she does about running a computer. So stuff happens! In spite of all the protection software I've installed on her PC and the sheets of instructions I've given her on how to update and run scans with her Security Software, she recently picked up a bug, that really screwed up her Windows 7.

So after doing a Verification on the Latest Ghost Backup that I did on that PC, I reformatted her C: partition and Restored that latest Ghost backup. Total time....... less than an hour and she was back up and running normally again.
Then I took another hour to bring all her software up to date and then I made another Ghost Backup.

Since CD/DVD drives are so easily messed up, (in a years time, I replace more DVD drives than any other computer part) I run Ghost from a Bootable Flash Drive. And a Flash Drive boots quicker too.

So your best backup is the one you can lay your hands on, in just a few moments, even when your computer is not running.... not off in a cloud somewhere.

Happy New Year!
TechnoMage

 

[Coke Robot]

I actually know of a girl that got hit with the cryptolocker virus. I was told by a friend who goes to college with her and she said that she was freaking out and went to the not so best buy to see if they can fix it. Obviously not.

It's so strange, I live in a smallish area and this stuff can happen, it's crazy.

 

[ectech]

We recently came across a CryptoLocker variant that had one notable feature—it has propagation routines.

Analysis of the malware, detected as WORM_CRILOCK.A, shows that this malware can spread via removable drives. This update is considered significant because this routine was unheard of in other CRILOCK variants. The addition of propagation routines means that the malware can easily spread, unlike other known CRILOCK variants.
Aside from its propagation technique, the new malware bears numerous differences from known CryptoLocker variants. Rather than relying on a downloader malware—often UPATRE— to infect systems, this malware pretends to be an activator for various software such as Adobe Photoshop and Microsoft Office in peer-to-peer (P2P) file sharing sites. Uploading the malware in P2P sites allows bad guys to easily infect systems without the need to create (and send) spammed messages.

Here is the full blog post.. New CryptoLocker Spreads Via Removable Drives | Security Intelligence Blog | Trend Micro

 

[Allison]

CryptoLocker's nightmarish. I always back up my most vital files, to which people wonder why I keep multiple copies of my stuff on several different computers as well as flashdrives and burned discs. I'm pretty careful, I don't download files that end in .exe except from reputable sources- any music, picture or document that ends in .exe is not what it seems but unfortunately many people just hit permissions through.

Also I don't download .zips or open message attachments from people I don't know and I don't follow the links either. People have to use the same common sense they do in the real world on the internet. But at the same time, I hope they find and nail the authors/creators of this and make an example out of them. It's odd that no one has been able to track down those responsible- I mean they took a police department and the FBI for a ride, and just nothing. But greed will probably be the Achilles heel in this operation- unlike a purely destructive attack- the whole point of ransomware is a payday and things that are untraceable now aren't going to remain so. The flow of Bitcoins for example, will be a testament to how greedy the developers are. If they're as canny as they were in their creation of the virus, they will stop at some point to prevent detection.

But the very fact they are asking such a steep price from every victim means their money induced haze will probably overpower common sense.