Beware: CryptoLocker Virus

Looks to be another nasty one.

A new computer virus is being called one of the strongest and most devastating viruses in history, strikes by literally holding the computer owners hostage, the Inquisitr reported.

The CryptoLocker Virus - which not only has the potential to destroy a computer hard drive, but holds the computer owners data ransom -infects computers through a legitimate-looking email, usually from a reputable company like FedEx or UPS. Once opened, the virus quickly spreads to the computer's hard drive and then offers the user a chance to rid the program for a hefty fee.

Crypto Locker Virus: New Aggressive Computer Virus Demands Ransom : News : University Herald

 

[dakeb]

Make sure you format the hdd when you wipe it, the virus hides in the restore partition.

 

[dakeb]

Never ever be stupid enough to pay the ransom. If you do you are as bad as the criminals, you are financially backing their next venture. And you deserve it when they don't decrypt your files.

 

[crawfish]

If you get a suspect email, is there a way of analysing the attachment for cryptolocker without getting infected?

How about just summarily deleting .exe attachments? I'm unclear as to how these infections occur. Unless the malware is able to exploit a bug, email programs, browsers, etc shouldn't launch executables automatically, right? So people must be launching them directly from the program or saving them and carelessly running them, right?

The .exe files are hidden in .zip files or disguised as a .pdf file, but when you click on it, it is an .exe file and too late.

Yes, I understand that. So then, it's like I said, and people must be launching them directly from the program (disguised .pdf files) or saving them and carelessly running them, right?

I guess I've never been fooled by anything like this because (a) Turning on file extensions is one of the first things I do in my 30-step plan for installing Windows, (b) I never launch anything directly from a browser, (c) I always scan stuff I download, and (d) I only download from trusted sources. I've only ever run on-demand virus scans, and I've never had a virus or malware in 20 years of using the Internet. I'm surprised the .pdf.exe files are still a problem; that's something they were doing 10 years ago, and I thought it was a thing of the past.

 

[pbcopter]

Cryptolocker: How to avoid getting infected and what to do if you are - Computerworld

This tool will only work on versions with Group Policy

CryptoPrevent

A Guy

According to their web site, CryptoPrevent works with all versions of Windows.

"CryptoPrevent seeks to alleviate these issues in allowing protection on ALL Windows OSes...."

 

[A Guy]

Hadn't tested that, since it uses GP, it may have been assumed. Perhaps it just changes the registry as GP would, rather then use GP. A Guy

 

[pbcopter]

Perhaps it just changes the registry as GP would, rather then use GP. A Guy

I believe that is what it does.

 

[A Guy]

Perhaps it just changes the registry as GP would, rather then use GP. A Guy

I believe that is what it does.

:thumb:

A Guy

 

[vram]

How much damage can this thing do to a domain connected PC running a restricted account profile in XP? I'm going to assume it will encrypt all files within the user profile and whatever network shares it has permission to access? Upon infection, would it be safe to delete the user profile, delete all restore points and create a new profile?

 

[dakeb]

I believe it only accesses mapped network drives. When infected format the hard drive, it hides in the restore areas.

 

[vram]

I believe it only accesses mapped network drives. When infected format the hard drive, it hides in the restore areas.

Not according to the first post of this thread:

A new computer virus is being called one of the strongest and most devastating viruses in history, strikes by literally holding the computer owners hostage, the Inquisitr reported.

The CryptoLocker Virus - which not only has the potential to destroy a computer hard drive, but holds the computer owners data ransom -infects computers through a legitimate-looking email, usually from a reputable company like FedEx or UPS. Once opened, the virus quickly spreads to the computer's hard drive and then offers the user a chance to rid the program for a hefty fee.

 

[dakeb]

Yes it infects local drives too

 

[cyberSAR]

How much damage can this thing do to a domain connected PC running a restricted account profile in XP? I'm going to assume it will encrypt all files within the user profile and whatever network shares it has permission to access? Upon infection, would it be safe to delete the user profile, delete all restore points and create a new profile?

The machine I cleaned up was networked but didn't have drives mapped. It infected all of the machine's data files but nothing on the networked machine. My client was very agreeable to a fresh install so I didn't do much in the way of trying to clean his machine. Although I read that Security Esssentials was detecting the malware a week or two earlier it didn't pick up this variant until a day or two after he was infected. Verified by downloading to one of our test machines.

 

[vram]

How much damage can this thing do to a domain connected PC running a restricted account profile in XP? I'm going to assume it will encrypt all files within the user profile and whatever network shares it has permission to access? Upon infection, would it be safe to delete the user profile, delete all restore points and create a new profile?

The machine I cleaned up was networked but didn't have drives mapped. It infected all of the machine's data files but nothing on the networked machine. My client was very agreeable to a fresh install so I didn't do much in the way of trying to clean his machine. Although I read that Security Esssentials was detecting the malware a week or two earlier it didn't pick up this variant until a day or two after he was infected. Verified by downloading to one of our test machines.

I would be very interested to know if it can "break out" of a profile that doesn't have admin privileges and infect the rest of the computer.

 

[dakeb]

It can only infect to the extent of the infected user rights

 

[DavidY]

... but if the user has rights to change a file or document, it can encrypt those files, which means it can cause a lot of damage.

 

[vram]

... but if the user has rights to change a file or document, it can encrypt those files, which means it can cause a lot of damage.

This would = a very crappy day at my workplace. I'm very tempted to install cryptoprotect on all the machines @ work. Do AV vendors have this menace in their defs yet?

 

[Cr00zng]

Just a question, no political overtone is intended...

Since the NSA, FBI, CIA, etc., monitor internet traffic, shouldn't they be able to eradicate this and other type of malware once it has been identified? If they can tap world leaders cell phones for years, identifying the hackers seems like an easier task.

After all, the US government does have a cyber security initiative and one of its tenet is "Collaborate and share your knowledge". While the initiative is intended to protect the government and critical infrastructure from cyber warfare, the public perception of the US intelligence services would be different, if they'd utilize their monitoring to protect people from malware. I for one would applaud, if they'd do, and may not view them as critically as I do now...

 

[vram]

Just a question, no political overtone is intended...

Since the NSA, FBI, CIA, etc., monitor internet traffic, shouldn't they be able to eradicate this and other type of malware once it has been identified? If they can tap world leaders cell phones for years, identifying the hackers seems like an easier task.

After all, the US government does have a cyber security initiative and one of its tenet is "Collaborate and share your knowledge". While the initiative is intended to protect the government and critical infrastructure from cyber warfare, the public perception of the US intelligence services would be different, if they'd utilize their monitoring to protect people from malware. I for one would applaud, if they'd do, and may not view them as critically as I do now...

I've always thought it would be a good idea to implement some sort of backbone malware filtering, so as long as its operated by a non-government/politically motivated organization, with clear rules from the outset prohibiting it from intentional filtering of non-malicious content.

Has anyone tested Sandboxie to see if this thing can break out of its sandbox?

Sandboxie - Sandbox software for application isolation and secure Web browsing

 

[A Guy]

CryptoLocker developer launches Decryption websie; 10 Bitcoins for Decryption Keys

There's an extraordinary malware making rock-n-roll over the Internet and if you are one of the unlucky folks to cross its path, then it could make your computer unusable and you have to pay a few hundred Dollars to retrieve your important data back.

We have warned our readers in many previous articles about a nasty piece of Ransomware malware called 'CryptoLocker', which is targeting computers running the Microsoft Windows operating system.

The CryptoLocker Ransomware encrypts the files on a victim’s computer and issues an ultimatum - Pay up or lose your data. Users who are getting infected with CryptoLocker can see a message informing them that their computer is locked up and their files encrypted. It then asks them to make a ransom payment, which typically ranges between $100 and $700 or 2 Bitcoins, to get their files back.

Source

A Guy

 

[DavidY]

They'll be opening up a Customer Services helpline next! :shock: