Cryptolocker .... not good all

Cryptolocker .... not good all

PostBy: Richard S. On: Wed Oct 30, 2013 6:56 am

http://www.computerworld.com/s/article/ ... f_you_are_

When it finds a file matching that extension, it encrypts the file using a public key and then makes a record of the file in the Windows registry under HKEY_CURRENT_USER\Software\CryptoLocker\Files. It then prompts the user that his or her files have been encrypted and that he or she must use prepaid cards or Bitcoin to send hundreds of dollars to the author of the malware.

Once the payment has been made, the decryption usually begins. There is typically a four-day time limit on the payment option; the malware's author claims the private key required to decrypt files will be deleted if the ransom is not received in time. If the private key is deleted, your files will essentially never be able to be decrypted -- you could attempt to brute force the key, but as a practical matter, that would take on the order or thousands of years. Effectively, your files are gone.


I've been meaning to put backups on BR just as extra backup and after considering this it's now a necessity. If you get this and don't have isolated backup files it's either pay or lose your data. I've seen some pretty nasty stuff before but this is nasty as it gets because there is no fix other than paying and if something happens like the guy gets arrested or decides to shut it down with a whole bunch of people waiting for keys....
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Cryptolocker .... not good all

PostBy: Lightning On: Wed Oct 30, 2013 7:49 am

That is absolutely despicable. People who do that should be put away for a long time. They have no benefit to society. Leeches :mad:
Lightning
 
Hand Fed Coal Furnace: Clayton 1537G
Coal Size/Type: Nut/Stove Size Mix

Re: Cryptolocker .... not good all

PostBy: waldo lemieux On: Wed Oct 30, 2013 7:57 am

:shock: Has this guy been messin with the govt healthcare site? Seriously though is there any thing we can do to help avoid this thing? :?
waldo lemieux
 
Stove/Furnace Make: efm
Stove/Furnace Model: s-20


Re: Cryptolocker .... not good all

PostBy: Richard S. On: Wed Oct 30, 2013 12:06 pm

The article indicates it comes as email attachment and they are just adding a .pdf extension onto an .exe which makes it look like a .pdf. However working with a good .exe it is failing to execute on my computer.

In any event never open an attachment from someone you don't know and make sure it doesn't have some funky extension like somefile.exe.pdf .There is option in windows to "hide know file types", that should be unchecked and is one of the first things I do with new install.

Backups are always important but this is a prime example of how backups can become corrupted. Making a copy of your files is not necessarily a backup, suppose you have a word document you spent 3 years writing and accidentally delete half of it and don't notice. You have your backup on the other drive right? What happens if you backup the file on your computer and overwrite the backup on your other drive with the corrupted copy? Now your toast becsue both the original file and the backup are corrupted.With this malware just connecting the drive to the computer and you can be screwed.

I was never a fan of backing up to optical media unless it was a backup to the backup but in this case it's going to save your ass because once written the data can no longer be influenced.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Cryptolocker .... not good all

PostBy: jpete On: Thu Nov 28, 2013 11:28 pm

Lightning wrote:That is absolutely despicable. People who do that should be put away for a long time. They have no benefit to society. Leeches :mad:


Who's going to do it? :rofl:

http://www.bostonglobe.com/metro/2013/1 ... story.html

Swansea police say they were forced to pay $750 in ransom earlier this month to hackers after a virus locked all of their computer files.

The Police Department noticed a problem opening their files on Nov. 6. After opening an e-mail attachment from what looked like a trusted source, a window popped up on the screen saying all the computer’s files were encrypted, said Lieutenant Gregory Ryan.

The virus, called CryptoLocker, has been attacking computers since late September or early October, a computer specialist told Ryan.
jpete
 
Hand Fed Coal Stove: Harman Mk II
Coal Size/Type: Stove, Nut, Pea
Other Heating: Dino juice

Re: Cryptolocker .... not good all

PostBy: dcrane On: Fri Nov 29, 2013 5:10 am

jpete wrote:
Lightning wrote:That is absolutely despicable. People who do that should be put away for a long time. They have no benefit to society. Leeches :mad:


Who's going to do it? :rofl:

http://www.bostonglobe.com/metro/2013/1 ... story.html

Swansea police say they were forced to pay $750 in ransom earlier this month to hackers after a virus locked all of their computer files.

The Police Department noticed a problem opening their files on Nov. 6. After opening an e-mail attachment from what looked like a trusted source, a window popped up on the screen saying all the computer’s files were encrypted, said Lieutenant Gregory Ryan.

The virus, called CryptoLocker, has been attacking computers since late September or early October, a computer specialist told Ryan.


yeaaa... you know when the police and fbi decide they have no choice but to pay the ransom your screwed :cry:
The problem is these people are probably overseas... so getting them is not going to happen anytime soon... stuff like this has been around years cryptolocker is only the most recent advent. most likely very computer smart coder kids.
Last edited by dcrane on Fri Nov 29, 2013 9:23 am, edited 1 time in total.
dcrane
 
Hand Fed Coal Stove: Crane 404

Re: Cryptolocker .... not good all

PostBy: Freddy On: Fri Nov 29, 2013 7:55 am

Geeze, gosh, what has happened to "We never pay ransom"? By paying these thugs we just give them money to have time to build better (worse) ways to steal from the innocent. Once they learn we will pay $100, next time (and there WILL be a next time) it will be $1,000. They will quickly figure out that 4 out of 10 cannot afford $1,000, but, six times $1,000 is way better than ten times $100. You think they care about our files??

We have known from day one that at any moment for 100 different reasons we can lose our information. That's why we back up. If I got hit with this type of thing The last thing I would do is pay the suckers!!!!
Freddy
 
Stoker Coal Boiler: Axeman Anderson 130 (pea)
Hot Air Coal Stoker Stove: Reading piece o' junk in the barn (rice)
Coal Size/Type: Pea size, Superior, deep mined

Re: Cryptolocker .... not good all

PostBy: Wood'nCoal On: Fri Nov 29, 2013 9:40 am

Oh great...
Does this pertain to Apple computers as well?
I have a Carbonite subscription, in the event I'm thinking I would be OK...or not? :?
Wood'nCoal
 
Stoker Coal Boiler: 1959 EFM 350
Hand Fed Coal Stove: Harman Magnafire Mark I
Coal Size/Type: Rice and Chestnut
Other Heating: Fisher Fireplace Insert

Re: Cryptolocker .... not good all

PostBy: jpete On: Fri Nov 29, 2013 10:54 am

I would imagine Apple is immune to this sort of thing since it is targeting the Windows registry but I'm not familiar enough with Apple products to know if a similar attack could be launched.
jpete
 
Hand Fed Coal Stove: Harman Mk II
Coal Size/Type: Stove, Nut, Pea
Other Heating: Dino juice

Re: Cryptolocker .... not good all

PostBy: Richard S. On: Fri Nov 29, 2013 11:17 am

Freddy wrote:Geeze, gosh, what has happened to "We never pay ransom"?


Suppose Fred every copy of the database for this site was encrypted, pay the $100 or watch nearly 10 years of history go down the tubes?

That's why we back up.


Depends on your backup method but a lot of people use external drive which is just as vulnerable and depending on you backup method if your replacing modified files (which is not really a backup) you could be overwriting good files with corrupted ones. The only thing this won;t affect is a network connected drive or copies on optical media like DVD....

The above scenario with the forum database wouldn't happen becsue I have multiple copies at different locations.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Cryptolocker .... not good all

PostBy: Freddy On: Fri Nov 29, 2013 2:42 pm

Richard S. wrote: Suppose Fred every copy of the database for this site was encrypted, pay the $100 or watch nearly 10 years of history go down the tubes?


That can make for a long debate.... What happens if the virus doesn't stop when the $100 is paid. Perhaps they didn't just encrypt & un-encrypt. Perhaps they left a file that locks the computer every 2 or three weeks.... and each time it goes up by $100. There comes a point that we DO lose 10 years... these thieves don't give a crap! I'm just saying that it's bad policy to pay criminals hoping that they have honor.... there is no honor with a thief. Given the chance they will hold more people ransom & by paying them it increases the likelihood that they can. These thugs are animals. Every animal comes back to where the water was easy to get. All we can do is back up the best we can & when the crap hits the fan make a decision at that time. Maybe it's a personal thing, I don't know. I do know that it'll be a chilly day for Satan when I pay ransom.
Freddy
 
Stoker Coal Boiler: Axeman Anderson 130 (pea)
Hot Air Coal Stoker Stove: Reading piece o' junk in the barn (rice)
Coal Size/Type: Pea size, Superior, deep mined

Re: Cryptolocker .... not good all

PostBy: Richard S. On: Fri Nov 29, 2013 6:21 pm

Freddy wrote: Maybe it's a personal thing, I don't know. I do know that it'll be a chilly day for Satan when I pay ransom.


I understand you position Fred and somewhat agree but on the other hand all of Junior's baby pictures may be lost, maybe evidence for a murderer etc.... The key here is to prevent this from happening and if this gets prevalent people are going to learn really quick the value of having proper backups.
Richard S.
 
Stoker Coal Boiler: Van Wert VA1200
Coal Size/Type: Buckwheat/Anthracite

Re: Cryptolocker .... not good all

PostBy: Wood'nCoal On: Fri Nov 29, 2013 9:18 pm

I just realized that even with Carbonite it can happen, since the backup is automatic, it will backup the encrypted files. :mad:
Wood'nCoal
 
Stoker Coal Boiler: 1959 EFM 350
Hand Fed Coal Stove: Harman Magnafire Mark I
Coal Size/Type: Rice and Chestnut
Other Heating: Fisher Fireplace Insert

Re: Cryptolocker .... not good all

PostBy: jpete On: Sat Nov 30, 2013 12:48 am

Richard S. wrote:
Freddy wrote: Maybe it's a personal thing, I don't know. I do know that it'll be a chilly day for Satan when I pay ransom.


I understand you position Fred and somewhat agree but on the other hand all of Junior's baby pictures may be lost, maybe evidence for a murderer etc.... The key here is to prevent this from happening and if this gets prevalent people are going to learn really quick the value of having proper backups.


I have an LG network storage drive with a DVD burner but I have to admit, I haven't a clue how to make hard copies even though thats part of the reason I bought it.

The only thing I'd really lose is all my pictures and all my music which isn't quite as bad as the pictures.
jpete
 
Hand Fed Coal Stove: Harman Mk II
Coal Size/Type: Stove, Nut, Pea
Other Heating: Dino juice

Re: Cryptolocker .... not good all

PostBy: Carbon12 On: Wed Feb 12, 2014 5:17 pm

My 3 year old iMac was recalled. They have had a higher than acceptable rate of failure in the hard drives that came with them and will replace the drive for free. You have to take the computer to an Apple store and leave it. They will not transfer any data, only reinstall operating system, if you have the disc. I bought a 1 Tb external hard drive to back up the drive on the computer. Never got around to taking the computer in. Figure, I'll just wait until it fails, or until I get a new computer. I HAD to buy the external drive. Apple didn't give me any choice. Thieving south ends of north bound mules! :mad:
Carbon12
 
Stoker Coal Boiler: Keystoker KA-6
Coal Size/Type: Rice/Anthracite
Other Heating: Heat Pump/Forced Hot Air Oil Furnace