General Discussions

It has been recently on the news. There is the Gameover Zeus and Cryptolocker viruses out now that seem to be hitting up alot of users around the world. Give or take 15k and probably more in the UK have had them.

I advise everyone to watch what they are downloading keep your programs up to date and also make sure your sercurity is up to date and checking each day!


www.getsafeonline.org/nca

[Edited by Toki, 6/8/2014 2:53:00 AM]

It has been around for awhile now. Enterprises are at most risk (especially ones that never do data backups like they're supposed to).

Here's some entertaining literature to give you an idea of the true destructive power of Cryptolocker

Link

Oh yeah before I forget. They key word to defense here is backups. Do these regularly. They are a formidable tool against randsomware as you cannot be held for extortion when your data is safe. Assuming your protections, no matter how hardened they are, will save you 100% of the time is a very bad assumption to make.

[Edited by Neo7, 6/8/2014 2:33:17 AM]

I remember my father had a form of it where it would not allow him to do anything it just constantly went to this screen telling him he needed to call a number. I just safe loaded it and removed the malware.

That doesn't sound like CryptoLocker at all. That malware begins an exhaustive scan of every directory that you have read/write access to (including network shares you have access to) and begins encrypting each file with the RSA algorithm set to a 2048 key (read: you're not going to brute force this in many lifetimes) then promptly deleting the original and replacing it with the encrypted version effectively rendering it impossible to open.

The private key the malware generates will be stored on the attacker's database and will generate the extortion screen demanding payment for them to release the private key (along with a tool) for you to decrypt everything back to the way it was (allegedly this decryption they give back actually does work which is good for the attacker as it does establish some trust in that they keep their word after payment and allow for others to cave in more easily).

In short, there's really no reason to not take a nuke from orbit approach in removing this malware. If you did not backup your data, it's effectively gone if you don't pay up the ransom. This does get rid of the malware but at a considerable amount of collateral damage (or lot of time wasted if you do have a backup).

[Edited by Neo7, 6/8/2014 2:48:36 AM]

Yep, I recognized the name CryptoLocker as soon as I saw it. I was attacked by CryptoLocker several months ago (within the past year, I believe), and I didn't back any of my files up, so I lost a lot of files on my computer. Some of it was replaceable; had to uninstall and re-download League of Legends for it to work again. Other files, such as essays, lab reports, programming assignments, that stuff was gone for good. It only targets files with certain extensions, so probably not everything on your computer will be lost, as was the case for me, but chances are if it's work-related, it's probably gone.

Yeah am having to back up 3 systems lol Am tired already. Had to fix the ol mans lappy to......... Some of the windows files corruptted. I should be paid for this! £7 n hour.

Thank you to your advise !