Cryptolocker [DANGER]

Cryptolocker [DANGER]

Postby watkins » Mon Oct 28, 2013 1:24 pm

Dear All,

The following was recently circulated by our IT department.

"Please be *very* vigilant regarding the Cryptolocker ransomware that is currently in circulation. This particular malware, if opened, will silently encrypt files on a Windows PC, and on any network drive that you can write to. It then attempts to extort hundreds of dollars in return for an unlock key. The University IT Services strongly advise that you should *not* pay the ransom (there is no guarantee that these crooks will actually release your files even if you do pay).

At present Cryptolocker’s main vector appears to be e-mail, pretending to be a ‘voice mail’ attachment, but there are also reports of infections spreading via Word or Excel files received by email, or even in shared Dropbox folders. A number of variants have come to light over the last couple of days, and it may adopt further vectors in the next few days. If you believe that you have been affected, please let us know immediately, but please appreciate that we will not be able to recover any files that have been encrypted by Cryptolocker. We may be able to help by restoring files from backups but this may not help with files you have been actively working on. Also backups may be overwritten with encrypted versions of the files if you don’t let us know quickly. If you are managing your own windows based system/laptop please check that your regular backups are completing properly.

Our anti-malware measures have identified and removed dozens of examples of Cryptolocker in the last few days but there is no guarantee that it won't appear in a form that slips through. So please do not open unexpected attachments received by email, particularly if they claim to be voice mail messages from systems you’ve never heard of, or from people you do not know.

You can find out more at e.g. http://en.wikipedia.org/wiki/CryptoLocker"

Also this http://www.youtube.com/watch?v=Gz2kmmsMpMI

Regards,
Bob
1

watkins 
 

Re: Cryptolocker

Postby numerobis » Mon Oct 28, 2013 9:49 pm

thanks!

The most widespread variants of the Cryptolocker malware are detected by Kaspersky products with the following verdicts:

Trojan-Ransom.Win32.Blocker.cfkz, Trojan-Ransom.Win32.Blocker.cmkv, Trojan-Ransom.Win32.Blocker.cggx, Trojan-Ransom.Win32.Blocker.cfow, Trojan-Ransom.Win32.Blocker.cjzj, Trojan-Ransom.Win32.Blocker.cgmz, Trojan-Ransom.Win32.Blocker.cguo, Trojan-Ransom.Win32.Blocker.cfwh, Trojan-Ransom.Win32.Blocker.cllo, Trojan-Ransom.Win32.Blocker.coew."

To manually prevent the infection:

You need to prevent the execution of files from:

%appdata%
%localappdata%
%temp%
%UserProfile%
compressed archive

You can set software restriction policies:
http://technet.microsoft.com/en-us/library...1(v=ws.10).aspx
http://support.microsoft.com/kb/310791


http://forum.kaspersky.com/index.php?s= ... pic=277400
0

numerobis 
 

Re: Cryptolocker [DANGER]

Postby Mike Lucey » Tue Oct 29, 2013 8:16 am

Thanks Bob, made the post a sticky.
0
User avatar
Mike Lucey 
Mayor
 

Re: Cryptolocker [DANGER]

Postby TIG » Tue Oct 29, 2013 11:23 am

Fortunately virus-writers rarely 'support' the MAC OS ;)
0
TIG
User avatar
TIG 
Global Moderator
 

Re: Cryptolocker [DANGER]

Postby Mike Lucey » Tue Oct 29, 2013 2:45 pm

Yep
0
User avatar
Mike Lucey 
Mayor
 

Re: Cryptolocker [DANGER]

Postby watkins » Tue Oct 29, 2013 2:58 pm

The Physics department at Oxford is taking this threat really seriously. Apart from implementing various measures, they also recommending that people consult this guide:

http://www.bleepingcomputer.com/virus-r ... nformation

Hope this helps everyone to understand the threat, and how to avoid being caught out.

The key advice seems to be 'back up all your files', and preferably on removable storage.

Kind regards,
Bob
0

watkins 
 

Re: Cryptolocker [DANGER]

Postby solo » Fri Nov 01, 2013 7:03 pm

0
http://www.solos-art.com

I'm better with polys than words
User avatar
solo 
Global Moderator
 

Re: Cryptolocker [DANGER]

Postby Gareth » Wed Dec 11, 2013 11:44 pm

It happened yesterday to one of the businesses in my building.

He appears to have an inadequate backup system and uses a free version of Antivirus software.

He is now paying the ultimate penalty as he appears to have lost about 80% of his files (and still counting)
0
User avatar
Gareth 
Premium Member
Premium Member
 

Re: Cryptolocker [DANGER]

Postby Rich O Brien » Wed Dec 11, 2013 11:51 pm

Wow! That's pretty crazy.
0
There's a frontroom and a backroom....reverse faces
User avatar
Rich O Brien 
Administrator
 

Re: Cryptolocker [DANGER]

Postby Gareth » Thu Dec 12, 2013 2:03 am

yeh it certainly is Rich

The guy is a Civil Engineer, in his early to mid 30's....a fit and healthy looking bloke, until now.

He is devastated, and looks quite ill.
0
User avatar
Gareth 
Premium Member
Premium Member
 

Re: Cryptolocker [DANGER]

Postby andybot » Thu Dec 12, 2013 2:42 am

More info here:

http://krebsonsecurity.com/2013/11/how- ... ansomware/
http://krebsonsecurity.com/2013/11/cryp ... he-ransom/

As always - remote backups are absolutely critical if you are running a business. Not using Windows can also be helpful :P
0
my blog featuring recent projects
User avatar
andybot 
Premium Member
Premium Member
 

Re: Cryptolocker [DANGER]

Postby solo » Thu Dec 12, 2013 3:12 am

Not using Windows can also be helpful :P


I'm guessing once Apple becomes a real contender with a fair amount of users it will be a target also, right now they do not have enough users to warrant the effort.
0
http://www.solos-art.com

I'm better with polys than words
User avatar
solo 
Global Moderator
 

Re: Cryptolocker [DANGER]

Postby roland joseph » Fri Dec 12, 2014 9:39 am

Our offices and staff have used windows to defend windows (seems simple doesn't it?) for the past 8 years. Since we kicked out the third parties (security experts..lol) there have been no issues at all. There are two groups of people having issues with windows security, people who don't use windows, and people who use it and insist on using products other than those developed by windows to maintain it.
0

roland joseph 
 

Re: Cryptolocker [DANGER]

Postby roland joseph » Fri Dec 19, 2014 2:17 pm

"http://www.bleepingcomputer.com/"

I went there and I would recommend that you stay away from the site. Like many stories of virus devastation this one is really riddled with bull. The site has some focused obsession with malware. If you run into a room full of people trading "torrents" and talking about security it is best to back out of the room.
0

roland joseph 
 

Re: Cryptolocker [DANGER]

Postby roland joseph » Tue Aug 25, 2015 12:31 pm

This forum post is going on three years old now...that's pretty hot... :lol: I guess modeling has become a business for very serious people. No time for frivolity. ;)
0

roland joseph 
 

Re: Cryptolocker [DANGER]

Postby andybot » Tue Aug 25, 2015 12:45 pm

roland joseph wrote:This forum post is going on three years old now...that's pretty hot... :lol: I guess modeling has become a business for very serious people. No time for frivolity. ;)


wait, what's wrong with frivolity? Are you trying to encourage it by posting in an old thread? :mrgreen:
0
my blog featuring recent projects
User avatar
andybot 
Premium Member
Premium Member
 

SketchUcation One-Liner Adverts

by Ad Machine » 5 minutes ago



Ad Machine 
Robot
 



 

Return to Corner Bar

Who is online

Users browsing this forum: No registered users and 1 guest

Visit our sponsors: