CryptoLocker Malware Offers Victims 'Second Chance' to Pay Ransom

Status
Not open for further replies.

seshysama

Honorable
Oct 30, 2013
4
0
10,510
This has become an increasing problem for our IT office. I've spoken with Symantec on it, and they say that Cryptolocker WILL NOT SPREAD THROUGH A NETWORK. it will encrypt every file the infected computer has access to, which includes network drives, so it WILL mess up shared server files, but it can't spread. (as per Symantec)
 

nevilence

Honorable
May 8, 2012
50
0
10,590
Wow I didnt even know this kind of malware existed, luckily I have always been anal about having antivirus on my PCs.
 

glasssplinter

Distinguished
Feb 22, 2006
54
0
18,580
With everything the NSA tracks and whatever why are things like this not stopped? You would think that they would have a credit card and could enter the information in and see who picks it up on the other end. Chances are though this is probably made by the NSA to pad their coffers. Pretty nasty infection though, wonder what it will be like to tell your customer that you can't recover any of their data.
 

jimmysmitty

Distinguished
Oct 5, 2007
551
0
19,010


It will not spread but it is nasty. We have dealt with it for two customer, one of them twice.

Had to restore their entire public share server (50-150GB) twice.

The best way to stop it is to block .exe and .zip attachments as it normally sends as a .zip and will be form_xxx.pdf.exe in the .zip folder.
 

heero yuy

Distinguished
Jul 25, 2010
41
0
18,580
and why does stuff like this work? because windows lets anything run without asking the user
and an admin account has access to every file on the computer (and I think normal accounts do as well :/)
if all my games were on Linux I would be using that right now but unfortunately they are not (but steam os and stuff might change that :D)
 

littleleo

Distinguished
May 8, 2009
62
0
18,610
Why can't the feds track the payment info and bust the criminals? They are a growing problem for all countries perhaps Interpol can track and arrest these criminals.
 

koga73

Distinguished
Jan 23, 2008
183
0
18,630
I have UAC in windows turned all the way up to prompt for credentials before allowing admin rights so I'm covered. No A/V just common sense and strong passwords.
 

pcichico

Honorable
Nov 22, 2012
2
0
10,510
I run a small computer store and we do on average $8500/month in computer repair which is mostly virus removal. Last week a customer brought their machine in with crytolocker and I figured its just like all the other fake av programs claiming doom and gloom. Pretty suprised to see something that was actually doing what it said. In 13 years of running this business this is the first time I've seen a virus/malware that actually lead to data loss. The timer had already run out when the dude brought it in. Had a ton of word docs and pdfs all toast. Pretty slick too how most cloud backups are worthless against it. Since the files aren't erased but slightly altered the cloud service sees it as a change and replaces the files with the "updated" ones. Best defense is something like Acronis that has weeks worth of incremental backups to choose from. Made me rethink the cloud backup service we provide to our own customers. Should be called the walking dead virus. Files still there but nobodies home.
 

virtualban

Distinguished
Feb 16, 2007
625
0
18,930
And cops and lawyers go after file sharers and can't get real internet criminals? Like, really?!
What are they being paid for?
While lawyers are being paid by the interested party, the the rest law system is being paid by taxpayers, so, judges should throw senseless cases out, and take this kind of cases in. Same going for law enforcement.
 

Vorador2

Distinguished
Jun 26, 2007
108
0
18,630
We haven't got any infection here, but i've taken measures. Blocking the running of .exe in %appdata% and %appdata%\*\* is usually enough.

It spreads trough emails attachments, so if your anti-spam blocks them you should be fine.
 

techguy911

Distinguished
Jun 8, 2007
251
0
18,940
While having an AV does help for older version the new version will bypass most AV's out there heard some people with kaspersky 2014 get infected but it catches it after it gets infected.
Also they use anon payment methods making it a nightmare to track them down.

The best protection would be CryptoPrevent by security consulting company Foolish IT it will also stop many other fake av and ransomware/scareware programs.
Also making backups is VERY important most people do not back up their pictures and important data even businesses fail to do any backups.
 
Status
Not open for further replies.