Worst Virus demands Bitcoin ransom

[James_AJ]

Aghum.. I have 0.0 BitCoins, good luck Virus :lol:

you either pay or all your files are locked down permanently with encryption. Only the hacker has encryption key that you need to decrypt the files.

[IdeaStormer]

you either pay or all your files are locked down permanently with encryption. Only the hacker has encryption key that you need to decrypt the files.

 

Oooooo, I'm scared. They invented backups for a reason.

[James_AJ]

well, from what I'm seeing here, this just gives one more reason to freaking BACK UP. <3

[RuecanOnRails]

By using Bitcoin, the hacker should be easily* identifiable.

 

Bitcoin is the most transparent and public currency in the world. Every transaction is recorded forever on the public ledger which everyone has access to. If someone were to pay, they could watch, track, and follow transactions from one address to the next until the hacker slips up and is "identified". Whether he makes a mistake by cross-referencing address's known to the public, or tries to spend/exchange the Bitcoins. 

 

I'd also like to point out that these types of malware virus's get released every year it seems. Some mysterious hacker is always trying to hold our files hostage while demanding ransom... Most are fake, or easily fixable and aim to prey upon the non tech savvy. Personally I don't see this becoming a pandemic like the article states. Just another grab at a few extra clicks for a tech journalist.

[Ethnod]

this just shows how shit windows is, this should never be possible.

 

Like we needed more reasons to use Linux

[IdeaStormer]

this just shows how shit windows is, this should never be possible.

 

 

Like we needed more reasons to use Linux

 

It happens on all OS's, maybe not a real lock down like this one but those e-mails that scare people who have no clue to send money for some scary reason that is totally bogus.

[Morpheus]

i use windows myself and no there is no "virus" for ios unless u start jailbreaking the device which is no longer ios at that point, so no there is no viruses for IOS since its a closed system.

and why the fuck are you comparing a mobile OS with a computer OS? 

watch your language 

[James_AJ]

Chill, people

[martinrox1568]

i use windows myself and no there is no "virus" for ios unless u start jailbreaking the device which is no longer ios at that point, so no there is no viruses for IOS since its a closed system.

and why the fuck are you comparing a mobile OS with a computer OS?

LOL. Jail breaking iOS makes it not iOS? Then what is it? Android? Windows phone? Still has the original code of iOS written on it. And what are u talking about? How is this windows fault? This virus can't be stopped without making windows more inconvenient than it already is

[BCMods]

One way to prevent this is to disable execution of *.exe's in the %appdata% folder and white listing any that are required.

This.

Only real way of protecting yourself.

I work for a cloud services provided and we literally had nearly 20 customers in the space of a week who got infected by this.

AV software DOES NOT pick this up until it's too late. Note that when it does pick it up and removes the malware, it is also removing any possibility of you decrypting your files.

This will also attack network attached storage, so long as you have write access.

Also, the encryption is legit, the timer is legit and the random/decryption is legit. Paying the ransom WILL get your files decrypted, not that I'd recommend it.

When I was removing it from a client's PC, I found that it was creating random .exe's with completely garbled names (random num/letter combos). No idea what they did, however I strongly suggest you remove them.

The only source I have found so far, is an executable file attached in an email which had its icon changed to a PDF. An easy mistake to make, make sure you do the above mentioned as well as enabling file extensions in file names to see what you're opening.

[TheMail]

welp, why didnt i think of this... free bitcoins!

[DirkaFat]

That's funny. My dad recently got this virus.

 

 

I reinstalled windows right away. They're not going to be getting my GPU money.

[stevv]

After being downloaded, CryptoLocker installs itself in a user's "Documents and Settings" folder. It then scans the hard drive for a whole host of different file types—from family photographs to Microsoft Word and Adobe Photoshop documents—and encrypts them.

Sounds like a file level encryption.

Wondering if System restore/file versioning can handle it should be able to bring it back.  I'm pretty sure block level backups would be able to handle it... can't find any testing on it though.

 

Anyway... BACKUP UP! In this case, a method that doesn't leave the backup accessible. (online, unplug external, network storage that requires extra authentication every time... etc)

 

 

edit:

This is how it works

 

http://nakedsecurity.sophos.com/2013/10/18/cryptolocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

 

video: note: He had to turn off is anti virus for demo

https://www.youtube.com/watch?v=Gz2kmmsMpMI#t=12

 

[grayperview]

doing a raw data recovery on the effected folder may be a way to recover the data, i have no desire to test this theory though...

[James_AJ]

doing a raw data recovery on the effected folder may be a way to recover the data, i have no desire to test this theory though...

it's still encrypted and I'm pretty sure you still need the key from the hacker... but like many others said, *backups* - because *reasons*

[Godlygamer23]

i use windows myself and no there is no "virus" for ios unless u start jailbreaking the device which is no longer ios at that point, so no there is no viruses for IOS since its a closed system.

and why the fuck are you comparing a mobile OS with a computer OS? 

Mobile devices are still computers.

[stevv]

doing a raw data recovery on the effected folder may be a way to recover the data, i have no desire to test this theory though...

 

As long as you get rid of the virus first.  Yes (overwriting data with old backup will work), since the virus is currently only doing file level encrypting.  And its also not a network spreading virus (infect other computer through network hacks).

 

If I can get my hands on it, I don't mind testing it.

[BCMods]

If I can get my hands on it, I don't mind testing it.

I wrote down the DL link for it from a client's PC if you want it?

[stevv]

I wrote down the DL link for it from a client's PC if you want it?

 

Sure.  probably just pm it to me haha.  

 

Hope your client got their data back?

[The Last MeMe]

Gabriel, on 21 Oct 2013 - 10:19 AM, said:Gabriel, on 21 Oct 2013 - 10:19 AM, said:

it's shit as well but less shitty than windows when talking about viruses

*facepalm* not even gonna comment

 

On another note ill just re-dl my stuff no biggie LOL

 

http://www.youtube.com/watch?feature=player_detailpage&v=OEbt61togp4#t=49

 

DO YOU KNOW HOW MANY MAN HOURS THAT WOULD TAKE!!!!!!!

[BCMods]

Sure.  probably just pm it to me haha.  

 

Hope your client got their data back?

Left it at work and I have a day off today, so I'll PM you tomorrow morning

 

Client had their data backed up using our software, however they ended up paying the ransom (against what we were telling them) as they couldn't afford the downtime of getting the machine rebuilt.

 

The decryption process actually took longer than a rebuild would have, so I guess it's a case of "I told you so".

[ForsakenLive]

I don't how people keep bashing windows. Linux and iOS have plenty of viruses. Even more for Linux.
Linux systems have the largest amount of virus on them worldwide. However most of them are not shown, nor active. 

But as soon as you share a file or connection to a windows user you spread the disease, that the windows user would never have got in the first place, it would have been blocked;
But the Linux user with no anti virus let it in. 

[Jack.EXE]

No way to decrypt... What about brute force decryption? try every key in a sandbox until it works?

[BCMods]

No way to decrypt... What about brute force decryption? try every key in a sandbox until it works?

I don't think you realise how long that would take

Every user has a unique key too, so that would have to be done for every instance.

[Jack.EXE]

I don't think you realise how long that would take

Every user has a unique key too, so tha twould have to be done for every instance.

 

Yeah, a long time, but It would still feel good just to spite the guy who made it.