Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
cryptolocker taken down
Old 06-02-2014, 05:25 PM   #1
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
cryptolocker taken down

It's being reported today that the feds have taken down the cryptolocker network. There maybe hope for recovery for some of those infected.

Federal agents knock down Zeus Botnet, CryptoLocker
__________________

__________________
rbmrtn is offline   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 06-03-2014, 07:10 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
audreyh1's Avatar
 
Join Date: Jan 2006
Location: Rio Grande Valley
Posts: 16,484
Krebs on Security has a more in depth article.
__________________

__________________
Well, I thought I was retired. But it seems that now I'm working as a travel agent instead!
audreyh1 is offline   Reply With Quote
Old 06-03-2014, 07:43 AM   #3
Thinks s/he gets paid by the post
martyb's Avatar
 
Join Date: Nov 2006
Location: Bossier City
Posts: 2,182
I have a bunch of files that are locked up because of the CryptoWall (same thing). I have all my files backed up to Carbonite, and I'm hoping once I get the virus off my laptop, I will be able to restore the ones that got trashed.
__________________
“Change is the law of life. And those who look only to the past or present are certain to miss the future.”
-John F. Kennedy

“Hard work never killed anybody, but why take a chance?” - Edgar Bergen
martyb is offline   Reply With Quote
Old 06-03-2014, 10:14 AM   #4
Thinks s/he gets paid by the post
zinger1457's Avatar
 
Join Date: Jul 2007
Posts: 1,453
I seriously doubt we've seen the end of this one. The guys responsible are from Russia and I won't be holding my breath waiting for them to get apprehended by the authorities over there. Sound like all the Feds did was seize the hijacked computers that were used to distribute the malware. I doubt it would take very long for these guys to hijack a new set of computers to distribute the same or similar malware.
__________________
zinger1457 is offline   Reply With Quote
Old 06-03-2014, 12:17 PM   #5
Thinks s/he gets paid by the post
photoguy's Avatar
 
Join Date: Jun 2010
Posts: 2,301
Are these types of malware (botnets / crypto locker) caught or prevented adequately by software like MS security essentials? Are they detected (the botnets not crypto locker) well after the fact? If not, what should be run instead (I need to recommend software for my father-in-law).
__________________
photoguy is offline   Reply With Quote
Old 06-03-2014, 12:26 PM   #6
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,587
Don't know if I believe the source.
But this suggests we haven't seen the last of cryptolocker. There's also a link to recommended AV, anti Malware providers.

http://www.marketwatch.com/story/is-...?siteid=yhoof2

MRG
__________________
MRG is offline   Reply With Quote
Old 06-03-2014, 01:17 PM   #7
Thinks s/he gets paid by the post
zinger1457's Avatar
 
Join Date: Jul 2007
Posts: 1,453
Quote:
Originally Posted by photoguy View Post
Are these types of malware (botnets / crypto locker) caught or prevented adequately by software like MS security essentials? Are they detected (the botnets not crypto locker) well after the fact? If not, what should be run instead (I need to recommend software for my father-in-law).
Anti-virus/malware software can only detect/block known malware. The problem is the bad guys are constantly changing their malware so there is no guarantee. If malware like cryptolocker is on your comptuter and has done it's thing then to put it bluntly you're screwed unless you have a good offline backup. Some things that have been suggested and I try and do are:
1. Never click on links/attachments in emails unless you are absolutely sure it is legit. Some of the SPAM emails are very convincing so if not sure then be safe and delete the email.
2. Keep anti-virus/malware definition files up to date.
3. Install all OS security updates.
4. Keep a good offline backup of all files.
__________________
zinger1457 is offline   Reply With Quote
Old 06-03-2014, 01:33 PM   #8
Thinks s/he gets paid by the post
martyb's Avatar
 
Join Date: Nov 2006
Location: Bossier City
Posts: 2,182
zinger, since my files are backed up with Carbonite, do you think I'll be ok once I get the virus cleaned off my computer? Should my backed-up files be virus free? Or can they be infected as well?
__________________
“Change is the law of life. And those who look only to the past or present are certain to miss the future.”
-John F. Kennedy

“Hard work never killed anybody, but why take a chance?” - Edgar Bergen
martyb is offline   Reply With Quote
Old 06-03-2014, 02:14 PM   #9
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,708
If the files were backed up before the infection (actually encryption) then it will be ok. If not, the restored files will be encrypted, and you will not be able to access your data.
__________________
target2019 is offline   Reply With Quote
Old 06-03-2014, 02:41 PM   #10
Thinks s/he gets paid by the post
zinger1457's Avatar
 
Join Date: Jul 2007
Posts: 1,453
Quote:
Originally Posted by martyb View Post
zinger, since my files are backed up with Carbonite, do you think I'll be ok once I get the virus cleaned off my computer? Should my backed-up files be virus free? Or can they be infected as well?
As Target2019 said the backup data will be OK as long as the backup was done before the malware was installed. I'm not familiar with Carbonite, can you access individual files (from a good computer) without doing a restore to check? You should be able to run a scan on your computer using anti-malware software (malwarebytes is pretty good) to get the malware removed, then do a restore.
__________________
zinger1457 is offline   Reply With Quote
Old 06-03-2014, 03:15 PM   #11
Thinks s/he gets paid by the post
martyb's Avatar
 
Join Date: Nov 2006
Location: Bossier City
Posts: 2,182
On Carbonite, it appears that some of my files are locked and some are not. Not sure what to do now.
__________________
“Change is the law of life. And those who look only to the past or present are certain to miss the future.”
-John F. Kennedy

“Hard work never killed anybody, but why take a chance?” - Edgar Bergen
martyb is offline   Reply With Quote
Old 06-03-2014, 03:33 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,587
Quote:
Originally Posted by martyb View Post
On Carbonite, it appears that some of my files are locked and some are not. Not sure what to do now.
I think the test was to see if you could access one from a non-infected machine without doing a restore. Your limited to the ones that aren't locked. That will tell you something.

Can't tell you anything about how Carbonite works, but in other replication environments locking can be 'normal'.
Good luck,
MRG
__________________
MRG is offline   Reply With Quote
Old 06-03-2014, 04:57 PM   #13
Thinks s/he gets paid by the post
martyb's Avatar
 
Join Date: Nov 2006
Location: Bossier City
Posts: 2,182
I used my work computer to log in to my Carbonite account & view the files. Some I could view, some I couldn't and the ones that were not viewable had the appearance of the ones on my laptop that were locked/encrypted by the virus. I'd hate to get my computer all cleaned up and then download the virus-infected files right back onto my computer again. I didn't attempt to download any files to the clean computer I was using...if I were to cause my work computer(s) to get that ugly bug, I don't think my employer (government) would be appreciative.
__________________
“Change is the law of life. And those who look only to the past or present are certain to miss the future.”
-John F. Kennedy

“Hard work never killed anybody, but why take a chance?” - Edgar Bergen
martyb is offline   Reply With Quote
Old 06-03-2014, 06:05 PM   #14
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,708
Quote:
Originally Posted by martyb View Post
I used my work computer to log in to my Carbonite account & view the files. Some I could view, some I couldn't and the ones that were not viewable had the appearance of the ones on my laptop that were locked/encrypted by the virus. I'd hate to get my computer all cleaned up and then download the virus-infected files right back onto my computer again. I didn't attempt to download any files to the clean computer I was using...if I were to cause my work computer(s) to get that ugly bug, I don't think my employer (government) would be appreciative.
When there is an encrypted file, you need to supply a key to unlock that. There could be a virus infection in the file, but you wouldn't know until it is downloaded, unencrypted, and then checked by several av packages.

Tough spot to be in for sure. I would restore a limited set of the files to a secondary computer, perhaps an external drive. Even better, restore to a linux computer...there you can check away, and not worry about infection.

Just browsing stories about this, there was a log of encrypted files on your infected system.

Remember there are two kinds of users - those who have lost data, and those who are gonna lose data.

Good luck with the recovery.
__________________
target2019 is offline   Reply With Quote
Old 06-03-2014, 07:11 PM   #15
Thinks s/he gets paid by the post
martyb's Avatar
 
Join Date: Nov 2006
Location: Bossier City
Posts: 2,182
Yeah, I'm pretty sure I'm screwed. The worst part is that I thought I was doing things to prevent this from happening. I kept my anti-virus software updated very regularly. I use Carbonite to back up my files....and I'm still screwed. Looks like I'm gonna lose a lot of files. Maybe all of them. I'm pretty bummed out about the whole thing.
__________________
“Change is the law of life. And those who look only to the past or present are certain to miss the future.”
-John F. Kennedy

“Hard work never killed anybody, but why take a chance?” - Edgar Bergen
martyb is offline   Reply With Quote
Old 06-03-2014, 07:21 PM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Apr 2013
Posts: 5,587
Quote:
Originally Posted by martyb View Post
Yeah, I'm pretty sure I'm screwed. The worst part is that I thought I was doing things to prevent this from happening. I kept my anti-virus software updated very regularly. I use Carbonite to back up my files....and I'm still screwed. Looks like I'm gonna lose a lot of files. Maybe all of them. I'm pretty bummed out about the whole thing.
Sorry to hear that. Do you configure Carbonite to keep your synced, pseudo real time, or do incremental backups?

You really are doing the right steps. If it makes you feel better, I've worked with major corporations that suddenly realized the data were messed up on their primary system and the backup. These weren't PCs, but large corporate servers that serviced 1000s of customers.
MRG
__________________
MRG is offline   Reply With Quote
Old 06-03-2014, 07:30 PM   #17
Thinks s/he gets paid by the post
 
Join Date: Feb 2014
Posts: 1,050
Sure glad I use Linux, don't have to worry about things like this.
__________________
jim584672 is offline   Reply With Quote
Old 06-03-2014, 10:25 PM   #18
Thinks s/he gets paid by the post
zinger1457's Avatar
 
Join Date: Jul 2007
Posts: 1,453
If it was me, once I got the malware removed from my computer and had a clean system I would use Windows Backup and create a system image (available if using Windows 7 or 8) and save it to an external drive. Then you can try to restore your files from Carbonite. Hopefully your AV/Malware software scans the files as they are being restored. Delete the files that have been encrypted, and hope that it's not as bad as you think it is. Run several scans with your AV/Malware software, if nothing is detected your system should be OK. In the worst case if things get messed up again after restoring the Carbonite files you always have your image file that you can restore to bring you back to a known good state. Good luck!
__________________
zinger1457 is offline   Reply With Quote
Old 11-18-2014, 11:06 PM   #19
Thinks s/he gets paid by the post
 
Join Date: Nov 2009
Posts: 3,870
There is a Cryptowall 2.0 which just came out. My ladyfriend's laptop got hit with it. She doesn't usually do anything beyond web surfing on it, using a desktop to do personal stuff like that. But.....just the other day, she created a n important Word file and was about to copy it to her desktop when it got encrypted. I am looking for solutions to (1) clean her laptop, (2) safeguard her laptop so it doesn't happen again, and (3) undo the encryption of that one file (and any others not backed up elsewhere). We won't pay any ransom, of course.

Anyone else know of Cryptolock or Cryptowall 2.0?
__________________
Retired in late 2008 at age 45. Cashed in company stock, bought a lot of shares in a big bond fund and am living nicely off its dividends. IRA, SS, and a pension await me at age 60 and later. No kids, no debts.

"I want my money working for me instead of me working for my money!"
scrabbler1 is offline   Reply With Quote
Old 11-19-2014, 06:47 AM   #20
Thinks s/he gets paid by the post
Senator's Avatar
 
Join Date: Feb 2014
Location: Eagan, MN
Posts: 3,055
This is where drones and hell-fire missiles would come in handy. Just blow up the buildings where the hackers live.

If the hackers are in a foreign country, and the country will not act, put up a firewall blocking that entire country from the US sites. Or, send in a Seal team with sharp knives.
__________________

__________________
FIRE no later than 7/5/2016 at 56 (done), securing '16 401K match (done), getting '15 401K match (done), LTI Bonus (done), Perf bonus (done), maxing out 401K (done), picking up 1,000 hours to get another year of pension (done), July 1st benefits (vacation day, healthcare) (done), July 4th holiday. 0 days left. (done) OFFICIALLY RETIRED 7/5/2016!!
Senator is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Interesting new virus: Cryptolocker Lsbcal Other topics 44 11-19-2013 11:10 AM
Have anyone heard of CryptoLocker ransomware? bondi688 Other topics 4 11-17-2013 02:39 PM
Top 10 Warning Signs You've Taken Frugality too Far........:) FinanceDude Other topics 14 02-28-2007 07:02 PM
Thanks to you all that have taken the time to roger FIRE and Money 2 12-11-2003 05:53 AM
Thanks to you all that have taken the time to roger FIRE and Money 5 12-09-2003 12:46 PM

 

 
All times are GMT -6. The time now is 05:26 AM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.