cryptolocker taken down

[rbmrtn]

It's being reported today that the feds have taken down the cryptolocker network. There maybe hope for recovery for some of those infected.

Federal agents knock down Zeus Botnet, CryptoLocker

 

[audreyh1]

Krebs on Security has a more in depth article.

 

[martyb]

I have a bunch of files that are locked up because of the CryptoWall (same thing). I have all my files backed up to Carbonite, and I'm hoping once I get the virus off my laptop, I will be able to restore the ones that got trashed.

 

[zinger1457]

I seriously doubt we've seen the end of this one. The guys responsible are from Russia and I won't be holding my breath waiting for them to get apprehended by the authorities over there. Sound like all the Feds did was seize the hijacked computers that were used to distribute the malware. I doubt it would take very long for these guys to hijack a new set of computers to distribute the same or similar malware.

 

[photoguy]

Are these types of malware (botnets / crypto locker) caught or prevented adequately by software like MS security essentials? Are they detected (the botnets not crypto locker) well after the fact? If not, what should be run instead (I need to recommend software for my father-in-law).

 

[MRG]

Don't know if I believe the source.
But this suggests we haven't seen the last of cryptolocker. There's also a link to recommended AV, anti Malware providers.

http://www.marketwatch.com/story/is-your-computer-secretly-a-bot-2014-06-02?siteid=yhoof2

MRG

 

[zinger1457]

Are these types of malware (botnets / crypto locker) caught or prevented adequately by software like MS security essentials? Are they detected (the botnets not crypto locker) well after the fact? If not, what should be run instead (I need to recommend software for my father-in-law).

Anti-virus/malware software can only detect/block known malware. The problem is the bad guys are constantly changing their malware so there is no guarantee. If malware like cryptolocker is on your comptuter and has done it's thing then to put it bluntly you're screwed unless you have a good offline backup. Some things that have been suggested and I try and do are:
1. Never click on links/attachments in emails unless you are absolutely sure it is legit. Some of the SPAM emails are very convincing so if not sure then be safe and delete the email.
2. Keep anti-virus/malware definition files up to date.
3. Install all OS security updates.
4. Keep a good offline backup of all files.

 

[martyb]

zinger, since my files are backed up with Carbonite, do you think I'll be ok once I get the virus cleaned off my computer? Should my backed-up files be virus free? Or can they be infected as well?

 

[target2019]

If the files were backed up before the infection (actually encryption) then it will be ok. If not, the restored files will be encrypted, and you will not be able to access your data.

 

[zinger1457]

zinger, since my files are backed up with Carbonite, do you think I'll be ok once I get the virus cleaned off my computer? Should my backed-up files be virus free? Or can they be infected as well?

As Target2019 said the backup data will be OK as long as the backup was done before the malware was installed. I'm not familiar with Carbonite, can you access individual files (from a good computer) without doing a restore to check? You should be able to run a scan on your computer using anti-malware software (malwarebytes is pretty good) to get the malware removed, then do a restore.

 

[martyb]

On Carbonite, it appears that some of my files are locked and some are not. Not sure what to do now.

 

[MRG]

On Carbonite, it appears that some of my files are locked and some are not. Not sure what to do now.

I think the test was to see if you could access one from a non-infected machine without doing a restore. Your limited to the ones that aren't locked. That will tell you something.

Can't tell you anything about how Carbonite works, but in other replication environments locking can be 'normal'.
Good luck,
MRG

 

[martyb]

I used my work computer to log in to my Carbonite account & view the files. Some I could view, some I couldn't and the ones that were not viewable had the appearance of the ones on my laptop that were locked/encrypted by the virus. I'd hate to get my computer all cleaned up and then download the virus-infected files right back onto my computer again. I didn't attempt to download any files to the clean computer I was using...if I were to cause my work computer(s) to get that ugly bug, I don't think my employer (government) would be appreciative.

 

[target2019]

I used my work computer to log in to my Carbonite account & view the files. Some I could view, some I couldn't and the ones that were not viewable had the appearance of the ones on my laptop that were locked/encrypted by the virus. I'd hate to get my computer all cleaned up and then download the virus-infected files right back onto my computer again. I didn't attempt to download any files to the clean computer I was using...if I were to cause my work computer(s) to get that ugly bug, I don't think my employer (government) would be appreciative.

When there is an encrypted file, you need to supply a key to unlock that. There could be a virus infection in the file, but you wouldn't know until it is downloaded, unencrypted, and then checked by several av packages.

Tough spot to be in for sure. I would restore a limited set of the files to a secondary computer, perhaps an external drive. Even better, restore to a linux computer...there you can check away, and not worry about infection.

Just browsing stories about this, there was a log of encrypted files on your infected system.

Remember there are two kinds of users - those who have lost data, and those who are gonna lose data.

Good luck with the recovery.

 

[martyb]

Yeah, I'm pretty sure I'm screwed. The worst part is that I thought I was doing things to prevent this from happening. I kept my anti-virus software updated very regularly. I use Carbonite to back up my files....and I'm still screwed. Looks like I'm gonna lose a lot of files. Maybe all of them. I'm pretty bummed out about the whole thing.

 

[MRG]

Yeah, I'm pretty sure I'm screwed. The worst part is that I thought I was doing things to prevent this from happening. I kept my anti-virus software updated very regularly. I use Carbonite to back up my files....and I'm still screwed. Looks like I'm gonna lose a lot of files. Maybe all of them. I'm pretty bummed out about the whole thing.

Sorry to hear that. Do you configure Carbonite to keep your synced, pseudo real time, or do incremental backups?

You really are doing the right steps. If it makes you feel better, I've worked with major corporations that suddenly realized the data were messed up on their primary system and the backup. These weren't PCs, but large corporate servers that serviced 1000s of customers.
MRG

 

[jim584672]

Sure glad I use Linux, don't have to worry about things like this.

 

[zinger1457]

If it was me, once I got the malware removed from my computer and had a clean system I would use Windows Backup and create a system image (available if using Windows 7 or 8) and save it to an external drive. Then you can try to restore your files from Carbonite. Hopefully your AV/Malware software scans the files as they are being restored. Delete the files that have been encrypted, and hope that it's not as bad as you think it is. Run several scans with your AV/Malware software, if nothing is detected your system should be OK. In the worst case if things get messed up again after restoring the Carbonite files you always have your image file that you can restore to bring you back to a known good state. Good luck!

 

[scrabbler1]

There is a Cryptowall 2.0 which just came out. My ladyfriend's laptop got hit with it. She doesn't usually do anything beyond web surfing on it, using a desktop to do personal stuff like that. But.....just the other day, she created a n important Word file and was about to copy it to her desktop when it got encrypted. I am looking for solutions to (1) clean her laptop, (2) safeguard her laptop so it doesn't happen again, and (3) undo the encryption of that one file (and any others not backed up elsewhere). We won't pay any ransom, of course.

Anyone else know of Cryptolock or Cryptowall 2.0?

 

[Senator]

This is where drones and hell-fire missiles would come in handy. Just blow up the buildings where the hackers live.

If the hackers are in a foreign country, and the country will not act, put up a firewall blocking that entire country from the US sites. Or, send in a Seal team with sharp knives.