Join Early Retirement Today
Reply
 
Thread Tools Search this Thread Display Modes
Interesting new virus: Cryptolocker
Old 10-24-2013, 10:04 AM   #1
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,672
Interesting new virus: Cryptolocker

Virus checkers apparently won't yet help:
Quote:
First, you see a red banner on your computer system, warning that your files are now encrypted — and if you send money to a given email address, access to your files will be restored to you.

The other sign you’ve been hit: you can no longer open Office files, database files, and most other common documents on your system. When you try to do so, you get another warning, such as “Excel cannot open the file [filename] because the file format or file extension is not valid,” as stated on a TechNet MS Excel Support Team blog.
The article on it is here: CryptoLocker: A particularly pernicious virus

The free newsletter from Windows Secrets is about the only newsletter I subscribe to and often mentions interesting things like this.

Another reason to backup regularly.
__________________

__________________
Lsbcal is online now   Reply With Quote
Join the #1 Early Retirement and Financial Independence Forum Today - It's Totally Free!

Are you planning to be financially independent as early as possible so you can live life on your own terms? Discuss successful investing strategies, asset allocation models, tax strategies and other related topics in our online forum community. Our members range from young folks just starting their journey to financial independence, military retirees and even multimillionaires. No matter where you fit in you'll find that Early-Retirement.org is a great community to join. Best of all it's totally FREE!

You are currently viewing our boards as a guest so you have limited access to our community. Please take the time to register and you will gain a lot of great new features including; the ability to participate in discussions, network with our members, see fewer ads, upload photographs, create a retirement blog, send private messages and so much, much more!

Old 10-24-2013, 10:10 AM   #2
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,255
Sounds nasty.

Does it affect Mac OS-X, or Linux?

-ERD50
__________________

__________________
ERD50 is online now   Reply With Quote
Old 10-24-2013, 10:31 AM   #3
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,672
According to Wikipedia it may only be Windows: CryptoLocker - Wikipedia, the free encyclopedia

Quote:
CryptoLocker is a program which attacks a computer by encrypting many types of data files in place, which makes them inaccessible, then displaying a message demanding payment (typically of $100 or $300, to be made via MoneyPak, Ukash, cashU or Bitcoin) within a certain period of time (typically 100 or 72 hours), with a promise to decrypt the files and restore the computer to working order on receipt.

... Some, reluctantly, accept that payment may be the only way to recover data[2]. Symantec reports that 3% of victims pay the ransom.[5] There are several variants of CryptoLocker with different ransom amounts and deadline times. People who have paid the ransom say that verification of payment can take three to four hours, after which the Cryptolocker starts decrypting files. This can take a considerable time. There have been some reports that the decryption process may display an error message stating that a particular file cannot be decrypted, although decryption does not stop and other files continue to be decrypted.
__________________
Lsbcal is online now   Reply With Quote
Old 10-25-2013, 12:41 PM   #4
Recycles dryer sheets
 
Join Date: Feb 2006
Location: Indianapolis
Posts: 417
Ha---bet it can't crack my 7 year-old Dell with Vista and Uverse with free McAfee security!
__________________
Payin-the-Toll is offline   Reply With Quote
Old 10-25-2013, 12:56 PM   #5
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by ERD50 View Post
Sounds nasty.

Does it affect Mac OS-X, or Linux?

-ERD50
Sarcasm ?
__________________
rbmrtn is offline   Reply With Quote
Old 10-25-2013, 12:57 PM   #6
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by Lsbcal View Post
According to Wikipedia it may only be Windows: CryptoLocker - Wikipedia, the free encyclopedia
Sounds a lot like the FBI moneypack virus. Cleaning one today for a friend.
__________________
rbmrtn is offline   Reply With Quote
Old 10-25-2013, 02:04 PM   #7
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
 
Join Date: Sep 2005
Location: Northern IL
Posts: 18,255
Quote:
Originally Posted by rbmrtn View Post
Sarcasm ?
Just checking.




Well, Ok maybe a little....

The computers I manage for family are all Macs, mine is Linux. But I am replacing a bad Hard Drive for my DIL in her Windows HP Laptop, so I'll watch for this. Need to install Win7, if she can find her disks, else I guess they can be DL'd from MS or HP, I've got the key code on the MS sticker.

-ERD50
__________________
ERD50 is online now   Reply With Quote
Old 10-25-2013, 09:31 PM   #8
Thinks s/he gets paid by the post
 
Join Date: Jul 2012
Location: Mississippi
Posts: 1,878
Quote:
Originally Posted by ERD50 View Post
Need to install Win7, if she can find her disks, else I guess they can be DL'd from MS or HP, I've got the key code on the MS sticker.

-ERD50
The original HP disk will be easier, self activating don't need the product key. The key on the sticker won't work without making a phone call to get the activation code.
__________________
rbmrtn is offline   Reply With Quote
Old 10-25-2013, 09:54 PM   #9
Thinks s/he gets paid by the post
target2019's Avatar
 
Join Date: Dec 2008
Posts: 3,705
This page is helpful.
Megacorp sent me something recently, a PDF file, trying to get me to click on it. That is the attack vector of CryptoLocker. A PDF that is actually an executable zip file.

I was tempted to click it and see what prize our security would send.
__________________
target2019 is online now   Reply With Quote
Old 10-26-2013, 08:16 AM   #10
Thinks s/he gets paid by the post
JoeWras's Avatar
 
Join Date: Sep 2012
Posts: 2,513
Another reason I'm not a fan of bitcoin. bitcoin is one of the accepted ransom payment methods.
__________________
JoeWras is offline   Reply With Quote
Old 10-26-2013, 10:11 AM   #11
Thinks s/he gets paid by the post
photoguy's Avatar
 
Join Date: Jun 2010
Posts: 2,301
Quote:
Originally Posted by Lsbcal View Post
According to Wikipedia it may only be Windows: CryptoLocker - Wikipedia, the free encyclopedia
The first article says that one method of infection is through browser java. So I suppose even if this particular virus doesn't affect macs/linux a similar one could in the future (if you don't turn off java).

I usually have a couple backups of my files so the encrypted files would have to propagate to all of them before I was totally screwed. On the other hand, just having to check which files needed to be restored would be an immense pain (if one couldn't figure it out by date).
__________________
photoguy is offline   Reply With Quote
Old 10-26-2013, 02:14 PM   #12
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,315
Here's the advice from the Windows Secrets people on this new threat:

http://windowssecrets.com/top-story/...nicious-virus/
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 10-26-2013, 02:36 PM   #13
Thinks s/he gets paid by the post
sengsational's Avatar
 
Join Date: Oct 2010
Posts: 3,815
Quote:
Originally Posted by Chuckanut View Post
Here's the advice from the Windows Secrets people on this new threat:

CryptoLocker: A particularly pernicious virus
The attack vector is an exe file "disguised" as a pdf (aka "blah.pdf.exe").

The recommendations there don't even mention the obvious: Don't click on email attachments, especially those ending in "exe"
__________________
sengsational is offline   Reply With Quote
Old 10-26-2013, 02:46 PM   #14
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Another website (protect against)
Cryptolocker: How to avoid getting infected and what to do if you are - Computerworld

Quote:
The virus is, of course, an executable attachment, but interestingly the icon representing the executable is a PDF file. With Windows' hidden extensions feature, the sender simply adds ".pdf" to the end of the file (Windows hides the .exe) and the unwitting user is fooled into thinking the attachment is a harmless PDF file from a trusted sender. It is, of course, anything but harmless.
The instructions are Greek to me... So I'm vulnerable.

Going to watch my emails little more closely... and just hope that guy in England was honest, and that I DID win the lottery.

snopes "take"
http://www.snopes.com/computer/virus/cryptolocker.asp
__________________
Today is the oldest you've ever been, and the youngest you'll ever be again. - Eleanor Roosevelt
imoldernu is offline   Reply With Quote
Old 10-26-2013, 02:56 PM   #15
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Chuckanut's Avatar
 
Join Date: Aug 2011
Location: West of the Mississippi
Posts: 6,315
One thing I sure won't do is to send them any money. Even if they do free up your computer there is no guarantee they haven't left some type of keyboard recorder or other spyware on it.
__________________
The worst decisions are usually made in times of anger and impatience.
Chuckanut is offline   Reply With Quote
Old 10-26-2013, 07:29 PM   #16
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,672
Quote:
Originally Posted by imoldernu View Post
Another website (protect against)
Cryptolocker: How to avoid getting infected and what to do if you are - Computerworld



The instructions are Greek to me... So I'm vulnerable.

Going to watch my emails little more closely... and just hope that guy in England was honest, and that I DID win the lottery.

snopes "take"
snopes.com: CryptoLocker
I think what you referenced means that the nasty file is named something like: niceFile.pdf.exe
Since Windows does not usually show the ".exe" extension, the user might think he is getting to see a PDF file named "nicefile.pdf". Clicking on the file starts executing (the executable) file.
__________________
Lsbcal is online now   Reply With Quote
Old 10-26-2013, 10:41 PM   #17
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
harley's Avatar
 
Join Date: May 2008
Location: Following the nice weather
Posts: 6,418
Quote:
Originally Posted by rbmrtn View Post
Sounds a lot like the FBI moneypack virus. Cleaning one today for a friend.
The difference is that FBI moneypak (which I got a couple of months ago) doesn't really do anything. Cryptolocker actually encrypts your files and you lose them if you don't have a backup. Particularly nasty piece of work. It looks for standard extensions like .doc, .jpg, etc. If you get it the first thing to do is shut down your internet connection to minimize the damage.

If anyone is interested, bleepingcomputer.com has a good write up on it. CryptoLocker Ransomware Information Guide and FAQ
__________________
"Good judgment comes from experience. Experience comes from bad judgement." - Will Rogers, or maybe Sam Clemens
DW and I - FIREd at 50 (7/06), living off assets
harley is offline   Reply With Quote
Old 10-27-2013, 08:36 AM   #18
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,672
One extremely simple backup technique I use on my Win 8 PC is to copy "My Documents" which has all my important data files to a removable hard drive under a folder like "Docs, Oct 27". Done weekly and it's only about 2GB so is fast. Does not include pictures, just data files.

This has helped in the past when I've accidentally munged a file and need to grab some data off the backup quickly. Or it would definitely help with so called ransomware.

Of course, I also do a standard Windows software backup too but the files then have to be restored by Windows.
__________________
Lsbcal is online now   Reply With Quote
Old 10-27-2013, 09:20 AM   #19
Thinks s/he gets paid by the post
imoldernu's Avatar
 
Join Date: Jul 2012
Location: Peru
Posts: 4,616
Quote:
Originally Posted by Lsbcal View Post
One extremely simple backup technique I use on my Win 8 PC is to copy "My Documents" which has all my important data files to a removable hard drive under a folder like "Docs, Oct 27". Done weekly and it's only about 2GB so is fast. Does not include pictures, just data files.

This has helped in the past when I've accidentally munged a file and need to grab some data off the backup quickly. Or it would definitely help with so called ransomware.

Of course, I also do a standard Windows software backup too but the files then have to be restored by Windows.
I think the important part of this, from what I understood... is that any backup should not be connected, meaning that the virus has the capability of infecting any "connected" drive.

The solution in the "fixit" link was to insert program coding to block the virus... I know this was beyond my capabilities, and it looked as if the "block" would cause other problems in the operating system.

My current solution is to "hope I don't get tagged".... Am not smart enough understand this. Just hoping that because the virus has not been at the top of the news, that the infection is limited.

Am keeping my 2T drive unplugged except when I'm using it.

This whole problem seems like the African Pirate ships... holding hostages. Thought the part about the Hackers having integrity because they would be honest and clean your system after you paid the ransom... was extremely funny.
__________________
Today is the oldest you've ever been, and the youngest you'll ever be again. - Eleanor Roosevelt
imoldernu is offline   Reply With Quote
Old 10-27-2013, 09:31 AM   #20
Give me a museum and I'll fill it. (Picasso)
Give me a forum ...
Lsbcal's Avatar
 
Join Date: May 2006
Location: west coast, hi there!
Posts: 5,672
Yep, the removable part of the backup is key. My main concern is a burglary where the guy takes my PC. I want the backup to be out of easy access. OK, if it's the CIA I'm hosed.

I think the argument for the hackers fixing things once the ransom is paid is that if they do this, the word will get out that the payment is a true fix. If they don't do the fix then people will stop paying. Seems like a strange world nowadays. Still not as bad as Stalin or Hitler.
__________________

__________________
Lsbcal is online now   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


 

 
All times are GMT -6. The time now is 06:40 PM.
 
Powered by vBulletin® Version 3.8.8 Beta 1
Copyright ©2000 - 2017, vBulletin Solutions, Inc.