Just got an email from the boss about the latest ransomware. It must be getting around over here because we don't usually hear from the aerie in Sydney.
RSA/AES encrypts files, public key on computer but private decrypt key on the C&C server.
Bits that I found a bit alarming (from
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.
72 hours to pay up to $300 or the server deletes its key.
Paying the ransom will indeed start the decryption process of the CryptoLocker infection.
As many anti-virus programs would delete the CryptoLocker executables after the encryption started, you would be left with encrypted files and no way to decrypt them. Recent versions of CryptoLocker will now set your Windows wallpaper to a message that contains a link to a decryption tool that you can download in case this happens.
Oh, looking after your "customers". How thoughtful.
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c
Source code looks safe then
