Author Topic: Nasty virus - CryptoLocker  (Read 5325 times)

sinsi

  • Guest
Nasty virus - CryptoLocker
« on: October 16, 2013, 03:56:21 PM »
Just got an email from the boss about the latest ransomware. It must be getting around over here because we don't usually hear from the aerie in Sydney.
RSA/AES encrypts files, public key on computer but private decrypt key on the C&C server.

Bits that I found a bit alarming (from http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

Quote
If you do not have System Restore enabled on your computer or reliable backups, then you will need to pay the ransom in order to get your files back.
72 hours to pay up to $300 or the server deletes its key.

Quote
Paying the ransom will indeed start the decryption process of the CryptoLocker infection.

Quote
As many anti-virus programs would delete the CryptoLocker executables after the encryption started, you would be left with encrypted files and no way to decrypt them. Recent versions of CryptoLocker will now set your Windows wallpaper to a message that contains a link to a decryption tool that you can download in case this happens.
Oh, looking after your "customers". How thoughtful.

Quote
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c
Source code looks safe then  :biggrin:

jj2007

  • Member
  • *****
  • Posts: 12975
  • Assembler is fun ;-)
    • MasmBasic
Re: Nasty virus - CryptoLocker
« Reply #1 on: October 16, 2013, 05:51:47 PM »
How do you become infected with CryptoLocker

Quote
This infection is typically spread through emails sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain a zip attachment that when opened would infect the computer. These zip files contain executables that are disguised as PDF files as they have a PDF icon and are typically named something like FORM_101513.exe or FORM_101513.pdf.exe. Since Microsoft does not show extensions by default, they look like normal PDF files and people open them.

They do deserve the "M$", sinsi ;-)

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: Nasty virus - CryptoLocker
« Reply #2 on: October 17, 2013, 04:46:47 AM »
one of the first things i set up - Show file extenstions for known file types   :biggrin:

K_F

  • Member
  • *****
  • Posts: 1692
  • Anybody out there?
Re: Nasty virus - CryptoLocker
« Reply #3 on: October 17, 2013, 04:57:53 AM »
How about disabling the windows Cryptographic service...

I'd think that the virus would try use this service to do it's dirty work, but if it doesn't find the service.. no problem for you ?
Just a thought !
'Sire, Sire!... the peasants are Revolting !!!'
'Yes, they are.. aren't they....'

sinsi

  • Guest
Re: Nasty virus - CryptoLocker
« Reply #4 on: November 21, 2013, 01:29:16 PM »

Magnum

  • Member
  • *****
  • Posts: 2367
Re: Nasty virus - CryptoLocker
« Reply #5 on: November 21, 2013, 02:05:38 PM »
If you read how computers get infected, it really isn't scary but sad.

Opening  zip files from an untrusted source.  :dazzled:

Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org

dedndave

  • Member
  • *****
  • Posts: 8828
  • Still using Abacus 2.0
    • DednDave
Re: Nasty virus - CryptoLocker
« Reply #6 on: November 21, 2013, 10:43:05 PM »
the cops sinsi pointed to are idiots
and - the FBI undoubtedly has a sting operation in progress to locate the guy (duh)
(probably involves interpol, too)

the guy is smart enough (?) to write the virus
let's see if he's smart enough to actually spend some of his ill-gotten booty without ending in jail

personally, i think he'd be smarter if he were making money by using his skills legally

Magnum

  • Member
  • *****
  • Posts: 2367
Re: Nasty virus - CryptoLocker
« Reply #7 on: November 22, 2013, 08:16:51 PM »
You could say he is smart and greedy.

But he definitely is not wise.

Andy
Take care,
                   Andy

Ubuntu-mate-18.04-desktop-amd64

http://www.goodnewsnetwork.org