This is a split board - You can return to the Split List for other boards.

Warning others of new ransomware Virus "Cryptolocker" going around.

#1arrseeteePosted 10/26/2013 10:14:06 AM(edited)
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/page-78#
http://www.reddit.com/r/sysadmin/comments/1p32lx/cryptolocker_recap_a_new_guide_to_the_bleepingest/

Just got it myself, NEVER got a major virus until now :( Been researching all night, noone has been able to beat this thing in the last few months. CryptoLocker is a ransomware program that was released around the beginning of September 2013. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

This isn't the same as those FBI MoneyPak scams because those trick users with a fake alert into paying a fine. This virus corrupts your files and only way to decript them is by using the key only they have. The files are still on your PC, and they don't take anything. Seems people are unable to system restore and removing it will only remove the virus, but still leave your files encripted. Amazing how many people this thing got. Even more amazing is people are actually paying up because paying does actually decript your files. There is currently NO other way to regain access your files back aside from paying.

Just warning others around here. Don't end up like me, this sucks :(
---
Posting from phone. So Police, don't whine about minor mistakes.
#2Lonestar2000Posted 10/26/2013 10:13:58 AM
Why are you opening strange exes that are e-mailed to you?
---
Rumble Roses. Someone enters the room.
Them: O_O Me: What?! I always play games without my pants on!- Inmate 922335
#3RequiemPosted 10/26/2013 10:15:59 AM
I always find it strange that this sort of thing works (aka as in the criminals not getting caught). If there are money transfers involved, couldn't the police trace the account owners (etc etc) via bank?
---
Copyright free literature available at http://www.gutenberg.org/wiki/Main_Page... otherwise known as Tex-Mex
#4arrseetee(Topic Creator)Posted 10/26/2013 10:23:40 AM(edited)
Lonestar2000 posted...
Why are you opening strange exes that are e-mailed to you?
No idea when or where it came from. As my work PC very shocking and just might force me to even pay up unless someone finds a way in the next 3 and a half days. They say they disguise as pdfs and can sit on your pc for days/weeks. Hard to distingush as they don't give your PC any symptoms until the final process starts, lots of antiviruses have just recently been able to detect them. I have NO idea when I could have possibly got them. Never gotten a major virus in the last 15years, always been careful but just crazy can happen to anyone.

Requiem posted...
I always find it strange that this sort of thing works (aka as in the criminals not getting caught). If there are money transfers involved, couldn't the police trace the account owners (etc etc) via bank?
The transfers over bitcoin/moneypak are meant to be anonymous and from my understanding impossible to trace.
---
Posting from phone. So Police, don't whine about minor mistakes.
#5jake-sfPosted 10/26/2013 10:21:50 AM(edited)
I'm not sure how someone ends up with this myself if they have enough computer knowledge.

The article does talk about "pdf" files with ".exe" at the end (something like "somefile.pdf.exe"). By default, computers hide known expansion (DUMBEST thing in the world that I remove on anyone's computer when I can), which means even knowing about not opening .exe might make people do the dumb mistake of opening such files.

Why, I guess its always such a weird hole in people's knowledge that makes them catch a virus like this. At least I'm not afraid of getting it in the slightest, but this is a nasty virus.

And the fact it does decrypt your files if you pay off is making its reputation and makes people a LOT more likely to pay, which means someone's swimming in money right now.
---
http://www.youtube.com/user/SFJake250?feature=watch
http://sfjake.zxq.net/
#6GTRagnarokPosted 10/26/2013 10:21:43 AM
I keep everything important backed up so if I somehow got this virus, I would tell it to screw off.
#7-CJF-Posted 10/26/2013 10:28:35 AM
Sad to see that some people are actually paying the criminals for this. I would rather have my files deleted than fold to the demands of cyber criminals, which would only encourage this sort of activity. Anything THAT important that you absolutely could not live without should be backed up on 3-4 different storage mediums and in different locations.
#8nightmare75Posted 10/26/2013 10:30:33 AM
GTRagnarok posted...
I keep everything important backed up so if I somehow got this virus, I would tell it to screw off.


Is it a cold backup? Because this thing has been known to encrypt files on every drive attached to the computer, network drives, USB drives, you name it. The only way your data is safe is if the computer can't access it.
---
North Dakota State University Bison -The DEFENDING BACK TO BACK NCAA Div I Football National Champions \m/
#9Knighted DragonPosted 10/26/2013 10:39:35 AM
Instead of the government trying to restrict internet rights I wish they would focus on finding people who make viruses like this and break their knee caps
---
Matthew 7:21
http://img15.imageshack.us/img15/2492/gyenyame.jpg
#10stmstrPosted 10/26/2013 10:50:17 AM
Knighted Dragon posted...
Instead of the government trying to restrict internet rights I wish they would focus on finding people who make viruses like this and break their knee caps


They're too busy playing make believe and dress up

http://www.fbi.gov/news/stories/2008/october/darkmarket_102008

Literally joining the ranks of online criminals, so bad