My files have been taken hostage...they want a ransom paid.

Over the weekend when I turned on my laptop I received a very nasty surprise. The first thing that popped up on starting was a message telling me that all my files (documents, photos, music etc) were being held for ransom. I was instructed that if I ever want to see my personal stuff again then I needed to pay a ransom. they are asking for $500 in bitcoins. I thought oops, some stupid thing, I will just run my scan and it will be gone...STUPID ME.

Apparently this is the latest in cyber attacks. I have no idea how I got it or where it came from. since reading up on this for the last 24 hours I am gobsmacked about what is going on. businesses were among the first to be hit and they were paying the ransom as their whole financial life was at stake.

here is an extract from a news article that may explain it a bit better than me:

In the past few weeks, cyber researchers have sounded the alarm about a far more dangerous type of automated ransomware known as CryptoDefense. After infecting laptops with trick emails, CryptoDefense automatically encrypts all files and demands a $500 ransom payout that rises to $1,000. The malware then destroys the key if no ransom is paid within one month.

“The files will never be recoverable. There is nothing you can do. Not even the best cryptologists in the world can feasibly break this kind of encryption. That’s what’s so frightening,” said Martin.

LINK



so...basically, is there anyone else on here also being held to ransom ?????? or am I the "captain Phillips" of ATS ?.

My son had a similar one but he was surfing porn sites.
It was a b*tch to get rid of but yours sounds more insidious.
I wish you luck in clearing it.

It's only affecting laptops?

Oh wow, for real? That's messed up, nothing can sandbox it?

*warily eyes the internet*

Lol you are probably the Captain Phillips of ATS.

Believe it or not, this nasty bug has been around for over a year in one name or another. Unfortunately, this particular virus is infamous for indeed encrypting and thus destroying all of your files if the ransom is not paid....So unfortunately, you are probably screwed.

I would not pay up and maybe another person more IT inclined knows how to remove this particular bug...Sorry to hear this happened to you! Id spare ya some bitcoin if I could afford to lol.

If there is a way to prevent the encryption you could possibly save your stuff but this bug is based on cryptography and it is indeed true once the files are encrypted and the key thrown away...theres nothing you can do. This is a really nasty one O.o

So far this virus is only affecting PCs with windows.

I suggest next computer you buy is a Mac. Or if you are tech savvy something running Linux.

Yes, this virus is being investigated by the FBI and has been ruining people's lives (like many viruses not hurting us Mac users).

MM

www.jsonline.com...

I feel for yah girl...

Some say this is the "Nastiest Malware Ever".

I've not had the pleasure of dealing with it, YET...

CryptoLocker Is The Nastiest Malware Ever - Here's What You Can Do
www.makeuseof.com...

If anyone gets it start here
blog.malwarebytes.org...

DO NOT try to run an anti-virus and remove crypto locker
couleetechlink.com...

don't pay the ransom they'll ask for double. Paying won't get your data back
www.itproportal.com...

Crypto lockers have a way of not erasing themselves completely even if you pay
www.overclock.net...

CryptoLocker Ransomware What You Need To Know - YouTube
www.youtube.com...

How to remove CryptoLocker and RECOVER your data
www.youtube.com...

The WORST possible thing you could do...
www.precisesecurity.com...

Jenny R
Do you know of anyone who has paid the ransom and gotten their stuff back?

TechnoAngina
Some people were getting their stuff back, it’s why people pay up in the first place, but white hats(hackers for good) already took out the C&C(command and control) computers knocking out any ability to recover your file data. Most people were getting their files back before this, otherwise why pay up?

TechnoAngina
Bitcoin is most certainly not untraceable. It’s just hard to track, but governments have pretty much cracked the anonymity of it in multiple cases. They use the public string that everyone has access to. Make no mistake the proprietors of this are almost certainly on someone’s radar.

Jessica D
My aunt had this and after I tried so many things to get rid of it, the thing that worked was a system restore. It has not reappeared since

How to remove CryptoLocker Ransomware (Removal Guide)

WARNING: Do not make any attempt to remove this infection (cryptolocker) unless you can verify that you have a backup of your data files OR functional restore points going back for at least 2 weeks. Reason? The ransom is set for 72 hours and if you even move one of the infected docs the call is off: you will not even be able to pay the ransom to get your files unlocked! If you have restore points, you may be able to retrieve "previous versions" using Shadow Explorer...

So glad I back my stuff up on an external drive. This kind of thing scares the crap outta me. I assume a reformat would eliminate the virus (although of course all data is lost)?

So where is the key? Is it hidden on your system?

Do like I do. One pc for the internet, and another that is NEVER allowed on the internet for your personal stuff.

I had recently had some trouble with my anti-virus, and although I'm knowledgeable with computers and know better, I deleted it to resolve the problem out of laziness. I figured that since virus removal is normally a fun challenge, I could do without until I came upon a fix for my issue.

The point of the above is that as soon as I read this thread I immediately went and re downloaded it. FFFFFFFFFFFFFF that. lol.

reply to post by bellagirl


Post more details about the name of the group or screencap the message.

In the past, some of these trojans have been easy enough to bypass. You might have one that can be side-stepped by rebooting in safe mode and copying certain files to a USB stick or external HD. Another way is to boot up an Ubuntu Live disc and access the HD through that. Obviously you'll need to be careful about *what* you seek to save as you could shift the trojan over with them...

If these routes aren't workable, it'd be a good idea to use a clean computer elsewhere to change any passwords that matter. After that, you can use DBAN to wipe the drive and reinstall your OS. I can't advise you to download a cracked copy (your call), but it'd be cheaper than paying off extortion if you had to buy a new copy of (presumably) Windows 7 or 8.

thanks for the responses guys.

from what I can work out up until the first of april, if you were infected there was a fix. someone had worked out how to recover the key as it was left behind somewhere on your computer. they were helping people privately (for free) as they didn't want to put it out there. apparently...the company called symtec (think that's what it is) then published the fix as they had no idea themselves which then led the pirates to re jig the virus and shut the door for good. cough...assholes.

those of us now infected in the last two weeks are absolutely screwed.

reply to post by andr3w68


Just back up your data to an external.

Kandinsky
reply to post by bellagirl

 

Post more details about the name of the group or screencap the message.

In the past, some of these trojans have been easy enough to bypass. You might have one that can be side-stepped by rebooting in safe mode and copying certain files to a USB stick or external HD. Another way is to boot up an Ubuntu Live disc and access the HD through that. Obviously you'll need to be careful about *what* you seek to save as you could shift the trojan over with them...

If these routes aren't workable, it'd be a good idea to use a clean computer elsewhere to change any passwords that matter. After that, you can use DBAN to wipe the drive and reinstall your OS. I can't advise you to download a cracked copy (your call), but it'd be cheaper than paying off extortion if you had to buy a new copy of (presumably) Windows 7 or 8.

thanks for the reply. I don't know how to do a screencap. I will do a post now with all the info I have of the changes I have noticed.

sorry , but it will be in aussie speak and stupid "mum" speak.

InvisibleOwl
So glad I back my stuff up on an external drive. This kind of thing scares the crap outta me. I assume a reformat would eliminate the virus (although of course all data is lost)?

Lets not forget what they they say about the word "assume"...

In some cases, older variants of the Zeroaccess Rootkit (possibly the foulest malware I have ever come across) can survive a standard refomat of the HD and reinstall itself onto the fresh copy of Windows

Among a whole host of malicious applications present initially on your computer there were some very serious ones..... Some of these provide a remote attacker with a high degree of control over your computer, its contents, passwords, email etc. They will enable other pieces of malicious code or undesirable material to be downloaded and installed on your computer without your permission or knowledge. The rootkits for example have the ability to operate at the kernel level and make "invisible" or conceal certain files.... I will not try to list all the infections as you will have looked at the logs, but many of your files had been attacked by patch infectors, Remote Access Trojans, (Backdoors) and Zero Access infections... Despite the most expert cleaning of your computer (and believe me you have received truly expert assistance) there is no way that your computer can ever be relied upon after such a serious set of infections unless it is fully formatted, the disc cleaned and from a clean newly formatted partition everything reinstalled.(Windows, your Applications/Programs and data files where you are happy that their provenance is 100% and they are virus free.)

forums.whatthetech.com...

I suggest next computer you buy is a Mac. Or if you are tech savvy something running Linux.

not really. millions of people use windows without any problem.
if you have a problem with your computer its likely down to you and how little you know about computers.

ok, here is what I know so far in reply to some of your responses:

You cant just back up the files now to an external drive as they are encrypted forever till you pay the ransom.

on every folder I have is 3 things

how_decrypt HTML document
how_decrypt text document
how_decrypt internet shortcut

one thing I have noticed this morning is in a folder there is software downloaded last Thursday ...its called "traxmaker". I don't remember ever having a folder called circuitmaker.

I don't understand what this is but I know you cant delete and make a copy from the shadow something or other as they have deleted that along with all system restore points.

I have gone into "safemode" and deleted a suspect folder on the regedit ... sart/run/regedit/hkey current user/software/Microsoft/windows/current version/run/ and then delete the suspect file. that did nothing.

Rikku

I suggest next computer you buy is a Mac. Or if you are tech savvy something running Linux.

not really. millions of people use windows without any problem.
if you have a problem with your computer its likely down to you and how little you know about computers.

how wrong you are. I am just the start. I may know little about computers but I had the proper security software downloaded with firewall etc. not done by me....by someone who works for one of the biggest banks doing internet security. yes this virus has been around for a while but it has now turned into a "superbug".

the main forum that is dealing with this is clogged with IT experts who work for multiple companies trying to discover a fix.

reply to post by bellagirl


I apologize if this sounds insulting but I have to ask: when you surf the web, or do anything else on your PC for that matter, what account do you use?