It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
Cryptowall 3.0 ransomware switches to anonymous I2P network
page: 1share:
A new version of the Cryptowall ransom-ware exploiting the anonymous Invisible Internet Project (I2P) network has been uncovered.
Independent security researcher Kaffeine reported uncovering the Cryptowall 3.0 malware, warning in a blog post that the attack has the same advanced encryption powers as previous versions.
Cryptowall is used to create ransomware, a form of malware that attempts to blackmail victims by locking them out of infected machines and charging a removal fee.
Cryptowall 3.0 ransomware switches to anonymous I2P network
Just thought i would draw everyone's attention to a new iteration of the Cryptowall virus doing the rounds. My system was hit last night, somehow managed to skip right by my firewall and Malewarebytes Professional. Infected 6 hard drives(even external) and encrypted any and all txt, jpeg, pdf and other associated file formats with MPATTA encryption. It replaces said file types with MPATTA versions of them and deletes the originals. Cant even restore them using Shadowcopy. I have lost around 30-40Gb of personal information, family photographs and videos, all encrypted and to date essentially beyond repair.
Please be careful everyone and don't keep your backup drives connected to the PC. This virus/maleware/ransomware is particularly nasty and as of yet there is no working solution to restore your files.
a reply to: andy06shake
Awesome sauce.....my roomates comp got a version of 2.0. Took him forever to get it fixed.
Like honest hardworking folks dont have enough effing problems to deal with.
Awesome sauce.....my roomates comp got a version of 2.0. Took him forever to get it fixed.
Like honest hardworking folks dont have enough effing problems to deal with.
a reply to: infinityorder
Its the family and children's pictures this thing has essentially taken possession of that really sticks in my craw.
Hopefully someone will come up with a working solution because i can see my Mrs packing her bags if i cannot restore my image files to there original format. LoL
Truth be told if i did not laugh i would probably cry, i feel violated!
Tell you what they can whistle for the $1000 unlock code, im not that stupid.
Like i said through, everyone please be careful!
Its the family and children's pictures this thing has essentially taken possession of that really sticks in my craw.
Hopefully someone will come up with a working solution because i can see my Mrs packing her bags if i cannot restore my image files to there original format. LoL
Truth be told if i did not laugh i would probably cry, i feel violated!
Tell you what they can whistle for the $1000 unlock code, im not that stupid.
Like i said through, everyone please be careful!
edit on 16-1-2015 by andy06shake because: (no reason given)
a reply to: andy06shake
I have been able to use a few recovery programs on an encrypted drive to retrieve the original files intact. It doesn't work 100%, but I have been able to get back many of them. Recuva is free, and a good little program. Try it. Hope it helps.
Warning: It can take hours to deep scan a large drive.
I have been able to use a few recovery programs on an encrypted drive to retrieve the original files intact. It doesn't work 100%, but I have been able to get back many of them. Recuva is free, and a good little program. Try it. Hope it helps.
Warning: It can take hours to deep scan a large drive.
edit on 1/16/2015 by Klassified because: (no reason given)
a reply to: Klassified
Any help would be greatly appreciated Klassified.
What software did you use to accomplish file restoration? Did you somehow brute force the algorithm responsible for encryption? Or use some other means of restoration?
I've tried using Shadowcopy to no avail.
Any help would be greatly appreciated Klassified.
What software did you use to accomplish file restoration? Did you somehow brute force the algorithm responsible for encryption? Or use some other means of restoration?
I've tried using Shadowcopy to no avail.
edit on 16-1-2015 by andy06shake because: (no reason given)
a reply to: andy06shake
Recuva is a deleted file recovery program. I hooked the hard drive to a separate computer, and had Recuva do a deep scan for image files, and another for video files.
Because Cryptowall deletes the original files, and replaces them, it becomes possible to recover the originals intact. Also, any good data recovery service can probably retrieve much more than a recovery program. Don't look for miracles though. Because the encrypted files over write the originals, it makes it much harder to retrieve them, and retrieved them uncorrupted.
Also be careful of some of the pay versions of data recovery programs. They are no better than the free ones in many cases. There are some legit ones out there though, that will let you try before you buy.
Free data recovery tools
Stellar Phoenix, GetDataBack, Power Data Recovery by Mini-Tool are payware.
Recuva is a deleted file recovery program. I hooked the hard drive to a separate computer, and had Recuva do a deep scan for image files, and another for video files.
Because Cryptowall deletes the original files, and replaces them, it becomes possible to recover the originals intact. Also, any good data recovery service can probably retrieve much more than a recovery program. Don't look for miracles though. Because the encrypted files over write the originals, it makes it much harder to retrieve them, and retrieved them uncorrupted.
Also be careful of some of the pay versions of data recovery programs. They are no better than the free ones in many cases. There are some legit ones out there though, that will let you try before you buy.
Free data recovery tools
Stellar Phoenix, GetDataBack, Power Data Recovery by Mini-Tool are payware.
edit on 1/16/2015 by Klassified because: (no reason given)
a reply to: andy06shake
is this a virus that destroys your hard drive, or locks it?
is it like the one called money pack or greendot virus? the one that says the FBI has locked your computer.
i got that one a couple of times on my old Xp system and the way i got rid of that one by, booting up in safe mode command prompt, disabled all start programs,then ran regedit, found any files that were not explorer.exe or blank that i didn't recognize. made copies and backed them up, then replaced them with explorer.exe., then deleted those. all three times that worked for me with that one it also took a while. i also found out that i was lucky, that in many cases you could not boot up in safe mode.
i understood that that one came from a couple of sources like,downloaded together with other programs or files without any permission. like fake video codecs, Flash updates or other freeware from the source that is not official.
i still use that one from time to time and have no problems.
is this a virus that destroys your hard drive, or locks it?
is it like the one called money pack or greendot virus? the one that says the FBI has locked your computer.
i got that one a couple of times on my old Xp system and the way i got rid of that one by, booting up in safe mode command prompt, disabled all start programs,then ran regedit, found any files that were not explorer.exe or blank that i didn't recognize. made copies and backed them up, then replaced them with explorer.exe., then deleted those. all three times that worked for me with that one it also took a while. i also found out that i was lucky, that in many cases you could not boot up in safe mode.
i understood that that one came from a couple of sources like,downloaded together with other programs or files without any permission. like fake video codecs, Flash updates or other freeware from the source that is not official.
i still use that one from time to time and have no problems.
edit on 16-1-2015 by hounddoghowlie because: (no reason given)
a reply to: hounddoghowlie
Crptowall does not lock the drive. It encrypts your personal files. You can still run your os, and do other things, but your personal files are locked.
Crptowall does not lock the drive. It encrypts your personal files. You can still run your os, and do other things, but your personal files are locked.
a reply to: andy06shake
This right here is a nightmare.
We got hit on one pc in our corporate network.
The bad part with this ransomware is that it WILL scan any mapped network share on the pc. And will also encrypt the files while scanning.
If you do not have backups of the files you are stuck paying the ransom or restoring the files from a backup.
Don't let what happened to this lawfirm happen to you.
www.welivesecurity.com...
Moral of the story. Backup thrice!
This right here is a nightmare.
We got hit on one pc in our corporate network.
The bad part with this ransomware is that it WILL scan any mapped network share on the pc. And will also encrypt the files while scanning.
If you do not have backups of the files you are stuck paying the ransom or restoring the files from a backup.
Don't let what happened to this lawfirm happen to you.
www.welivesecurity.com...
A small American law firm has admitted that every document on a server at the Charlotte-Mecklenburg company has fallen prey to the Cryptolocker ransomware, according to a report by local station WSO CTV.
The infection arrived via a phishing email, according to Paul Goodson, who heads the firm in North Carolina state capital Charlotte.
“It was actually an email that looked like it was coming from our phone system because our system sends voice mail messages as an attachment,” said Goodson. Opening the email led to “every single document” at the firm being encrypted, according to CSO’s report.
Goodson says his IT department tried to deal with the malware infection, but after their attempts failed, he attempted to pay the ransom ($300), but was by that point beyond Cryptolocker’s countdown timer. That has left every single document on the firm’s main server – including PDFs and Word documents – encrypted, according to Computer World’s report.
Moral of the story. Backup thrice!
The big question we all want to know is HOW did you get infected?
My system was hit last night, somehow managed to skip right by my firewall and Malewarebytes Professional.
Are you trying to say this was an external attack? Because that's very unlikely, it must have been something you visited, clicked on or downloaded.
Make sure your internet browsers and browser plug-ins are up-to-date, because one thing it looks for is vulnerabilities in out-of-date browsers and
plug-ins. Like the above poster said, make sure any updates you make are from the official sites, not a third party.
edit on 16-1-2015 by
Junkheap because: The screaming blue fuzzy things that are on fire told me to edit this.
originally posted by: PhoenixOD
My system was hit last night, somehow managed to skip right by my firewall and Malewarebytes Professional.
Are you trying to say this was an external attack? Because that's very unlikely, it must have been something you visited, clicked on or downloaded.
I think he probably doesn't understand how the infection gets in, and wasn't sure how else to explain it.
Try r studio recovery. It saved my ass before, it was able to recover almost every file lost on a 500 gig external that crapped out on me, after I had
reformatted it so it could be read at all. Don't ask me how it could do that, but it did. Scanning and revocery took forever though, a few days. Was
worth getting back all my art though.
a reply to: TKDRL
Ive kept my personal pictures and videos and will attempt to restore those, about 40Gb. the rest i can simply download again.
Just noticed that it also encrypted all my movies, avi, mp3, mp4. I could scream!!!
Ive kept my personal pictures and videos and will attempt to restore those, about 40Gb. the rest i can simply download again.
Just noticed that it also encrypted all my movies, avi, mp3, mp4. I could scream!!!
edit on 16-1-2015 by andy06shake because: (no reason
given)
a reply to: andy06shake
Unless the malware also does a DDOD style multi-wipe, which takes a while to do, some of it should be recoverable. It takes hours when I secure wipe a drive to reinstall windows. The wipe I do writes pseudo-random strings of numbers to the whole drive 30 times I think it is.
Unless the malware also does a DDOD style multi-wipe, which takes a while to do, some of it should be recoverable. It takes hours when I secure wipe a drive to reinstall windows. The wipe I do writes pseudo-random strings of numbers to the whole drive 30 times I think it is.
a reply to: andy06shake
G@d damn it!
When I gave you the male ware removal link yesterday, did it make it worse? Did ANON set that up?
In the last couple of month. ANONYMOUS set up an ATS account.
I was going to suggest yesterday, that you send an email to that member and ask what would they do. Giving this would be up their alley.
Now.. pfffffff
G@d damn it!
When I gave you the male ware removal link yesterday, did it make it worse? Did ANON set that up?
In the last couple of month. ANONYMOUS set up an ATS account.
I was going to suggest yesterday, that you send an email to that member and ask what would they do. Giving this would be up their alley.
Now.. pfffffff
new topics
-
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media: 1 hours ago -
Geddy Lee in Conversation with Alex Lifeson - My Effin’ Life
People: 2 hours ago -
God lived as a Devil Dog.
Short Stories: 2 hours ago -
Police clash with St George’s Day protesters at central London rally
Social Issues and Civil Unrest: 4 hours ago -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 4 hours ago -
Hate makes for strange bedfellows
US Political Madness: 6 hours ago -
Who guards the guards
US Political Madness: 9 hours ago -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 11 hours ago
top topics
-
Hate makes for strange bedfellows
US Political Madness: 6 hours ago, 14 flags -
Who guards the guards
US Political Madness: 9 hours ago, 13 flags -
whistleblower Captain Bill Uhouse on the Kingman UFO recovery
Aliens and UFOs: 16 hours ago, 11 flags -
Police clash with St George’s Day protesters at central London rally
Social Issues and Civil Unrest: 4 hours ago, 7 flags -
TLDR post about ATS and why I love it and hope we all stay together somewhere
General Chit Chat: 4 hours ago, 5 flags -
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media: 1 hours ago, 3 flags -
Has Tesla manipulated data logs to cover up auto pilot crash?
Automotive Discussion: 11 hours ago, 2 flags -
God lived as a Devil Dog.
Short Stories: 2 hours ago, 2 flags -
Geddy Lee in Conversation with Alex Lifeson - My Effin’ Life
People: 2 hours ago, 2 flags
active topics
-
University student disciplined after saying veganism is wrong and gender fluidity is stupid
Education and Media • 6 • : Consvoli -
Police clash with St George’s Day protesters at central London rally
Social Issues and Civil Unrest • 35 • : BedevereTheWise -
Thousands Of Young Ukrainian Men Trying To Flee The Country To Avoid Conscription And The War
Other Current Events • 119 • : FlyersFan -
Europe declares war on Russia?
World War Three • 65 • : Freeborn -
Candidate TRUMP Now Has Crazy Judge JUAN MERCHAN After Him - The Stormy Daniels Hush-Money Case.
Political Conspiracies • 731 • : Threadbarer -
"We're All Hamas" Heard at Columbia University Protests
Social Issues and Civil Unrest • 248 • : FlyersFan -
-@TH3WH17ERABB17- -Q- ---TIME TO SHOW THE WORLD--- -Part- --44--
Dissecting Disinformation • 626 • : cherokeetroy -
The Superstition of Full Moons Filling Hospitals Turns Out To Be True!
Medical Issues & Conspiracies • 19 • : FloridaManMatty -
Iranian Regime Escalates Hiijab Mandate Through Sexual Violence and Beatings of Women
Mainstream News • 166 • : purplemer -
They Killed Dr. Who for Good
Rant • 67 • : grey580