Cryptowall 3.0 ransomware switches to anonymous I2P network

a reply to: andy06shake

Very sorry to hear about what happened. I hope you can somehow recover your files.

originally posted by: andy06shake
a reply to: VimanaExplorer

That could be a possibility VimanaExplorer, ile give it a go on Monday.

Again, try to make a exact copy of the hard drive to another drive ( same size etc) before trying the linux option. Linux/Mac have a "dd" command (mac os x have carbon copy cloner) which duplicates the hard drive. and try your experiment on the backup drive. I din't use a windows machine in over a decade so i can't help you much there.

We all make mistakes and lessons learned. good luck to you.

that is very unfortunate to hear you got hit with this nasty cryptowall, I gotta admit it is a brilliant way of making money as disgusting and lowlife as it may be.

problem is, if it deletes the files and rewrites the sectors where those files were, recovery software will have a hard time getting anything back as far as I know.

would it be possible to brute force the key? if you had the computing power that is, lets say, a supercomputer, would it be possible to brute force it? you can rent a supercomputer for the same price as the ransom +/- .

not a small amount indeed but as a last resort maybe it could work? if anyone can shed some light on that.

a reply to: Vamana

To brute force said encryption using current technology would take time. Point of fact our Sun would probably burn itself out first.

Then again who knows as to "There" real capability's regarding encryption/decryption techniques.

a reply to: andy06shake
Not to sound like a fanboy, but have you tried any of the "easier" linux versions out lately? If it wasn't for zbrush and photoshop, I would be fulltime xubuntu user.

Sometimes it's a pain in the ass and I have to google around to figure out how to install and use some nonstandard things, it's not that different from windows. I do admit, another annoying thing is having to type admin password so much, but that is one of the reasons linux OS tend to be more secure. I have that UAC crap disabled in windows, I don't really surf too many unknown places when on windows, and noscript and adblock protect against a lot.

I used to work for a Managed Service Provider, that did IT for small/medium businesses, and a couple of things...

#1 - Paying the ransom with the Cryptolocker virus, did result in the files being restored.

#2 - Webroot Antivirus was the only one that caught the virus in our testing. (I use webroot now, and as Dir. of IT at the company i'm at, we use it as well)

#3 - People always underestimate the value of backups. CrashPlan Pro is $10/month for backups and you have unlimited storage. At a cost of $120/yr, it's very worth it, to me, to not have to worry about my files ever dissapearing or becoming corrupted. Even without this virus, if you have just 1 copy of your files, you're playing Russian roulette. Harddrives have a lifespan of 3 - 5 years and even a slight mechanical malfunction, can result in total data loss.

I'm sorry to see that you got hit with this virus, OP. If the lost files are worth it, it might be valuable to pay the ransom and see if they become unencrypted. Whoever made this virus doesn't really care about destroying the files of other people and just wants money. If it's the same group as the Cryptolocker, then paying does work. Likewise, if word got out that paying didn't work... well, that would defeat the purpose of the virus.

a reply to: Vamana

Heh, first - Smite's a great game.

Secondly - you're right. It is a great way to make money, as terrible of a system as it is. I recall reading an article late last year that estimated (through monitoring blockchain transactions) the Cryptolocker virus had generated 20ish million in revenue.

are macs and pc's equally vulnerable? I used to get the FBI has locked your computer thing. But i would just force quit the internet browser and re open it with no problems.

originally posted by: tehspiritw0lf

originally posted by: PhoenixOD
a reply to: andy06shake

How about using software that searches for deleted files and try to find the restore points?

It's 2048-bit RSA, at least from the variants that I have seen. You could brute force it with today's technology. It would just take longer than the time that the universe has been around...

The only other option would be to locate the server and hack it to get the keys back.

Well if its RSA you could always give the NSA a ring! I hear the NSA and RSA Security are tight and the NSA is public agency right? You should be able to nicely ask them for help.

On a less sarcastic note, I feel for you. That really sucks and the anonymity of the internet has allowed for those who might not otherwise engage in such behavior to do so with a "clean" conscience. At least to them. I hate to say it, but if you have the means I would just bought up the $500 before the price doubles. There is no guaranteed, reliable way, to undue the damage. File recovery programs might help but its hard to say. Good data recovery services are good but still a crap shoot and come with no guarantees as well. I wouldn't want to pay, and right now couldn't.

Whatever you end up doing I would reccomend switching to a Linux distro after all is said and done. You don't need a PhD. to use it and its not like the old days installing Slackware from 20 floppy disks via command line. There are great graphical installers available that are very easy to use as well as a wealth of resources across the web for any chosen distro. YT has great walkthroughs for begginers. I'd reccomend looking into LinuxMint in a Gnome flavor. It is very easy to use, has a wealth of quality, free open source software all available through an intuitive, clean graphical package manager. If there are windows apps that you REALLY need you could always run windows in something like VirtualBox, XEN or KVM to name a few. And of course there are many other user friendly, SOHO/Home user type, distributions available. www.DistroWatch.com is a great starting point. Additionally you'll have free access to strong crypto and anonymity tools. I'd also reccomend placing your photo backups not only on a spare drive but in the cloud as well. Google has a great service for that to name just one. Hope that helps a bit and good luck.

a reply to: BASSPLYR
You can make a window OS pretty safe, but you have to trade convenience. Turn security up to high, get a good firewall, I liked comodo, noscript and adblock on the browser is a good start. Keep weekly backup copies, I use r-studio recovery, and keep your backups and personal files on a removable hard drive.Keep the hard drive disconnected when not in use. I get infected or my OS starts breaking down, I just wipe the OS partition, and ~30 minutes later I have a backup restored OS with all my programs installed and ready to go. Each backup takes about 45 minutes, and takes up ~40 gigabytes of space.

a reply to: TKDRL

Thanks TKDRL! I have an aging mac laptop. Any advice for one of those?

a reply to: BASSPLYR
I haven't had anything other than PC, never used macs since 2nd grade in school, I think it was called apple, all I remember was a turtle cursor lol. Out of my knowledge scope

Did you try booting up ubuntu from a usb and trying to retrieve the data that way?

a reply to: BASSPLYR

What you were experiencing was a bit different, actually a lot different. Its not that Macs are more secure, a common misconception, though one that is now abating. In the past couple of major updates Apple has improved RAM level security but there is still more to be done. Its just that Macs used to be "Safer", and to an extent still are. Its all based market share which translates to criminal interest. As Mac OS market share increases so will attacks. So to answer your question, from a technology standpoint Macs may in fact be more vulnerable but at least equally. From a practical standpoint, especially in conjunction with good security practices, they offer a bit more safety. Just keep in mind however, nothing is ever truly "secure".

a reply to: sosobad
It won't matter all Ubuntu is going to see is the encrypted files. One could try running data recovery from Linux but I'm not sure as to the quality of those particular types of tools in regards to recovering Windows data.

a reply to: andy06shake

Check your operating systems RSA encyrption folder, the master key will be in there.

originally posted by: andy06shake
To brute force said encryption using current technology would take time. Point of fact our Sun would probably burn itself out first.

Then again who knows as to "There" real capability's regarding encryption/decryption techniques.

I only know what I read in public literature, which is they have at least partial help built into some encryption technology so they don't have to rely on complete brute force, but they probably don't have a complete backdoor either, so it still takes a lot of work, just a lot less than you might think if you didn't know about their "shortcuts".

There is a possibility that computers could be so much more powerful 10 years from now that they might be able to break today's encryption, so even if the sun would burn out before you decrypt the files using brute force with today's computer, that may not be so with a future computer. I read that NSA is saving a lot of data they can't decrypt today but they expect to be able to do so in the future, but of course they have supercomputers available which are a lot more powerful.

originally posted by: TKDRL
a reply to: BASSPLYR
You can make a window OS pretty safe, but you have to trade convenience. Turn security up to high, get a good firewall, I liked comodo, noscript and adblock on the browser is a good start. Keep weekly backup copies, I use r-studio recovery, and keep your backups and personal files on a removable hard drive.

I've been reading the transmission methods for the exploit in the OP. So far I've discovered three:

1. Opening an e-mail attachment, that uses social engineering to get you to open it. Apparently it's a zip file, but so far I haven't seen an exact description of the contents of the zip file.
2. Flash exploits.
3. Java browser plug-in exploits.

Are there others? Probably but I haven't confirmed what they are...I would have also guessed Javascript exploits (which sounds similar to, but is different from Java. And even if this isn't transmitted via _javascript, other malware can use _javascript).

So there are additional specific protections for this malware:
1. Obviously don't open any e-mail attachments if you're not sure the source is trusted.
2. You can do some things to limit the risks of flash. Firefox has an add-on called flashblock, but on my most secure PC I don't even install flash because of this type of risk.
3. Even if you need Java for something, this doesn't mean you need to install the Java browser plug-in, they are two different things, so don't install the latter unless you really need it (I don't install either on my most secure PC).
4. As you said noscript will reduce threats from Javascript related exploits, though it takes a little skill and experience to use it properly. A lot of sites won't work without it, including this one, but you're still better off if you whitelist this site and a few you trust, while leaving the rest in an "untrusted" category where the _javascripts won't run by default, because sometimes that's the way malicious ads work, they redirect you to a "bad" site which installs "drive-by" malware.

a reply to: andy06shake

Hello, Please look at and read the following .... hope the link helps

www.techsupportalert.com...

Install and config " CryptoPrevent !

www.fooli.../

originally posted by: Quadlink
a reply to: andy06shake

Hello, Please look at and read the following .... hope the link helps

www.techsupportalert.com...

As Andy already knows, it won't. He doesn't need to undelete files, he needs to unencrypt them. Data recovery software doesn't do that.

originally posted by: Quadlink
Install and config " CryptoPrevent !

www.fooli.../

For all I know that's made by the same criminals that created the problem in the first place. I would never install that.

Pretty good scheme though, collect ransom money and then also collect money selling software to prevent the problem you created. Profitable, though criminal business plan.