It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Cryptowall 3.0 ransomware switches to anonymous I2P network

page: 5
18
<< 2  3  4   >>

log in

join
share:

posted on Jan, 18 2015 @ 05:48 AM
link   
a reply to: Quadlink

I take it you mean "cryptoprevent" from the link below

www.fooli.../vb6-projects/cryptoprevent

To be honest this "CryptoPrevent" looks dodgy as hell and like Arbitrageur pointed out could quite possibly come from the same type of nefarious individuals responsible for the CryptoLocker maleware in the firstplace.

Also if you read the info provided this only claims to protect up to variant "v2", i take it that means 2.0. The current iteration of the virus, and the one responsible for the infection of my machine is the 3.0 variant.

Cheers for the advice mate but i dont see this CryptoPrevent helping matters regarding file decryption, in fact i imagine it could quite possible make matters worse by way of additional infection.

Do you have personal experience of using said software/program?
edit on 18-1-2015 by andy06shake because: (no reason given)




posted on Jan, 18 2015 @ 04:59 PM
link   
OP, if you still haven't done anything with the drive or files, try this - I did this on a couple of laptops that were infected with the last iteration of this virus, and it recovered the non-corrupt versions (our network was corrected as well - we had to restore backups):

If running system restore (and most computers do - it's on by default), you can open system restore, click on "other dates", then minimize that - then browse to your my documents folder, pictures etc.. right-click and you will see a "restore a previous version" option. Restore a version prior to infection - that should restore unencrypted files.

I restored all data for 2 employees using this method. Good luck!



posted on Jan, 18 2015 @ 08:02 PM
link   
a reply to: fleabit
You sure it was cryptowall and not cryptodefense? Some people get those confused. You're the first person I've seen suggest that method would work with cryptowall, and I've been reading a lot of tech blogs like the one below.

Here's one of the better analyses of cryptowall, which says he was able to recover about 95% of his client's files, but not using the method you described. It looks like the success rate might depend on how much drive space is free which would influence how many of the deleted files would be overwritten and thus not recoverable, at least using the method described here:

CryptoWall Encrypted File Recovery and Analysis

As a disclaimer with all file recovery some files may not be recoverable if the slack space was overwritten. In each separate case, file recovery will depend on how many files were encrypted, and how much free space the drive had before it had to start overwriting old slack space for new files...

In my client’s case I was able to recover approximately %95 of the files



posted on Jan, 19 2015 @ 04:41 AM
link   
a reply to: fleabit

Fleabit, seems the virus "Cryptowall 3.0" disables or deletes your Windows restore points and also deletes the shadowcopys of the associated encrypted files after it enters in to the second stage(ransom goes up). So a system restore really was not an option. The information and files that were encrypted on my other drives i have left alone(anything i could not replace that is). However as of yet i have been unable to retrieve or decrypt any of those files.

The maleware in question "cryptowall 3.0" is gone, its the results im attempting to deal with(file encryption).
edit on 19-1-2015 by andy06shake because: (no reason given)



posted on Jan, 23 2015 @ 04:32 AM
link   
Seems it is not easy like this to decrypt files so I am doing backups of all comps and smart phones about once a month and important drives once a week. Auto backup features help.



posted on Jan, 25 2015 @ 11:14 AM
link   

originally posted by: Arbitrageur
a reply to: fleabit
You sure it was cryptowall and not cryptodefense? Some people get those confused. You're the first person I've seen suggest that method would work with cryptowall, and I've been reading a lot of tech blogs like the one below.

Here's one of the better analyses of cryptowall, which says he was able to recover about 95% of his client's files, but not using the method you described. It looks like the success rate might depend on how much drive space is free which would influence how many of the deleted files would be overwritten and thus not recoverable, at least using the method described here:

CryptoWall Encrypted File Recovery and Analysis

As a disclaimer with all file recovery some files may not be recoverable if the slack space was overwritten. In each separate case, file recovery will depend on how many files were encrypted, and how much free space the drive had before it had to start overwriting old slack space for new files...

In my client’s case I was able to recover approximately %95 of the files


It was cryptowall 2 - it had not turned off the restore points. I don't believe it does. At least the variation we had did not. : )

Andy, sorry to hear the new version turned off your restore points - lots of the more recent common malware does the same thing (and bluescreens if you try to go into safemode). I really hate this virus on a network.. just takes one non protected client to screw up a lot of stuff in a hurry.



posted on Jan, 25 2015 @ 11:23 AM
link   
a reply to: andy06shakeThe United States Computer Emergency Reddiness Team US-CERT, an official website of the Department of Homeland Security has provided this site to help protect your computer from such attacks as indicated in this thread. The URL reference is included below.


US-CERT



posted on Jan, 26 2015 @ 05:59 AM
link   
a reply to: machineintelligence

Cheers for the info mate but im in the UK and to be honest i really dont wish to have anything to do with such a nefarious organisation as the Department of Homeland Security.



posted on Jan, 26 2015 @ 01:18 PM
link   
a reply to: andy06shake
It's a bit dated, talking about how to secure the IE7 browser, etc.
But aside from being out of date, the advice for when it was written is surprisingly good, much like you'd get from a security site that has nothing to do with US gov't. For example, they recommend the use of noscript on Firefox, which is pretty good advice, but using it properly is a lot harder than just installing it.

They also mention 2 of the 3 methods I know of that cryptowall infections can occur, Java and opening e-mail attachments.

They don't mention flash vulnerabilities, though they do mention keeping your software updated which if you do that with flash and java, might help. However if you believe Adobe and Oracle that every single version of flash and java they have ever made is insecure except the current version, you'd have to be a fool to think the current version is secure. When the next version comes out they'll be saying that one too has more holes than Swiss cheese and you need to upgrade for security reasons. This is why I don't install those apps at all where security is a priority.


edit on 26-1-2015 by Arbitrageur because: clarification



posted on Jan, 26 2015 @ 02:36 PM
link   
a reply to: Arbitrageur

In my case my money would be on Java, or some other maleware variant. You know the score, go to some sites and you are presented with the old chestnut "Your version of Java is out of date please click here to update". Lo and behold two clicks later your infected with some nasty sucker. My bets one of my kids or my Mrs ether done the above on my rig or there own connected to my network.



posted on Mar, 10 2015 @ 02:47 PM
link   
a reply to: andy06shake

Yes i am a 28 years microsoft cert engineer and use it on all my systems, if you look at what it does with group policy etc it can help alot in conjunction with a good AV like antivir, esp to folks who are not Tech proficient


Security is high on my priorities and i check everything before active application, i install and test on VM machines
before i roll it out on my systems



posted on Mar, 12 2015 @ 04:15 AM
link   
a reply to: andy06shake
Next time, you know NOT to go online with an useraccount that has root/admin privileges and I say it did not skipped right by your firewall and your antivirus. Unless some service/tool running on your machine (with admin priv) was exploited and even then most of that useless software firewalls would spawn a popup for you at least. Is your UAC deactivated?



posted on Mar, 12 2015 @ 04:53 AM
link   
Why doesn't the FBI infect a random computer, pay the extortion fee, and follow the money trail? I mean, you know they have the capability of tracking a dollar anywhere. Alphabet agencies should find where these people are, and let the CIA drop a predator missile on their locale...

On second thought, this Crypto malware was probably developed by a government as a 'tax' on the non tech folks in the world.

edit on 3/12/2015 by EternalSolace because: (no reason given)



posted on Apr, 20 2016 @ 03:49 AM
link   
Hello! I sympathize with you!
I was faced with such a problem because of the Cerber ransomware (encrypted photos that can not be corrected) .
I was very angry! I treated a laptop as advised on this site:
nabzsoftware.com...
Now everything works well))



posted on Apr, 20 2016 @ 07:45 AM
link   
a reply to: KindFairy
I see a "free" version and a "Pro" download link, did you have to use the "Pro" version and if so how much did that cost you?

Someone posted a different software solution that you had to pay for and I couldn't tell if it was being sold by the same folks that were circulating the malware.



posted on Apr, 20 2016 @ 08:27 AM
link   
I have a coworker whose computer got hit. One of her functions is sales....so it sucked pretty bad for us. She keeps a lot of paper files, and we scan and email stuff all the time as a "backup". So she recovered almost everything, except her calender on her outlook.

ive never had a virus on any computer that I used exclusively.



posted on Apr, 20 2016 @ 11:34 AM
link   
a reply to: andy06shake

Terrible news there, I would definitely keep your drive on the shelf though. As someone else mentioned, you never know what decrypt tools will become available in the future. So the best wishes on that.

On another note, just in case some people are interested, I have to recommend that you NEVER use a windows machine for i2p or even tor if you plan on using i2p or .onion sites. tor is fine if you are just using clearweb sites though, no problem there. At the least you should be using Tails on a live usb, which saves the hassle of using a specifically made VM. The fact that Tails uses amnesia (information is saved to ram, which is wiped at the end of a session) should more or less assure there are no viruses crossing over to the other OS.

There are other linux distros that work well also, but making a live usb is highly recommended. If you absolutely need to, you can allow persistence and admin privileges, although you really shouldn't need admin priv if you are just browsing.





posted on Apr, 25 2016 @ 09:13 AM
link   

originally posted by: TKDRL
Try r studio recovery. It saved my ass before, it was able to recover almost every file lost on a 500 gig external that crapped out on me, after I had reformatted it so it could be read at all. Don't ask me how it could do that, but it did. Scanning and recovery took forever though, a few days. Was worth getting back all my art though.


That is one of the little secrets in IT... Formatting the drive can allow a recovery sooner because you are not A.) Using a destroyed File Allocation Table. B.) Formatting does not necessarily 'delete' anything... It may remove first character recognition from file names in allocation tables (like FAT/NTFS), replacing it with machine language coded to overlook and overwrite.


And r studio is a good tool.

I'll throw in a tip I employ from time to time.

If you find yourself with a dead drive, and the data must be recovered... Don't send it to an expensive data recovery place... Sometimes drives do not fail on the 'media' stored level, but, on the circuit board level. Find another drive of the same drive type and version number (very important) and swap the circuit logic board. It can get a drive back from the dead and save a boat-load of money from data recovery fees.




top topics



 
18
<< 2  3  4   >>

log in

join