Crypto Locker Infects Computers Across U.S. Important!

reply to post by adjensen

You can do just that by creating a new user account. Go to the control panel, go to user accounts and (follow your nose a bit) set up a new account and choose restricted user. If the administrator account has a password then you will be prompted for that password before making any changes such as settings or installing new software.

Very nasty looking malware, thanks for brining it to our attention.

Since this is ATS, I don't think it's far-fetched to ask:

"Who benefits in the long-term from the mass distribution of malware of this nature?"

In the short-term it seems to be the hackers that wrote the code.

In the long-term it seems that companies that produce backup services and products appear set to make an absolute goldmine if this thing spreads far enough.

reply to post by Dark Ghost


Trying to teach people about data security is like banging your head against a wall most of the time, businesses who value their data will already have multiple backups etc and all i'd do is just reconfigure the AV software on the email server to reject all .pdf/.exe files and job done for the moment

Its the normal users who think...ooh UPS sending me an invoice...never used them but lets have a look anyway and whammo they're fubar'd

going to be fun on a lot of support forums for a while as people whine over their data being held to ransom till the exploits are patched

Everyone should have a portable USB hard disk for their precious files and data - not just because of viruses attacks but also because Hard Disk Drives do fail, get a "bad" one like any car and it could break down in a matter of weeks from new. Others can of course run for many years without issue.

These ransom-ware programs are not new, previously they would just tell you that your files are encrypted and just set the folder permissions to hide hidden, then 'hide' them. I see that one virus writing scumbag took it one step further and then added a time limit!!!

What a total bastard!

reply to post by Dark Ghost

You might want to take a look at Skyfloating's thread from 2008. The anti-virus software conspiracy
In my opinion, there is a long list of those who benefit from Viruses, Malware, Junkware, Ransomware, etc. Of course, that list begins with the A/V companies. But they would never... I'll save that for another thread though.

incoserv

adjensen
We have to clean up my mother-in-law's computer quite often...

Get Granny on Linux ASAP! I recommend Linux Mint.

Good grief, I'd be over there twice a day to explain stuff to her if I did that, lol.

She wants to read the obituaries on the local newspaper website, see the posts of her family members on Facebook and play games on Pogo. That's the extent of her computer usage, and she still manages to get into trouble.

reply to post by Wrabbit2000

In my personal opinion, the way society handles and punishes the people behind these needs to be elevated to a significant degree. There isn't near the deterrent 'it isn't worth it' factor now that there needs to be.

I think the problem is that the majority of for-profit cyber crime is perpetrated by people in eastern European and Asian countries that have little interest in investigating crimes against individuals and businesses in the rest of the world, particularly America.

It only affects windows PCs but

Oh, Linux. How I adore you.

Free.. safe.. just a little Unix/old school computing background and you're good..



Regards, stay safe Windows users.

-AA

I actually got this virus a few weeks ago. Some versions will even snap a photo of you if you have a webcam hooked up. It's just a scare tactic. DO NOT PAY THE RANSOM.

I was able to get rid of this virus by booting in to safe mode with command prompt and running a system restore from the console. I was able to set it back two days before the infection and was able to get rid of it. However, some versions of this virus will not allow you to restore this way or let you into safe mode at all.

Again, paying the ransom will only put money in the pockets of the hackers and will probably not unlock your computer.

DO NOT USE COMBOFIX TO CLEAN THIS!!!!!

Combofix will inadvertently cause your restore directory to be unusable.

Current virus protection and current updates will catch this on most AV's. It's a nasty one and sadly if you have critical data, paying the ransom is probably the best option if you have no backup.

Backup data, and keep your AV current. Don't be that guy.

Amazing isn't it? The NSA can listen to the most private chats of Heads of State on their "secure" communications. They can hear a radio transmission from remote corners of outer Mongolia or the Russian Steppes. Heck, they can probably even track Submarines by now, with just the electromagnetic signature everything not dead and cold, leaves in the ocean.

.....but the keepers of all things to know all people's dirty laundry and intimate secrets can't track some criminal scumbags that actually create a money trail right TO them, every single time they get a sucker to pay up.

Wow.... We pay all this money for national "security" agencies ..for WHAT reason again??

Maxatoria
reply to post by Dark Ghost

 

Trying to teach people about data security is like banging your head against a wall most of the time,

I have found that the customer who just lost all his data is usually very receptive to a backup plan. Much more so than before his personal disaster struck.

It's a shame folks will whine about spending a few bucks on a solid disaster recovery plan and then look at you with that bewildered look when you tell them everything is gone.

reply to post by Wrabbit2000


Good point.

Maybe they'll find another use for all those drones -- trace the money back and obliterate the guy's house. If I was a hacker, I know I'd find another use for my skills pretty quickly if those were the potential repercussions.

(In no way am I recommending the use of drone strikes on private homes in Eastern Europe )

reply to post by Wrabbit2000

.....but the keepers of all things to know all people's dirty laundry and intimate secrets can't track some criminal scumbags that actually create a money trail right TO them, every single time they get a sucker to pay up.

Wow.... We pay all this money for national "security" agencies ..for WHAT reason again??

Exactly what I was saying in the OP. What the NSA isn't doing should speak much louder than what they are doing.

Wrabbit2000
Amazing isn't it? The NSA can listen to the most private chats of Heads of State on their "secure" communications. They can hear a radio transmission from remote corners of outer Mongolia or the Russian Steppes. Heck, they can probably even track Submarines by now, with just the electromagnetic signature everything not dead and cold, leaves in the ocean.

.....but the keepers of all things to know all people's dirty laundry and intimate secrets can't track some criminal scumbags that actually create a money trail right TO them, every single time they get a sucker to pay up.

Wow.... We pay all this money for national "security" agencies ..for WHAT reason again??

They are not scared of criminals they know.

Its the terrorists they dont know.

bloodreviara
The article i just read about it mentions bitcoins specifically,
time to put on my tinfoil hat, what if its a false flag to take
what little credibility bitcoin has left and flush it?

Get rid of something that was becoming a thorn in their side.
A big thank you the OP, i haven't run across this one yet and
hopefully can get my customers to avoid it as well.

Mostly Bitcoin related news, even when it's mentioned in articles about criminal activity, seems to drive up the price. For instance, when the news came out on Oct 2nd about the FBI's arrest of Ross William Ulbrich (aka Dread Pirate Roberts), operator of the Silk Road and the seizure of his wallet, there was a momentary dip in prices followed by a massive increase in trading and the price has skyrocketed from $125 on Mt.Gox to over $225 (it's at $210 now).

Homeland security has seized over $5 million from Mt.Gox this year, starting with $2.9 million in their Dwolla account, and each time it's made the news, the price has gone up. There is a lot of market manipulation in the cryptocurrency markets and lots of pump and dump schemes, particularly with Novacoin (NVC), Feathercoin (FTC) and some of the other smaller coins.

Honestly, I'd be just as likely to believe that it was a move intended to pump up the price. At some point Crypto Locker's authors are going to start laundering their misbegotten gains through markets, probably BTC-e which is based in Russia. An interesting property of cryptocurrencies is that all of the transactions persist forever in the blockchains and I'm wondering if the FBI is recording the wallet addresses that are being used for receiving payment? I know that they were doing something similar to track transactions going through Silk Road despite obfuscation measures.

Cyber criminals were trying to frighten us with hundreds of computer errors while showing fake antivirus scans, then they shifted to fake police warnings like FBI virus, now they just encrypt files. What's next?

My sister managed to remove the infection with the help of malwarebytes: privacy-pc.com... But her files remained infected as she could not use the restore-the-previous-versions feature of Windows, she found a local computer repair man who used some super forensic tools and restored files, explaining that they were still present on the machine but unattached from the partition.

reply to post by Klassified


Didn''t read the entire thread.. So don't know if this has been
posted,but i repaired a computer with this infection about a week ago.

The secret is having your system retore turned on, I got into the computer and restored to before
crypto got in.

After this though you need to run an Antivirus that is capable of removing it.

In my case that was Eset Antivirus.

Swich off system restore before running your antivirus.

reply to post by rigel4


The 'virus' itself is pretty much meh its the fact that it can turn a computers files along with anything else visible into something thats going to take feck knows how long to decrypt any encrypted files

if you get your files shafted its either pay up or hope the NSA has a copy of your hard drive and they feel generous enough to hand it over

reply to post by rigel4

So far, I haven't gotten one with this on it yet. But a friend of mine did, and he tried system restore, because it works with the fake FBI/DOJ Ransomware. For him, it didn't work. The files were still encrypted. This makes me wonder if there is more than one version of this out there. There are 3 or 4 versions of the FBI/DOJ Ransomware. Thanks for the input. I wasn't there when he did it though, so he might have made the mistake of trying to remove it before he used system restore. I'll have to ask him.