It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Cryptowall 3.0 ransomware switches to anonymous I2P network

page: 1
18
<<   2  3  4 >>

log in

join
share:

posted on Jan, 16 2015 @ 07:06 AM
link   


A new version of the Cryptowall ransom-ware exploiting the anonymous Invisible Internet Project (I2P) network has been uncovered.
Independent security researcher Kaffeine reported uncovering the Cryptowall 3.0 malware, warning in a blog post that the attack has the same advanced encryption powers as previous versions.
Cryptowall is used to create ransomware, a form of malware that attempts to blackmail victims by locking them out of infected machines and charging a removal fee.


Cryptowall 3.0 ransomware switches to anonymous I2P network



Just thought i would draw everyone's attention to a new iteration of the Cryptowall virus doing the rounds. My system was hit last night, somehow managed to skip right by my firewall and Malewarebytes Professional. Infected 6 hard drives(even external) and encrypted any and all txt, jpeg, pdf and other associated file formats with MPATTA encryption. It replaces said file types with MPATTA versions of them and deletes the originals. Cant even restore them using Shadowcopy. I have lost around 30-40Gb of personal information, family photographs and videos, all encrypted and to date essentially beyond repair.

Please be careful everyone and don't keep your backup drives connected to the PC. This virus/maleware/ransomware is particularly nasty and as of yet there is no working solution to restore your files.



posted on Jan, 16 2015 @ 07:26 AM
link   
a reply to: andy06shake

Awesome sauce.....my roomates comp got a version of 2.0. Took him forever to get it fixed.

Like honest hardworking folks dont have enough effing problems to deal with.



posted on Jan, 16 2015 @ 07:32 AM
link   
a reply to: infinityorder

Its the family and children's pictures this thing has essentially taken possession of that really sticks in my craw.


Hopefully someone will come up with a working solution because i can see my Mrs packing her bags if i cannot restore my image files to there original format. LoL


Truth be told if i did not laugh i would probably cry, i feel violated!


Tell you what they can whistle for the $1000 unlock code, im not that stupid.


Like i said through, everyone please be careful!
edit on 16-1-2015 by andy06shake because: (no reason given)



posted on Jan, 16 2015 @ 08:07 AM
link   
a reply to: andy06shake
I have been able to use a few recovery programs on an encrypted drive to retrieve the original files intact. It doesn't work 100%, but I have been able to get back many of them. Recuva is free, and a good little program. Try it. Hope it helps.

Warning: It can take hours to deep scan a large drive.


edit on 1/16/2015 by Klassified because: (no reason given)



posted on Jan, 16 2015 @ 08:14 AM
link   
a reply to: Klassified

Any help would be greatly appreciated Klassified.


What software did you use to accomplish file restoration? Did you somehow brute force the algorithm responsible for encryption? Or use some other means of restoration?

I've tried using Shadowcopy to no avail.
edit on 16-1-2015 by andy06shake because: (no reason given)



posted on Jan, 16 2015 @ 08:29 AM
link   
a reply to: andy06shake
Recuva is a deleted file recovery program. I hooked the hard drive to a separate computer, and had Recuva do a deep scan for image files, and another for video files.

Because Cryptowall deletes the original files, and replaces them, it becomes possible to recover the originals intact. Also, any good data recovery service can probably retrieve much more than a recovery program. Don't look for miracles though. Because the encrypted files over write the originals, it makes it much harder to retrieve them, and retrieved them uncorrupted.

Also be careful of some of the pay versions of data recovery programs. They are no better than the free ones in many cases. There are some legit ones out there though, that will let you try before you buy.

Free data recovery tools
Stellar Phoenix, GetDataBack, Power Data Recovery by Mini-Tool are payware.



edit on 1/16/2015 by Klassified because: (no reason given)



posted on Jan, 16 2015 @ 08:32 AM
link   
a reply to: andy06shake

is this a virus that destroys your hard drive, or locks it?
is it like the one called money pack or greendot virus? the one that says the FBI has locked your computer.
i got that one a couple of times on my old Xp system and the way i got rid of that one by, booting up in safe mode command prompt, disabled all start programs,then ran regedit, found any files that were not explorer.exe or blank that i didn't recognize. made copies and backed them up, then replaced them with explorer.exe., then deleted those. all three times that worked for me with that one it also took a while. i also found out that i was lucky, that in many cases you could not boot up in safe mode.

i understood that that one came from a couple of sources like,downloaded together with other programs or files without any permission. like fake video codecs, Flash updates or other freeware from the source that is not official.

i still use that one from time to time and have no problems.
edit on 16-1-2015 by hounddoghowlie because: (no reason given)



posted on Jan, 16 2015 @ 08:47 AM
link   
a reply to: hounddoghowlie
Crptowall does not lock the drive. It encrypts your personal files. You can still run your os, and do other things, but your personal files are locked.



posted on Jan, 16 2015 @ 08:55 AM
link   
a reply to: andy06shake

This right here is a nightmare.

We got hit on one pc in our corporate network.

The bad part with this ransomware is that it WILL scan any mapped network share on the pc. And will also encrypt the files while scanning.

If you do not have backups of the files you are stuck paying the ransom or restoring the files from a backup.

Don't let what happened to this lawfirm happen to you.


www.welivesecurity.com...



A small American law firm has admitted that every document on a server at the Charlotte-Mecklenburg company has fallen prey to the Cryptolocker ransomware, according to a report by local station WSO CTV.

The infection arrived via a phishing email, according to Paul Goodson, who heads the firm in North Carolina state capital Charlotte.

“It was actually an email that looked like it was coming from our phone system because our system sends voice mail messages as an attachment,” said Goodson. Opening the email led to “every single document” at the firm being encrypted, according to CSO’s report.

Goodson says his IT department tried to deal with the malware infection, but after their attempts failed, he attempted to pay the ransom ($300), but was by that point beyond Cryptolocker’s countdown timer. That has left every single document on the firm’s main server – including PDFs and Word documents – encrypted, according to Computer World’s report.



Moral of the story. Backup thrice!



posted on Jan, 16 2015 @ 09:01 AM
link   
The big question we all want to know is HOW did you get infected?



posted on Jan, 16 2015 @ 09:07 AM
link   


My system was hit last night, somehow managed to skip right by my firewall and Malewarebytes Professional.


Are you trying to say this was an external attack? Because that's very unlikely, it must have been something you visited, clicked on or downloaded.



posted on Jan, 16 2015 @ 09:12 AM
link   
Make sure your internet browsers and browser plug-ins are up-to-date, because one thing it looks for is vulnerabilities in out-of-date browsers and plug-ins. Like the above poster said, make sure any updates you make are from the official sites, not a third party.
edit on 16-1-2015 by Junkheap because: The screaming blue fuzzy things that are on fire told me to edit this.



posted on Jan, 16 2015 @ 09:22 AM
link   

originally posted by: PhoenixOD


My system was hit last night, somehow managed to skip right by my firewall and Malewarebytes Professional.


Are you trying to say this was an external attack? Because that's very unlikely, it must have been something you visited, clicked on or downloaded.

I think he probably doesn't understand how the infection gets in, and wasn't sure how else to explain it.



posted on Jan, 16 2015 @ 09:44 AM
link   
a reply to: Maverick7

vectors for attack can be many.

malicious advertising, website, pdf.

people don't keep their software up to date.



posted on Jan, 16 2015 @ 09:45 AM
link   
a reply to: Maverick7

That's the mystery eh? I suppose if i knew the answer i would not be in said situation.

Only new software i have recently added was a Plex media server so i can play media via my PS4.



posted on Jan, 16 2015 @ 09:48 AM
link   
a reply to: PhoenixOD

"Are you trying to say this was an external attack?"

I dont think so, its generally always something that you click or download, its how this type of maleware operates.



posted on Jan, 16 2015 @ 10:03 AM
link   
Try r studio recovery. It saved my ass before, it was able to recover almost every file lost on a 500 gig external that crapped out on me, after I had reformatted it so it could be read at all. Don't ask me how it could do that, but it did. Scanning and revocery took forever though, a few days. Was worth getting back all my art though.



posted on Jan, 16 2015 @ 10:42 AM
link   
a reply to: TKDRL

Ive kept my personal pictures and videos and will attempt to restore those, about 40Gb. the rest i can simply download again.
Just noticed that it also encrypted all my movies, avi, mp3, mp4. I could scream!!!
edit on 16-1-2015 by andy06shake because: (no reason given)



posted on Jan, 16 2015 @ 10:57 AM
link   
a reply to: andy06shake
Unless the malware also does a DDOD style multi-wipe, which takes a while to do, some of it should be recoverable. It takes hours when I secure wipe a drive to reinstall windows. The wipe I do writes pseudo-random strings of numbers to the whole drive 30 times I think it is.



posted on Jan, 16 2015 @ 11:46 AM
link   
a reply to: andy06shake

G@d damn it!
When I gave you the male ware removal link yesterday, did it make it worse? Did ANON set that up?

In the last couple of month. ANONYMOUS set up an ATS account.
I was going to suggest yesterday, that you send an email to that member and ask what would they do. Giving this would be up their alley.

Now.. pfffffff



new topics

top topics



 
18
<<   2  3  4 >>

log in

join