CRYPTOLOCKER...

[hanfonius]

I have just received the following information from Pitstop.
It is very worrying.....
techtalk.pcpitstop.com/2013/11/15/cryptolocker-year-ahead/?rob-yearofcryptolocker=



The latest ransomware is called CryptoLocker, and it is perhaps the most evil piece of malware yet created. CryptoLocker infects a computer, and secretly encrypts its most precious files and demands a ransom for the data. Like its predecessors, spyware, rogue antivirus software, and the DOJ/FBI viruses, CryptoLocker’s motivations are financial. Unlike it predecessors, once CryptoLocker infects, no security software can undo its harm. This should give us all major pause and force us all to rethink 1) how we are protecting our computers and 2) how we back up our data.

In the last two weeks, there were two new revelations about CryptoLocker. 1) When CryptoLocker infects, there is a 72 hour deadline to pay the ransom for roughly $300. If you don’t pay in the 72 hours, the ransom escalates to $3000. 2) It is possible to remove CryptoLocker using security software, but this ironically is counter productive. Once the software has been removed, you know longer have the ability to pay the ransom and your files are still encrypted. To solve this problem, CryptoLocker created a customer service department to help victims pay ransoms.

The company behind CryptoLocker is rolling in cash and they are building out the infrastructure of a real enterprise.

CryptoLocker is a polymorphic virus meaning that it escapes the detection methods of almost every security product. PC Matic, though its use of a white list, stands alone in its ability to proactively block CryptoLocker and other polymorphic viruses. That said, PC Matic is a small security player, and will do little to impede CryptoLocker’s trajectory.

So what’s in store?

CryptoLocker will become a household name.

The security industry as a whole adapts glacially to new threats such as CryptoLocker. The reality is that polymorphic viruses have been around for half a decade. The difference is that CryptoLocker’s destruction level, and that it escapes remediation. In one year’s time, CryptoLocker will be a household name, and a profit and loss statement that would make Wall Street drool.

CryptoLocker will become more sophisticated.

There is a patch to avoid the current strain of CryptoLocker by not allowing programs to run from certain directories. The problem is that few people will adopt this measure and if they did, CryptoLocker could easily move its execution to a different directory. To be clear, CryptoLocker is a cloud based company that can adapt agilely to changes in its environment.

Today, CryptoLocker encrypts most of the common file types such as Excel, Word, photos, movies and so on. I have learned that it does not encrypt Quickbooks files. I am sure this is a minor over sight on CryptoLocker’s part, and future revisions will target an ever growing list of file extensions.

In its drive for market domination, CryptoLocker will target Apples and Macs. Apple users have lived for decades under the false notion that somehow Macs are more secure than Windows. That bubble will be popped as CryptoLocker continues to wreak havoc throughout 2014.

External hard drive sales will grow.

Two years ago, online back up was the hot topic, and certainly the rave of the investment community. Unfortunately, many of the online back up solutions are little help against CryptoLocker since the encrypted files are copied to the remote server and the originals are lost when using the lower pricing tiers of these companies.

The best protection is manual backups and then disconnect the drive from the computer after the backup is completed.

Conclusion

Prior to CryptoLocker, we had the DOJ/FBI virus. Like CryptoLocker, DOJ/FBI is a polymorphic virus that escapes the detection of virtually every security product. The difference is that it was not difficult to remove DOJ/FBI from the computer without paying the ransom.

2014 will be a banner year for the external hard drive companies and of course CryptoLocker.

[Geoff]

More info about this infection and how to prevent it posted by Jack

thesquattersarms.proboards.com/thread/6791/prevent-computer-infected-cryptolocker

[nob]

Interesting reads from the link about this virus.

[jal]

Here is the other link to CryptoLocker from Malwarebytes

blog.malwarebytes.org/cyber-crime/2013/11/cryptolocker-ups-the-ante-demands-2000-for-overdue-ransom/?spMailingID=7441926&spUserID=MTA1Nzk0NzA1MTYS1&spJobID=99638499&spReportId=OTk2Mzg0OTkS1

[Geoff]

Nov 24, 2013 9:54:14 GMT jal said:

Here is the other link to CryptoLocker by Jack

thesquattersarms.proboards.com/thread/6791/prevent-computer-infected-cryptolocker

I know i posted it earlier

[jal]

Hi Geoff
Thanks I thought your link was the Prevent link only I should have checked first.
So I've added a link from Malwarebytes instead.

[Anne]

if you are having to pay a ransom, surely there must be a trail to the people responsible? or am I just naive about these things?

[arch]

If you have a clean OS backup on an ext HDD like with Acronis. If you were unfortunate to get this Malware settled on your 'puter, then wouldn't doing a re-install with the Acronis sort it.

[Ratae]

Nov 24, 2013 10:54:34 GMT Anne said:

if you are having to pay a ransom, surely there must be a trail to the people responsible? or am I just naive about these things?

From the looks of it, you'd need the tracking skills of Geronimo with a bloodhound to follow the trail!



Just saying like.

[Ratae]

Nov 24, 2013 13:04:49 GMT arch said:

If you have a clean OS backup on an ext HDD like with Acronis. If you were unfortunate to get this Malware settled on your 'puter, then wouldn't doing a re-install with the Acronis sort it.

Probably the best policy, is not to open any Emails from unknown sources!

Anyway, they've as much chance of getting $3000 out of me, as I have getting a drink out of Nob!

[arch]

Nov 24, 2013 13:22:47 GMT Ratae said:

Probably the best policy, is not to open any Emails from unknown sources!

I make it my policy never to do so Ratae. MBAM Pro runs everyday on my 'puter. According to what I read on Geoff's link if it aint already on your machine than MBAM will warn you if it tries.


As for that Injun and Bloodhound caper, tried the hound, still looking for G

[dinger]

Just appeared in the mag www.snipca.com/10690 to prevent itinsert code here

[Ratae]

The thing is, just how much security do you need to install on a puter?

I suppose that some folks would say "You can't have too much" and they may well be right, but I already have Avast Free A/V, MBam Pro, Windows Defender and Super Anti Spyware, have a custom (MVPS) Hosts file and WinPatrol all running on both of my Windows machines, that seems enough to me!

I suppose I do have one small advantage though, if I have a suspicious email, perhaps one that I'm not too sure about, I can always open it in my Linux machine.

Just 'cos I'm paranoid, doesn't mean that they ain't all out to get me innit!

[dinger]

I am not sure, but I think most of the 'normal' security stuff is no good at stopping this, hence the other output. It certainly seems to be nasty.

[Geoff]

Nov 24, 2013 10:54:34 GMT Anne said:

if you are having to pay a ransom, surely there must be a trail to the people responsible? or am I just naive about these things?

My thoughts exactly Anne surely its blackmail