Just a heads up about the new ransomware called cryptolocker that is circulating: Method of transmittal: infected attachments to email or through website. Operation: infected .exe file encrypts user files including docs, pdfs, jpgs, etc. Displays ransom notice with countdown timer. If ransom is not paid before expiration of timer the private encryption key is deleted from the creator's server making recovery of the "locked" files just about impossible. Ransom: reports range from a low of $100 to a high of $2100. Removal: simple - most any antivirus program will flag it and remove it or there are numerous guides to removal online. Problem: removal of the virus does nothing to decrypt the locked files. Removal of the virus stops you from obtaining the key after paying the ransom. Virus spreads to mapped network drives encrypting as it goes. No way to decrypt files without paying the ransom. None. Prevention: a gentleman named Nick Shaw from Foolish IT, LLC. has written a free tool called Cryptoprevent for Windows pcs that creates several security policies to prevent the execution of the infected file. You'll have to google the link as the profanity filter here blocks it! Disclaimer: I have no association whatsoever with Nick Shaw or Foolish IT, LLC and know nothing about the operation or contents of his Cryptoprevent tool Use entirely at your own risk.
Installed it for the heck of it, to see if it would blow my system up. Pretty painless I downloaded the executable, not the portable version. The download version gives you the option to receive updates (with a fee) and uninstall the protection Group Policy edits. Image Unavailable, Please Login
Very deadly attack. You will pay them money or reformat your computer. Will also affect attached backup drives. Cloud backup should be safe. There are also copy-cat viruses out there as well. My systems haven't been hit, but others I know have been. Not fun.
There's already been an update since I installed it that night. I opened the program, and did as shown below. I clicked update and it went and located and installed the latest update. But I had to click "apply" again to install it. Image Unavailable, Please Login
Yes there have been several. There is a version available for purchase that does automatic updates. The creators of cryptolocker are monitoring the threads on security sites like bleepingcomputer and reading the discussions on reddit and making changes in the virus. There are also copycats starting to appear.
The best prevention for something like this is external backups of any sensitive data you can't afford to lose! An external 2TB HD is $100 and worth it's weight in gold if something like this strikes!
Similarly, all the files in shared network drives that were connected at the time of the attack could also become encrypted and inaccessible. Heres a scary what-if (although real) scenario regarding CryptoLocker: They've taken my storage hostage ... now what? How one user device nearly brought down the business More info: CryptoLocker ransomware ? see how it works, learn about prevention, cleanup and recovery | Naked Security Cryptolocker Ransomware: What You Need To Know | Malwarebytes Unpacked CryptoLocker Ransomware Information Guide and FAQ
With one slight correction: the only safe backup is an external "cold storage" backup. If your external drive is connected and assigned a drive letter it will be encrypted along with your other files. If the previous backups are overwritten you are screwed. If you are using a cloud solution and have the client running the newly encrypted files will be happily backed up to the cloud overwriting the previous copies unless you have some form of versioning - storing multiple copies of the same files. Carbonite, one of the popular cloud solutions, has file versioning but it is not documented. Carbonite suggest disabling the client as soon as you realize that your files are encrypted. Contact support and tell them that you are a victim of cryptolocker and they will give priority to your ticket and help you get the previous un-encrypted files restored.
