Cryptolocker... New and really,really nasty malware....

jon s

CryptoLocker is a new and nasty piece of malicious software is infecting computers around the world that appeared the last week of September – encrypting important files and demanding a ransom to unlock them.

According to Sophos, the worldwide digital security company, it’s been hitting pretty hard for the past six weeks or so.

“It systematically hunts down every one of your personal files – documents, databases, spreadsheets, photos, videos and music collections – and encrypts them with military-grade encryption and only the crooks can open it,” said Chester Wisniewski, a senior security advisor at Sophos.

Even though it’s infected, your computer keeps working normally; you just can’t access any of your personal files. It’s scary, especially if you haven’t backed-up your data.

CyrptoLocker is different from other types of “ransomware” that have been around for many years now that freeze your computer and demand payment. They can usually be removed which restores access to your files and documents.

Not CryptoLocker – it encrypts your files. There’s only one decryption key and the bad guys have that on their server. Unless you pay the ransom – within three days, that key will be destroyed. And as the message from the extorters says; “After that, nobody and never will be able to restore files…”

The typical extortion payment is $300 USD or 300 EUR paid by Green Dot MoneyPak, or for the more tech savvy, two Bitcoins, currently worth about $400.

To instill a sense of urgency, a digital clock on the screen counts down from 72 hours to show much time is left before that unique decryption key is destroyed.

This sophisticated malware is delivered the old-fashioned way – an executable file hidden inside an attachment that looks like an ordinary ZIP file or PDF. One small business reports being compromised after clicking on an email attachment that was designed to look like a shipping invoice from the U.S. Postal Service.

Open that file and bad things start to happen, although it may take several days for the ransom demand to pop up on your screen after the machine is infected.

“The author or this (malware) is a genius. Evil genius, but genius nonetheless,” an IT professional commented in an online tech forum. Another wrote, “This thing is nasty and has the potential to do enormous amounts of damage worldwide.”

Good anti-virus software can remove the CryptoLocker malware from your computer, but it cannot undo the damage – the encryption is that good.

“It’s the same type of encryption used in the commercial sector that’s approved by the federal government,” Wisniewski told me. “If the crooks delete that encryption key, your files are gone forever – even the NSA can’t bring them back.”

If you have a recent backup, you can recover from CryptoLocker and other malware with no serious consequences. That backup should be a snapshot of everything on the system and not a simple synchronization, as happens with most automated external hard drives and many cloud-based services.

With these synchronized backups, stored files that have changed on the master drive are overwritten with the new ones. If a malicious program encrypts your master files, those backups would also be encrypted – and useless. Your backup should be disconnected from your computer until the next time you need to access it.

WilliamM2

This should really scare business's. It will encrypt files on any drive the user's computer has access to, including network drives. Even if you have current backups, the downtime from having to restore terabytes of data, as well as all the workstations will be very expensive and time consuming. Not to mention the business lost from the downtime.

At home I could format my storage drives and restore my boot drive from my last image in less than 10 minutes. Then a couple hours copying files back to the storage drives from my backups. No big deal.

Strong Bad

Can't wait till they find these scumbags! You know eventually they will. They're forcing people to pay a ransom to get the key to decrypt their files, so eventually those funds will be traced to someone.

BTW (and NO Mac vs PC comments please), it appears to be only affecting Windows machines right now from what i've read.

cnh

Yet more internet nonsense. Fortunately for me there is NOTHING on my PC or laptop that I could NOT do without and anything that is important to me is backed up somewhere else. So HAVE AT IT, BOYS! I've learned to travel "lean" and "mean" and I never open anything questionable even if it is from a close friend so until these guys actually shut my laptop down while I am actually online they'll have to do their dirty work elsewhere. The PROBLEM, banks, CDs, portfolios, etc. all have my info in dollars and cents. And I have nothing to do with that. If these guys are SMART they'll go after the BIG BOYS who manage our money not nickle and dime nobodies. lol

Of course one could just ask a common question. WHERE DO PEOPLE LEARN THEY CAN GET SOMETHING FOR NOTHING? It seems to me that Wall Street is a GREAT EDUCATOR for said perpetrators above because they are ACTIVE not PASSIVE in their quest for the free! We teach people that white collar crime is OK, even laudable as long as it makes money and benefits investors (the big investors, that is). Oh, humanity, society:

I have seen all the works that are done under the sun; and, behold, all is vanity and vexation of spirit. Ecclesiastis 1:14.

Pretty much sums us up! Most humans suck! We off the wise ones, and elect the morons, liars and hipocrites to rule over us (the ones who decry hypocrisy and parade their belief before us are the "worst" of them)! What a planet this is!

cnh

tonyb

[QUOTE=cnh;1979963

We off the wise ones, and elect the morons, liars and hipocrites to rule over us (the ones who decry hypocrisy and parade their belief before us are the "worst" of them)! What a planet this is!

cnh[/QUOTE]

Oh, don't go there pal, the first part I can definitely agree, the second can go either way.

nguyendot

I've had several clients hit by this. Luckily the largest uses AppAssure and we do 60 minute backups on anything essential. It's really nasty because it will hit mapped drives too (not unc paths, it has to be mapped to a letter).

Took down their entire SQL and file server the other week and took forever to restore.

F1nut

cnh wrote: »

We off the wise ones, and elect the morons, liars and hipocrites to rule over us (the ones who decry hypocrisy and parade their belief before us are the "worst" of them)! What a planet this is!

cnh

Just don't mention health care........geesh!

westmassguy

F1nut wrote: »

Just don't mention health care........geesh!

That thread got locked pretty fast Jesse, and pretty sure Cryptolocker wasn't responsible.

rromeo923

Can anyone recommend a good back up company/ strategy?
I own a small company and have been thinking I need to do this.

westmassguy

There are many online backup services: http://pcsupport.about.com/od/maintenance/tp/online_backup_services.htm
If your company is small, and has very few PCs, on-site backup would probably be better for you. I use a non-networked, portable/external drive (2 Terabyte) for my four machines. If you have many machines, lot's of data and servers, then on outside company or online backup is your best bet. BTW, I use Acronis. It's user friendly and does the job.

cnh

tonyb wrote: »

Oh, don't go there pal, the first part I can definitely agree, the second can go either way.

Gotta go there, Tony. Every time I hear about religious values etc. All I can recall are things like

Jim Jones
David Koresh
Jimmy Swaggart
Jerry Fallwell
Oral Roberts
Jim and Tammy Faye Bakker
and the list goes on, and the list goes on.

Does "anyone" really believe that politicians who embrace the beliefs of those above are "any" less "suspect", purer than the reverends and pastors who have preyed (pun intended) upon the innocent, the poor and the ignorant? I think not!

But that is really another story for another time and place. Spouting off about this and that does not add one iota to one's "authenticity", not in the good ol' U.S.A.! From a Psychoanalytic perspective it makes you "suspect"! lol

cnh

dkg999

Anytime there is a money trail, they can get to the person responsible. Just wait until the Russians decide to crack down on this, they have a lot less of a bureaucracy to run the decision through.

steveinaz

Somebody is crabby today...LOL. Come on CNH, let's go get a beer brother, my treat.

zingo

Does anyone use Sandboxie? It sounds like a good option and can provide some safety, but I've never tried it.

DMara

rromeo923 wrote: »

Can anyone recommend a good back up company/ strategy?
I own a small company and have been thinking I need to do this.

If it's a small company, don't spend too much on "back up." Buy a Synology or QNap NAS and let it back up all computers at night.

jon s

Remember, Cryptolocker will attack any drive that is mapped on the computer... Most if not all NAS are mapped that way.... So a NAS might not save you in the end.

Being an old timer with some DOS scripting ability, I created and run a boot script that copies all my files from the "My Documents" folder and the desktop to a USB Flash drive on boot-up. I have seven flash drives and cycle them everyday. That way, my files are at most only one day old should something catastrophic occurs. The only issue is that the backup can take awhile. The boot script checks the mod date of the files and only copies files with a different last modified date so it's not too bad. The reason why I use different flash drives is that they have a finite number of times you can write to them before they go "bad". I replace one of the flash drives every year to compensate for that.

While that may prevent my losing data in a catastrophic failure or attack, it still can be a real pain to restore a PC to a working condition.

westmassguy

jon s wrote: »

Remember, Cryptolocker will attack any drive that is mapped on the computer... Most if not all NAS are mapped that way.... So a NAS might not save you in the end.

Exactly. I use a separate external drive that's disconnected.

mdaudioguy

Here's a good article explaining one strategy for protecting your network - a good idea if you're not the only user....

http://www.computerworld.com/s/article/9243537/Cryptolocker_How_to_avoid_getting_infected_and_what_to_do_if_you_are_

nguyendot

AppAssure, Backup Exec, Veeam, etc. All depends on what you're backing up.

As long as the computers don't have direct access to the backup itself you're fine.

DMara

jon s wrote: »

Remember, Cryptolocker will attack any drive that is mapped on the computer... Most if not all NAS are mapped that way.... So a NAS might not save you in the end.

Nopẹ, you're wrong. Synology NAS uses an app called Data Replicator to perform PC backup. It doesn't need the PC(s) to map any share from the Synology NAS to it (http://www.synology.com/support/tutorials_show.php?q_id=454&lang=us). QNap NAS also has different app to do the same.

WilliamM2

DMara wrote: »

Nopẹ, you're wrong. Synology NAS uses an app called Data Replicator to perform PC backup. It doesn't need the PC(s) to map any share from the Synology NAS to it (http://www.synology.com/support/tutorials_show.php?q_id=454&lang=us). QNap NAS also has different app to do the same.

Can Windows see the drive? From that tutorial, it sure looks like it can. If so, it can be encrypted by cryptolocker.

steveinaz

awesome, any other good news for us today?

DMara

WilliamM2 wrote: »

Can Windows see the drive? From that tutorial, it sure looks like it can. If so, it can be encrypted by cryptolocker.

No, it can't.
You probably read the "Part 3 - 3.Backup and restore with Windows 7" section. If you use the native Win7 backup app, then yes, you'll need to map the NAS share. However if you use the Synology Data Replicator 3 app as mentioned in Part 1, then Windows won't need to assign a drive letter to it.
I currently own both Synology DS-1511+ & QNap TS-879 Pro and am pretty familiar with both companies' backup apps.

sucks2beme

So, did anybody use the lockdown utility yet?
Seems to be the best protection.