What's new
Fantasy Football - Footballguys Forums

Welcome to Our Forums. Once you've registered and logged in, you're primed to talk football, among other topics, with the sharpest and most experienced fantasy players on the internet.

CryptoLocker Warning (1 Viewer)

GroveDiesel

Footballguy
Just a heads up on the nastiest virus I've ever heard of called CryptoLocker.

Right now it's being distributed via links in emails reporting to be links for tracking holiday items.

When you get it, it encrypts ALL your files as well as everything on the same network. It then begins a countdown. If you don't the $500-1500 ransom (in non-traceable bitcoins), then the key to unlock your computer is destroyed and all your data is locked forever.

If you pay them, they will indeed give you the key to unlock your files

Nasty stuff. At this point there is absolutely no way to remove it once you have it except paying them.

http://boston.cbslocal.com/2013/12/18/cryptolocker-ransomware-being-described-as-the-perfect-crime/

 
Last edited by a moderator:
have heard reports of this on the campus where I work, and I have seen one case of this so far. It searches for attached drives & encrypts them as well, including some "cloud" drives, so even if you have a backup you may not be safe. Best practice is to back up your data and then disconnect your backup drive from your system.

FWIW there are some reports that even paying the ransom, the user did not get the key to decrypt their data. The current recommendation is not to pay the ransom.

http://nakedsecurity.sophos.com/2013/10/18/CryptoLocker-ransomware-see-how-it-works-learn-about-prevention-cleanup-and-recovery/

 
the recommendation is to not pay the ransom yet still I know of police dept that got it and...paid the ransom.

 
If you don't want to pay the ransom because you don't want to give money to crooks, that's fine and perfectly legitimate.

But every report I've read about CryptoLocker has said that they WILL give you the key and unlock you. They have every incentive to do that because if they don't, people will obviously stop paying them for sure. If it's known that they WILL unlock you, then people have an incentive to actually pay them.

But not paying in the hopes that people won't write this kind of virus is understandable. Doubtful that it will work that way, but understandable.

 
Last edited by a moderator:
Do people just not use common sense and Anti-Virus protection anymore? :shrug:

Symantec states this virus was included in their definitions back in September.

 
Do people just not use common sense and Anti-Virus protection anymore? :shrug:

Symantec states this virus was included in their definitions back in September.
No, they do not. The last virus outbreak at my work place was caused by VPs clicking on links to "ecards".

 
Do people just not use common sense and Anti-Virus protection anymore? :shrug:

Symantec states this virus was included in their definitions back in September.
My event director got this last week while we were on site two days before our multi-million dollar event (Collegiate Club Volleyball National Championships). The email came spoofed from fax@<ourDomain>. He wanted to pay the ransom but we wouldn't let him...no way was I going to let his computer or any files coming from it touch my computer (which the tournament play software was running) or network . Sure, this eTerrorist has every reason to unlock the files when paid, but then you've still got to deal with the removal of the virus and who knows what might be reintroduced to your system when the decryption happens.

As an IT guy this thing is unreal and brilliantly developed...I'm hoping they catch the guy so someone can write a book about it.

 
Do people just not use common sense and Anti-Virus protection anymore? :shrug:

Symantec states this virus was included in their definitions back in September.
My event director got this last week while we were on site two days before our multi-million dollar event (Collegiate Club Volleyball National Championships). The email came spoofed from fax@<ourDomain>. He wanted to pay the ransom but we wouldn't let him...no way was I going to let his computer or any files coming from it touch my computer (which the tournament play software was running) or network . Sure, this eTerrorist has every reason to unlock the files when paid, but then you've still got to deal with the removal of the virus and who knows what might be reintroduced to your system when the decryption happens.

As an IT guy this thing is unreal and brilliantly developed...I'm hoping they catch the guy so someone can write a book about it.
restore from backup is best option

 
People are stupid....

OH LOOK A SECRET ADMIRER SENT ME AN ECARD! *Click*
WAIT, A BANK I'M NOT A MEMBER OF HAS AN ACCOUNT IN MY NAME?! *Click*

UPS HAS A PACKAGE FOR ME AND CAN'T DELIVER IT WITHOUT THIS FORM?! *Click*

Idiots.

 
Wow... Average of $300-400 for unlock...

In December 2013 ZDNet traced four Bitcoin addresses posted by users who had been infected by CryptoLocker, in an attempt to gauge the operators' takings. The four addresses showed movement of 41,928 BTC between October 15 and December 18, about US$27 million at that time[7]
 
Do people just not use common sense and Anti-Virus protection anymore? :shrug:

Symantec states this virus was included in their definitions back in September.
My event director got this last week while we were on site two days before our multi-million dollar event (Collegiate Club Volleyball National Championships). The email came spoofed from fax@<ourDomain>. He wanted to pay the ransom but we wouldn't let him...no way was I going to let his computer or any files coming from it touch my computer (which the tournament play software was running) or network . Sure, this eTerrorist has every reason to unlock the files when paid, but then you've still got to deal with the removal of the virus and who knows what might be reintroduced to your system when the decryption happens.

As an IT guy this thing is unreal and brilliantly developed...I'm hoping they catch the guy so someone can write a book about it.
restore from backup is best option
Not sure if you mean windows restore, cloud, or external backup, but it disabled the ability to do a system restore, it started with his external hard drive which was connected at the time, and though he did not have a cloud backup enabled, had that of been mapped it too would have been encrypted.

Have you had this before and successfully beat it? If so, then $27m worth of paying folks (and counting) would appreciate your posting the process to do so.

 

Users who are viewing this thread

Top