Cryptolocker. Nasty malware

fretmeister

http://www.today.com/money/nasty-new-malware-locks-your-files-forever-unless-you-pay-8C11511655

Quite new.

You get infected and it encrypts your files. If you remove the infection the files stay encrypted forever. Apparently your Livedrive / Dropbox / Cloud whatever will be encrypted too.

So you have to pay £300 within 4 days. Or about £3000 after that. Payment does decrypt the files.

You must prevent infection in the first place. The smug gits have actually set up a Customer Service website to aid the payment process.

Not all AV is picking it up yet, but Malwarebytes Pro and Comodo are claiming full protection(!) from it.

Back up those files boys and girls, and maybe keep a nice chunky HDD unplugged unless you really need it.

bertie

not just back up your files,   you need to take a proper image copy of your system partition !!!  

Something like Acronis True Image   (about £30)  is what you need

fretmeister

I'm doing a multiple file back up first onto a couple of HDD and sticks as that's a bit more important than worrying about £300 for a new cheap PC

Going to run every AV / malware prog I've got first though of course.

Then I'll have a look at a full Image copy - but I might need to buy another HDD for that

bertie

fretmeister said:

Then I'll have a look at a full Image copy - but I might need to buy another HDD for that

not at all,  just something with enough storage for the image file(s).  that can be seen from the recovery boot DVD/USB

ie a USB connected device,  cos it probably wont see e-SATA/Firewire  etc

Phil_aka_Pip

How do they collect your "payment"? Surely a bank account can be traced & frozen?

fretmeister

Bit Coin or some american thing called 'Green Dot'

Basically - it's cash or cash equivalent

dafuzz

I've been using Acronis (2010) for a while now and it does the job. Redo Backup I find better for Linux images, but doesn't compress Windows systems as well as Acronis.

You get 15gig of storage with each google account so if you have the patience you can upload a system image to the cloud (mine usually come in at around 10-12gig).

I read about this malware a while ago but (touch wood) I'm fairly secure at home, do a lot of stuff in sandboxes / virtual machines and don't visit dodgy websites so most of this stuff passes me by.

PolarityMan

It drops a file called REAMDE which is unencrypted instructing you to make a payment in MMORPG gold.

ICBM

Is there a Mac version yet, or do we have to wait like usual?

guitarfishbay

Good thing I'm getting a new external hard drive delivered today then!

guitargeek62

@ICBM no, we're just gonna have to sit back and watch the others have all the fun instead

frankus

The other alternative is back up one file then use the decoded version to identify the private key used.... if that's possible - it's been a while since I've done cryptanalysis stuff (maybe a decade).

Paul_C

PolarityMan said:

It drops a file called REAMDE which is unencrypted instructing you to make a payment in MMORPG gold.

I'm reading Reamde at the moment, kitchen sink and all.

Myranda

guitargeek62 said:

@ICBM no, we're just gonna have to sit back and watch the others have all the fun instead

GOOD NEWS!!

There's already Ransomware for Mac has been around for months!

frankus said:

The other alternative is back up one file then use the decoded version to identify the private key used.... if that's possible - it's been a while since I've done cryptanalysis stuff (maybe a decade).

Its going to be possible... though the time it takes might be a problem if it's serious encryption... Hmm 2048bit RSA will be crackable one day... but I'd want more powers to play with first.

Of course... Digital Forensics would have another approach. There's often ways to track back to the server, and in some cases the key itself has been transmitted by the infected PC back to a host so they can send it to you... Wiki entry does mention contact with a command and control server... so maybe...

Otherwise - don't click on attachments you don't trust... and don't trust attachments

frankus

oh good call @Myranda simply watch port traffic for a key and then use it. If it's not transmitting keys then it's using a default key for a time interval and a person buying it could upload it to av sites for people to share (even share the cost).

Phil_aka_Pip

If @Myranda has such good knowledge of software and hardware technology, as she seems to from her posts here, why isn't someone employing her on good money?

frankus

Believe me, intelligence and ability have very very little to do with who's hired.

ICBM

Myranda said:

There's already Ransomware for Mac has been around for months!

That's been around for years. It's very subtle, but fiendish in its effectiveness... it gets you used to using a pretty pretty operating system and then makes you pay through the nose for a new machine when you can't upgrade your old one, and you've already invested too much in it to go elsewhere.

Actually it doesn't surprise me if there really is, although I know this one is non-Mac.

Myranda said:

Otherwise - don't click on attachments you don't trust... and don't trust attachments

I don't . I also run aftermarket firewall and virus protection software because I'm not daft enough to believe that Macs are immune.

And keep triple backups of everything on separate external drives, one of which is always kept in a physically separate city...

Myranda

Phil_aka_Pip said:

If @Myranda has such good knowledge of software and hardware technology, as she seems to from her posts here, why isn't someone employing her on good money?

Mistakes...

Bad CV

No useful qualifications

Recruiters mistaking me for eejit and ignoring me

Not sending enough CVs out recently...

Oh and changing my mind after college... was doing computer science at college parents cut funding my college travel had to drop out - convinced myself working with computers would be boring and moved on. After recently re-discovering my love of all things digital and more recently how bizarrely excited I get with my new found hobby of hacking, forensics and crypto if I can get my head around the maths, I think it's time to seriously get into this stuff and gets me the right job

Myranda

ICBM said:

Myranda said:

There's already Ransomware for Mac has been around for months!

That's been around for years. It's very subtle, but fiendish in its effectiveness... it gets you used to using a pretty pretty operating system and then makes you pay through the nose for a new machine when you can't upgrade your old one, and you've already invested too much in it to go elsewhere.

Actually it doesn't surprise me if there really is, although I know this one is non-Mac.

Myranda said:

Otherwise - don't click on attachments you don't trust... and don't trust attachments

I don't . I also run aftermarket firewall and virus protection software because I'm not daft enough to believe that Macs are immune.

And keep triple backups of everything on separate external drives, one of which is always kept in a physically separate city...

Hehe, you make a good point - my friend hates his iPhone and iTunes, but has so many apps etc that there's no way he can change now (he also can't afford the latest iPhone...)

Wolftone

Myranda said:

Phil_aka_Pip said:

If @Myranda has such good knowledge of software and hardware technology, as she seems to from her posts here, why isn't someone employing her on good money?

Mistakes...

Bad CV

No useful qualifications

Recruiters mistaking me for eejit and ignoring me

Not sending enough CVs out recently...

Oh and changing my mind after college... was doing computer science at college parents cut funding my college travel had to drop out - convinced myself working with computers would be boring and moved on. After recently re-discovering my love of all things digital and more recently how bizarrely excited I get with my new found hobby of hacking, forensics and crypto if I can get my head around the maths, I think it's time to seriously get into this stuff and gets me the right job

Hacking into the Whitehouse or the NSA get's attention straight away! Looks good on your Cv if they can overlook the extradition and ten year jail sentence!