PDA

View Full Version : A heads up about this ransomware called cryptolocker aka Trojan:Win32/Crilock.A.



Speedy Gonzales
25-09-2013, 08:54 PM
Looks like this is starting to do the rounds. (http://blog.emsisoft.com/2013/09/10/cryptolocker-a-new-ransomware-variant/)It's a nasty piece of work. It's similar to the other ransomware that's been around, but this includes RSA 256 bit AES, that encrypts everything by the looks of it including files on servers. It may also spread to shared drives / folders.

And unless you pay $100-300 to decrypt the files, or unless you've got backups, you maybe SOL in getting any of the files back.

Altho one of the guys at Emsisoft has made some kind of decryption program (as he says on Neowin - I verified that all sample files that people sent me are decrypted correctly). See post 25 and 29 here on Neowin for the links / usage (http://www.neowin.net/forum/topic/1176355-cryptolocker-malware-that-encrypts-all-your-data-with-an-rsa-256-bit-aes-key/page-2)

The mods may want to sticky this. It may help people or their mates / customers if they get it. It looks like you can get it as an attachment in email too

linw
25-09-2013, 10:48 PM
Thanks, Speedy. Like the world needs another even worse one.

Speedy Gonzales
25-09-2013, 10:55 PM
No probs yer it looks like it does a lot more damage, than the previous ransomware

wainuitech
25-09-2013, 11:06 PM
No Doubt we will find out soon enough. http://kb.eset.com/esetkb/index?page=content&id=SOLN3433

linw
26-09-2013, 12:43 AM
Better back up folks. Hope they can't find my system images on my NAS!!

Pancake
26-09-2013, 11:07 AM
Microsoft security software detects and removes this threat.

curly
26-09-2013, 11:13 AM
How might this effect the likes of Skype, is that is considered remote access ?

Pancake
26-09-2013, 11:34 AM
How might this effect the likes of Skype, is that is considered remote access ?

No its not.

Agent_24
26-09-2013, 11:51 AM
Another good reason to switch to Linux

beama
26-09-2013, 12:20 PM
dont use rdp or restrict use to certain users and check Rdp security and tightern it up, fixed. Read wainuitech link that tell you more

Rod J
26-09-2013, 03:27 PM
Another good reason to switch to Linux

+1 :thumbs: :D

SolMiester
26-09-2013, 04:53 PM
I have worked in a bank before and understand transaction logs....What I dont understand is how these guys arent traced back after payment?

DeSade
26-09-2013, 05:08 PM
I have worked in a bank before and understand transaction logs....What I dont understand is how these guys arent traced back after payment?

That's good point, if they can follow drug money anywhere it goes then why can't they catch these guys?

1101
26-09-2013, 05:19 PM
The $$ probably (certainly) goes to a country where corruption & organised crime 'own' the system.

Driftwood
26-09-2013, 06:04 PM
Would this come under the GCSB law change?

Greg
26-09-2013, 08:59 PM
Thanks for the heads-up Speedy. But for sensible Internet users we shouldn't be worried... I certainly won't go out and buy the suggested anti-malware programme.