I guess there is a new virus called Cryptolocker. It encrypts your whole computer. mrizos made a video about it.. Anyone heard of this?
there are a few companies which are detecting it but that's not the issue here seeing as they will be updating their exe's to bypass signature based protection. the kerfuffle is to do with what happens once it gets on to a system (especially business pc's), cryptolocker will encrypt all sorts of different file types so that its going to be impossible (at least for a while) for you to access your files again without paying the authors of cryptolocker a ransom fee. the files are being encrypted using a 2048 bit RSA algorithm everyone should be backing up their data anyway but if they were not then they really should be now! here is the video which DX2 mentioned http://www.youtube.com/watch?v=Uzl_h-Nc8Ps
Just to remind our fellow computer users who are worried and is currently using a HIPS program, enable that file/folder protection feature if you haven't, NOW!
Is there any way to password protect access to other internal hard drives? I have several internal hard drives that I use for Backup, and it has always concerned me that Malware, such as CryptoLocker, may be able to encrypt files on all of my internal hard drives.
How is CryptoLocker spread? If you use USB Flash Drives which are 'Vaccinated' with Panda USB Vaccine, is there any danger of CryptoLocker being spread via these USB Flash Drives as long as no unknown executables are executed?
cryptolocker spreads through a local network so USB's are almost certain to be used as an infection vector and as an infection target. not sure if panda vaccine will stop the spread of it but it wont protect the USB from getting infected in the first place. regarding your password protecting the hard drive question. i dont think that will work too well against cryptolocker as the password protecting program will get infected and you will not be able to log back in again to the hard drive. your best bet is to backup online (see this post if you do) and to backup to an external hard drive periodically, remember to unplug the external hard drive when the backup has finished
Hello, This is a family of malware, and ESET adds detection for variants as they appear. I think there will be a blog post coming soon on it. Regards, Aryeh Goretsky
Cryptolocker. EDIT sorry for posting , what i thought was a new topic ( it was merged ) I did a search for cryptolocker here and got no hits.I might have known you guys were already onto it Somehow ( can't remember how ) came across this new malware called crypolocker. Unlike other ransomware, it can actually encrypt your files . http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/ Another link from malwarebytes http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/ I would assume sandboxie would stop this, yeah ? I heard it was spread through pdf attachments
Thanks GrafZeppelin for once again stressing the always useful (IMHO) importance of a very dependable HIPS, in spite of the common sense contingency practice every windows user should already schedule for their machines. Yes it's a small and easy matter to simply restore an image but for pity sakes it just seems more smarter to have a good solid HIPS software that can intervene and interrupt these type and other threats at pre-entry first and prevent potential serious system compromise in the first place, not to mention capturing and immediately identifying the intrusion that a strong well designed HIPS can accomplish with a detailed report which is useful for keeping an end user alert to the particular paths those malware writers are trying to target and disrupt. .......and is yet another in a string of reason's why i miss those super HIPS like EQSYSECURE, MalwareDefender, and the like on XP which are sorely missed in x64 bit systems like Windows 7 and now 8. They still are more useful as ever as i see it.
2 companies we support have been hit by this last week. Both sites use ESET endpoint av on workstations and eset file security on servers. Unfortunately this didn't detect the infection, 1 user infected managed to encrypt all the shared data they had access to on their servers. We restored from backups (shadow protect) We have since implemented group policies to block this In both the appdata path and registry on all our other customers. Don't trust any av to protect against this. Backup! And implement group policies to stop it.
The folks over at Bleeping Computer have an FAQ and removal guide. http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information And from the folks at Malwarebytes: http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/
I wonder how many have been successful with undoing the encryption. My guess is none, so backup & restore is the only solution. Reverting to earlier versions via things like system restore, vss, or rollback rx would work too, within the scope of their protection envelope.
Sandboxie also will help, because if the malware runs in the sandbox, all the encrypted files will be contained in the sandbox, and when the sandbox is deleted they are gone. Pete
Sophos shows the Ransomeware in action: -https://www.youtube.com/watch?feature=player_embedded&v=Gz2kmmsMpMI-
Grinler's guide has been updated with new information. Of particular interest it the information about CryptoPrevent. CryptoPrevent is a free utility by FoolishIT LLC that automatically adds the suggested Software Restriction Policy Path Rules (listed in the guide) to your computer. The added Software Restriction Policies are to prevent CryptoLocker and Zbot from being executed in the first place.
Thanks for the info. For reference, here is the link to the CyrptoPrevent Page. http://www.foolishit.com/vb6-projects/cryptoprevent/