Back up now! Warning over new wave of Filecoder infections hitting U.S. aka CryptoLocker http://www.welivesecurity.com/2013/...new-wave-of-filecoder-infections-hitting-u-s/ Does ESET protect me from Filecoder (CryptoLocker) malware? http://kb.eset.com/esetkb/index?page=content&id=SOLN3433 How ESET identifies the Trojan - http://www.virusradar.com/en/Win32_Filecoder.BQ/description The ESET virus signature database (VSD) shows proactive protection as new threats emerge - http://www.eset.com/us/threat-center/threatsense-updates/search/?q=Filecoder
Nice to see that the United States Computer Emergency Readiness Team (US-CERT) redirects to the Bleepingcomputer guide on cryptolocker. http://www.us-cert.gov/redirect?url...s-removal/CryptoLocker-ransomware-information
Businesses offer best practices for escaping CryptoLocker hell http://www.networkworld.com/news/2013/111413-cryptolocker-practices-275987.html
See also: CryptoLocker Emergence Connected to Blackhole Exploit Kit Arrest https://www.wilderssecurity.com/showpost.php?p=2306698
Cryptolocker strikes in the UK. http://www.theregister.co.uk/2013/11/15/cryptolocker_menace_triggers_nca_alert/
I believe that all AV manufacturers of note now offer decent Cryptolocker detection/prevention so it begs the question why people are still getting hit by this !? Don't they update AV defs every day or more often Me - my particular system layout makes me "immune" to Crypto (current attack strategies) on 3 levels... What on Earth are people doing out there ?
DISCLAIMER: I'm not bashing AVs, so to everyone, keep your torches and pitchforks away from me. Now, no matter how often the signature gets updated, it will always miss something. Not only one or two, but a lot. Probably a thousand malicious files are missed by all AVs each day. The AV vendors haven't discovered it yet, so they can't release a signature update for it while the malware keep mutating which makes them too different from their... uh, predecessors. Sure, there is heuristic. But they can't make it to be too aggressive or it will flag legit files as malicious all day long. Thus, they toned it down to make it usable. The additional features like HIPS, BB, sandbox, etc are mostly not utilized by the users, or sometimes they are dumbed down, or sometimes those features are too half-faced to work properly. Then there's social engineering which answers your second question: If you can't exploit the computer, exploit the user. The later is so much easier, barely requires any efforts, cheaper, and lots of people are still falling for it. Funny ol' world eh?
Well...I think you missed the point entirely here Love to see your evidence of that one Agreed, but irrelevant
Probably the same reason that users get "hit" by any forms of malware. No av is 100% and malware is evolving every minute of the day. Nobody is "immune" and i think you are living in a false sense of security. It is most certainly this "false" sense of invincibility that gets most users into trouble in the first place.
Indeed, I completely missed what your point really is. I thought you were wondering why people are still got infected with this particular ransomware. Perhaps some clarification if you don't mind? Simple, get 10 malware samples which are only 3 days old and see if your AV will detect them all. Or go to AV Comparative and see if there's an AV with 100% detection rate with the limited scope of malware samples. Irrelevant you say? AFAIK there are two main paths where an infection could occur. One is through exploiting legit processes, two is through the user. The first one is very rare, and requires more works to be successful. The second one is a lot easier, but you'll have to trick the users to initiate the infection. CryptoLocker is no exception. Which part that is not relevant?
Sorry for laughing, but I hadn't seen this http://www.tauntongazette.com/news/...e-pay-750-ransom-after-computer-virus-strikes From: https://www.virusbtn.com/blog/2013/11_18.xml Just goes to show how many people these types of malware can 'rake-in'.....Education, education, education...
Other than what I wrote here: https://www.wilderssecurity.com/showpost.php?p=2305934 I have nothing new to report other than thinking before you click. See your AV | AS Vendor for full support.
Cryptolocker: The evolution of extortion http://www.networkworld.com/news/2013/111913-cryptolocker-the-evolution-of-276129.html
Hello, I have been looking at this lately and thinking about ways to protect my computers. I run comodo ISP and I think there is some reasonable hope that the defense+ feature would prevent the cryptolocker exe from running in the first place, or at least sandbox it. I really try to avoid being overconfident about such things. I have also run the cryptoprevent tool, http://www.foolishit.com/download/cryptoprevent/ I have an external backup drive that gets updated about once a week. I also have an internal backup drive that gets updated every night. My OS and apps are on their own drive (SSD) and I keep up to date images of that drive. My main questions revolve around how to better protect my internal backup drive. My first thought wast to just un-mount the backup drive when I am not running a backup. I have been looking into ways of doing this. I can remove the drive letter in the windows disk manager. I can use the EASEUS partition master hide/unhide feature. It is possible that I could use a tool in cygwin to mount/unmount the partition in my backup script, etc. I am looking for information about cryptolocker and weather or not any one knows if files on an unmounted drive would be protected. Does anyone know how cryptolocker goes about assembling the list of files it will encrypt? I know it has a list of extensions, but what paths does it look in? Being able to password protect the mounting of a partition (like sudo) would really help, but windows has never been big on having utilities like that. I guess the safest thing to do with an internal drive is to add a second drive that has been fully encrypted with truecrypt. I could mount the encrypted device, backup to it, and then unmounted. Since such a drive appears as un-formatted when it is not mounted, I think it would be safe. Even if cryptolocker finds the drive, there would be no files to encrypt. Are there any thoughts on this here? LMHmedchem
Soaring price of Bitcoin prompts CryptoLocker ransomware price break http://arstechnica.com/security/201...-prompts-cryptolocker-ransomware-price-break/
Network/System administrators: You no longer have to be afraid of CryptoLocker attacks on your network file shares. We've just released a new version of HitmanPro.Alert with CryptoGuard support for Windows File Sharing (SMB). This means that you can protect documents and files shared on the network against remote crypto-ransomware attacks. No need to install software or deploy group policies on every endpoint. Just install Alert on the server and your shared documents are protected against network based CryptoLocker attacks. More info here: https://www.wilderssecurity.com/showpost.php?p=2309084&postcount=946
