CryptoLocker gang casts tentacles into botnet crime world http://www.networkworld.com/news/2013/112213-cryptolocker-276302.html
Forensics Method Quickly Identifies CryptoLocker Encrypted Files http://threatpost.com/forensics-method-quickly-identifies-cryptolocker-encrypted-files/103049
... Does Symantec have protection in place for Cryptolocker and the other associated malware? Yes. Symantec has the following protection in place for this threat: http://www.symantec.com/connect/blogs/cryptolocker-qa-menace-year
Heard on the news this a.m. (NZ) that Cryptolocker hit 3 times in 2 weeks here. 2 were small businesses. That doesnt seem very many to me. They went on to say most compromised systems overall since Cryptolockers inception were XP OS's then they said it was because people were clicking on attachments in emails. So whats that got to do with what OS youre using. What do you guys think about XP and Cryptolocker?
Not much to think about... A typical comment in the analyses is this: From bleepingcomputer [assuming someone actually opens|runs the attachment]: CryptoLocker Ransomware Information Guide and FAQ http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information And from Microsoft 12 years ago: Providing a Secure eXPerience http://msdn.microsoft.com/en-us/library/ms974604.aspx October 8, 2001 And so it goes... -rich
CryptoLocker ransomware survives hacktivists' takedown http://www.theregister.co.uk/2013/12/06/cryptolocker_takedown_fizzles/
11 things you can do to protect against ransomware, including Cryptolocker http://www.welivesecurity.com/2013/...ct-against-ransomware-including-cryptolocker/ [h/t] @ ESET's Lysa Myers.
Thanks for the 11 item list! I had already done all of it but it was nice to double check everything.
Don't need 11 things. Just browse with Sandboxie. I actually encountered the little pest earlier in my web browsing. It really tries to lock up the browser. Killed it with the sandboxie icon by closing the browser and letting it delete the sandbox. Nothing encrypted. Then scanned with the Emsisoft Emergency toolkit. System was clean. Pete
Not sure I can help, as I don't know where I picked it up. I just happened to notice it in the taskbar with Firefox suddenly having two pages. Couldn't get rid of it except by kill Firefox with Sandboxie. Pette
I was thinking the same, such as a drive-by download. Maybe a vulnerability on a website was exploited? Interesting because the primary delivery method of Cryptolocker has been via email.
I agree, but it had all the classic cryptolocker payment stuff. I did a simulation experiment later on. I took a snapshot with AX64, then put two PDF files on my desktop. Then took another AX64 snapshot. Install AxCrypt which encrypts files, test to make sure it was working. Then started explorer in Sandboxie and right clicked the files to encrypt them. The files changed in explorer to the encrypted files, but the ones on the desktop were okay. Deleted the Sandbox and that was it. Then I just encrypted the ones on the desktop. So now without the password they were lost. Restored that 2nd AX64 snapshot and the files were back. Restored the 1st snapshot, and the installation of Axcrypt was gone. So obviously besides SBIE, backup is important. I use AX64 as I can take a snapshot in about a minute, and the restore is also about a minute plus reboot. Appguard is another solution also. Pete
No problem bro – ransom decryption service August 20th, 2013 http://blog.avast.com/2013/08/20/no-problem-bro-ransom-decryption-service
But will it have access to the non mounted ?! I presume it will most likely attack Home partition or something like that ?!
I think if you are running a Windows virtual machine infected by Cryptolocker within a linux host environment, then the targeted file types residing on Linux may be encrypted, as long as the vm has file access to them. Otherwise, If like me you run Windows & Linux in a dual-boot setup, I don't believe the targeted file types on the unbooted ext 3/4 Linux partitions could be affected. I'd like to know for sure, though.
