Cryptolocker

pvr

pvr

Dutch
 Ruler of the South East UK
One of my customers always checks with me before opening unknown attachments, and last week it was a Cryptolocker one they received. Fortunately, they did not open it but my word, reading the background of this virus / worm / trojan, it sure is a nasty one.

It is a windows virus that encrypts all documents, pictures etc from not only a local machine, but also any attached storage device or cloud based storage.

If you are on a windows pc, read up on this one as it will be an expensive mistake if you get it ...
 
Last known good off line backup as online backups are screwed as well ...
 
Geezah said:
Any recommended lines of defence against these barstewards?
Click to expand...

Well there are a few progs out there now which will stop cryptolocker from running, a quick Google will locate them.

Otherwise just be extraordinarily careful when opening ANY attachments and keep backups of data. I'd recommend an external USB drive and something like Allway Sync: http://allwaysync.com/

Get into a routine of running a backup at a convenient time each day and then disconnecting the drive.
 
Disconnect the drive is the key here as well. I use Acronis image to dump disk images each night, and use UNC paths as Cryptolocker does not encrypt those.

Anything mapped is at risk, anything UNC-ed is ok for now, but don't rely on it for the future though.
 
DO NOT PAY ANY RANSOM THAT THEY DEMAND - as they just take your money -


This is a real shitty virus as it also infects your backups / drop box accounts, so when you try to restore you've still got the same issue.

Not happened to me, but was very close by, can't say more.
 
1 other client did get it and did pay (once they figured out what the hell bitcoin was and how on earth you could buy that, all very dodgy). Once paid, the files were decrypted.
 
Can this only be dowloaded via e-mail attachements?

I must admit I only open e-mails on my mobile phone these days, try not to open anything on my home laptop.

The last virus I had was PC Security Tools which hijacked my laptop and gave me a popup that I had to buy their software to erase the virus, it disabled my firewall and antivirus each time the pop up appeared, right pain. I was peed off with Norton who weren't much help as I had Norton 360 installed. I managed to get rid of it in safe mode eventually.

Tim.
 
email or web links are the entry points to the download of this trojan.
 
The Register said on Friday that dodgy activation hacks for Adobe and MS products have now been infected

Sent via Tapatalk from my Galaxy S3
 
NeilP, TitanTim,

"good job", guys :-|
Excellent familiarity with Z4 forum I got :-|
I do not want you to get Cryptolocker
but if you get caught - think about my deleted post
I just wanted to share the experience...

Best regards,
Z4 driver
 
FromTheSky2 said:
NeilP, TitanTim,

"good job", guys :-|
Excellent familiarity with Z4 forum I got :-|
I do not want you to get Cryptolocker
but if you get caught - think about my deleted post
I just wanted to share the experience...

Best regards,
Z4 driver
Click to expand...

From what I can recall from your post as it was in the process of being deleted all you posted was a web link which was odd being your very first post on Z4 Forum so a good call by the moderator IMHO considering the nature of the thread :wink:

Tim.
 
You must log in or register to reply here.
Back
Top Bottom