Cryptolocker and $300 to get yer stuff back.
Psychophysiological entity
Thread Starter
Cryptolocker and $300 to get yer stuff back.
Cryptolocker infestation being taken very seriously here. What news and what fixes?
Oh, and how the hell can blackmailing thieves collect their ill-gotten gains without being captured?
BBC News - Cryptolocker ransomware has 'infected about 250,000 PCs'
Oh, and how the hell can blackmailing thieves collect their ill-gotten gains without being captured?
BBC News - Cryptolocker ransomware has 'infected about 250,000 PCs'
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Cryptolocker infestation being taken very seriously here. What news and what fixes?
You've been undertaking a proper backup routine. Format your computer forthwith and restore key files from backup (install software from scratch)
No backups ? No sympathy. Especially if you've been clicking on attachments in emails you should not have. Its not particularly difficult to avoid a virus infection. Don't even think about a fix or salvage operation... you should consider your entire operating system untrustworthy.
Oh, and how the hell can blackmailing thieves collect their ill-gotten gains without being captured?
Unlike cards and bank transfers which bounce around regulated entities, the bitcoin marketplace is pretty much unregulated, and if you can find people who'll sell you stuff you want in return for bitcoins, you can avoid the regulated aspects of converting your bitcoins to real currency.
The anonymity of bitcoin makes it hard for the authorities to track people down, they only get to find out about bitcoin accounts as part of an overall investigation rather than be able to trace directly.
I suspect we'll see a clamp down and regulation of the market in due course once the non-tech savvy politicians of the world figure out what a bitcoin is and get their act together.
Sounds like Mixture got out of bed on the wrong side, what with the reply above and his sledging of Ancient Observer over Rotten Apple. He'd make a good accident investigator: "You stupid moron, you continued straight on and banged into a building; you're fired, no correspondence will be entered into!".
I have religiously been doing backups for years but never realised or thought that a virus like this could infect any network or USB drive that is attached to my computer, and I bet many others thought the same. Cryptolocker means I've got to physically connect my backup drive, every day, only when doing a backup and after verifying I don't have this thing!
Perhaps Mixture, you have a constructive suggestion about how to shield an attached backup solution from Cryptolocker? I'm sure power users the world over don't physically connect a backup drive every time they want to do a backup. Or some other protection method to compliment the "don't click on it" policy?
For the floor, what are thoughts on Cryptoprevent?
I have religiously been doing backups for years but never realised or thought that a virus like this could infect any network or USB drive that is attached to my computer, and I bet many others thought the same. Cryptolocker means I've got to physically connect my backup drive, every day, only when doing a backup and after verifying I don't have this thing!
Perhaps Mixture, you have a constructive suggestion about how to shield an attached backup solution from Cryptolocker? I'm sure power users the world over don't physically connect a backup drive every time they want to do a backup. Or some other protection method to compliment the "don't click on it" policy?
For the floor, what are thoughts on Cryptoprevent?
Last edited by Capn Bloggs; 30th Dec 2013 at 23:58.
Agreed. Another somewhat disappointing response was given to a genuine inquiry. I've lost some of the confidence I had in this board as a consequence. Perhaps it can be restored; we shall see.
It might be more helpful to Google "cryptolocker malware" and read up on the assortment of significantly more constructive information which that offers.
It might be more helpful to Google "cryptolocker malware" and read up on the assortment of significantly more constructive information which that offers.
Hippopotomonstrosesquipidelian title
Join Date: Oct 2006
Location: is everything
Posts: 1,826
Likes: 0
Received 0 Likes
on
0 Posts
I use CryptoPrevent and haven't noticed any issues. But I'm not a great one for clicking on file attachments from unknown sources anyway. Note the free version of CryptoPrevent doesn't autoupdate, so you need to check for updates from time to time.
Also, it simply installs a set of group policies, so it's run once to install the policies, and run again if you choose to delete them at some point: it doesn't run each time the computer starts. Basically, it stops unexpected and/or masked file types running in unexpected locations.
FOM.
Also, it simply installs a set of group policies, so it's run once to install the policies, and run again if you choose to delete them at some point: it doesn't run each time the computer starts. Basically, it stops unexpected and/or masked file types running in unexpected locations.
FOM.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Agreed. Another somewhat disappointing response was given to a genuine inquiry.
Simple. Following malware infection, particularly following bad malware infection such as Cryptolocker, I fail to see how anyone can consider their computer trustworthy anymore and so there is no answer other than a format and re-install. Unless its particularly docile low-risk malware, there's no way you'd find me wasting hours of my time trying to clear up a malware infection AND then be happy to to my online banking on the same computer !
Cryptolocker means I've got to physically connect my backup drive, every day, only when doing a backup and after verifying I don't have this thing!
Only one backup drive and you're not doing backups.
For any files of vague importance you should have a minimum three backup drives, one of which should always be maintained offline when not in use (and ideally offsite) if not actually being an offline medium itself (e.g. CD/DVD/Bluray/Tape).
Given how cheap hard drives are these days, its not difficult to maintain multiple drives (you don't need high spec SSD drives, cheap slow 5400rpm/5900rpm/7200rpm ones will do as long as they are new, not secondhand from ebay and from a reputable manufacturer and preferably from their enterprise grade range as they will have more robust hardware and firmware .... something like the WD Se, Seagate Terascale, Seagate NAS HDD or such like ... if you want to be extra-safe, mix and match manufacturers rather than sourcing all drives from one).
If you really want to do things properly, look into the concept of a backup rotation scheme such as GFS, Tower of Hanoi or the like. That gives you some degree of protection against sudden virus infections as you can safely go back in time (unlike Windows Restore which cannot be trusted following malware infection). You can adapt the rotation pattern to suit how far you want to go back and how many drives you have at your disposal.
Maybe use some reliable cloud storage provider (or two) to implement part of your backup rotation scheme if you want to avoid buying a large number of drives.... take a look at Amazon Glacier for example, for archival storage, or Amazon S3 for general rotation. You can easily encrypt your files before you upload them if you are concerned about privacy and security. There are various bits of software you can get to ease and automate your interaction with the cloud services.
But in the end, in terms of malware the easiest thing to do is what I said up front..... prevention is the best cure for malware ... avoid that temptation of clicking on unexpected attachments (even unexpected files sent by people you know.... they might have been sent by viruses), and don't use your computer as a user with administrator rights.
Malware infections don't suddenly happen, they are always a result of user actions ! Sure once they're on your network they might hunt around for targets.... but it still takes someone to get them on your network in the first place.
Last edited by mixture; 31st Dec 2013 at 09:36.
Controversial, moi?
Mixture's responses are always blunt but he clearly knows his stuff which I always read with interest.
Personally I have always found diplomacy is a useful talent to employ when talking to lesser mortals.
With reference to back ups what he says is clearly a good idea but like many computer professionals forgets that the average user is pretty clueless about security and protecting one's data. A bit like people who drive badly there is probably little hope of them ever changing!
Personally I have always found diplomacy is a useful talent to employ when talking to lesser mortals.
With reference to back ups what he says is clearly a good idea but like many computer professionals forgets that the average user is pretty clueless about security and protecting one's data. A bit like people who drive badly there is probably little hope of them ever changing!
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Personally I have always found diplomacy is a useful talent to employ when talking to lesser mortals.
Otherwise you get a cut down summary version of IT advice .... I'm afraid I'm not once for posting lengthy padded up versions on an internet forum, I just say things as they are. I am afterall, normally saving people here much time they would otherwise be spending looking for answers on Google and having to sort the wheat from the chaff on the big bad internet.
Jest aside, I'm not that bad really !!
It's just that I don't spend much time composing my forum posts. Quick read of the question being asked, quick answer given and move on.Oh well... happy new year to you lot ! May it bring you health, wealth and malware free computers !
I know of one business that was recently affected by an infection of this particular malware. Unfortunately they did not have backups they could use to rebuild the affected systems (the malware also encrypts drives/shares on network devices that the affected system is connected to).Payment for the required key is made using Bitcoin.
Three tips/bits of advice for anyone worried ...
a) Get good anti-virus software on your Windows PC that can detect or can deal with this threat (the software is very good at avoiding AV software by having two required parts, the first is the email attachment the second is downloaded once the attachment is opened, the current strategy that software uses to prevent a Cryptolock attack is to block access to the internet servers that supply the second part of the infection)
b) The internet is a very bad neighbourhood; remember the advice from your mother ... never accept sweets from strangers. In the online world, don't open emails from strangers that look suspicious or if they are from known sources appear out of character from the norm. Immediately delete any suspicious mails.
c) Have good backups of your critical data along with the copies of the re-installation software for your PC. That way, if a) and b) fail you can wipe and rebuild your PC without any data loss (and remember the golden rule of backups ... test them, they're not backups unless you can get the data back).
JAS
Three tips/bits of advice for anyone worried ...
a) Get good anti-virus software on your Windows PC that can detect or can deal with this threat (the software is very good at avoiding AV software by having two required parts, the first is the email attachment the second is downloaded once the attachment is opened, the current strategy that software uses to prevent a Cryptolock attack is to block access to the internet servers that supply the second part of the infection)
b) The internet is a very bad neighbourhood; remember the advice from your mother ... never accept sweets from strangers. In the online world, don't open emails from strangers that look suspicious or if they are from known sources appear out of character from the norm. Immediately delete any suspicious mails.
c) Have good backups of your critical data along with the copies of the re-installation software for your PC. That way, if a) and b) fail you can wipe and rebuild your PC without any data loss (and remember the golden rule of backups ... test them, they're not backups unless you can get the data back).
JAS
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
b) fail you can wipe and rebuild your PC without any look (and remember the golden rule of backups ... test them, they're not backups unless you can get the data back).
The whole point of backups is that due to a virus / hardware failure / just because you feel like it, you can at a whim format your drive and know you'll be able to re-install the software from its original sources and then re-instate all your important files.
If you can't do it at a whim, then you're not backing up properly.
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
I am not a great fan of
(a) using memory sticks as backup media (they are not particularly stable for that purpose .... prone to corruption and sudden failure, they are intended to be ultra-short-term storage media, plus they are slow)
(b) Disk cloning/image type backup regimes.... (you're wasting a lot of time and space backing up Operating System and Software, both of which you can and should reinstall from scratch.... focus your efforts on backing up files which you can't restore by other means). Plus you won't really get a true clone/image of your disk unless you unmount it, boot of something else and clone it.
However, that said, any backup software that implements cloning/imaging should achieve what you're looking for. Can't remember any names off the top of my head, but will come back and update [edit: Acronis is one name... not a recommendation per se, just a name I've heard of]
(a) using memory sticks as backup media (they are not particularly stable for that purpose .... prone to corruption and sudden failure, they are intended to be ultra-short-term storage media, plus they are slow)
(b) Disk cloning/image type backup regimes.... (you're wasting a lot of time and space backing up Operating System and Software, both of which you can and should reinstall from scratch.... focus your efforts on backing up files which you can't restore by other means). Plus you won't really get a true clone/image of your disk unless you unmount it, boot of something else and clone it.
However, that said, any backup software that implements cloning/imaging should achieve what you're looking for. Can't remember any names off the top of my head, but will come back and update [edit: Acronis is one name... not a recommendation per se, just a name I've heard of]
Join Date: Jul 2008
Location: uk
Posts: 894
Likes: 0
Received 0 Likes
on
0 Posts
The only thing bearing the name Norton that I will have on my machine is Norton Ghost - does a good job.
Also found Seagate Disk Wizard a useful tool, but I believe it might only work with Seagate HDs these days.
Also found Seagate Disk Wizard a useful tool, but I believe it might only work with Seagate HDs these days.
Join Date: Jan 2008
Location: Timbuktu
Posts: 962
Likes: 0
Received 0 Likes
on
0 Posts
I suspect we'll see a clamp down and regulation of the market
Bitcoin itself, as "version 1" and a proof-of-concept, might be superseded by something else (e.g. litecoin), but cryptocurrencies are here to stay.
anyway, these Cryptolocker guys are making an absolute packet... by some estimates, tens of millions of bucks
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
Nope. One of the main points of bitcoin is that it's a crytocurrency, and designed to be unregulatable.
The regulators could either make it very difficult, or simply downright ban the conversion of bitcoins into real currency.
At the moment you can get a bitcoin ID without undergoing KYC..... all they need to do is enforce a KYC requirements for bitcoin IDs where that ID will be used for certain transactions. Anonymous bitcoin IDs would still be allowed, but would be restricted in terms of the transactions they could undertake.
Join Date: Jan 2008
Location: Timbuktu
Posts: 962
Likes: 0
Received 0 Likes
on
0 Posts
A good point Mixture, but I think there are too many currencies in the world for this to be realistic.
Example. I want to sell some (nefariously obtained) BTC. I trade them for Ghanian cedi, then trade those for UAE dirhams, then into Icelandic kronor, then into Euros... and then pounds or dollars or whatever.
I doubt that such total world regulation is possible. Look at existing tax havens and money laundering... illicit Bitcoin trading just uses these existing systems.
(disclaimer to NSA: this is a thought experiment
)
Example. I want to sell some (nefariously obtained) BTC. I trade them for Ghanian cedi, then trade those for UAE dirhams, then into Icelandic kronor, then into Euros... and then pounds or dollars or whatever.
I doubt that such total world regulation is possible. Look at existing tax havens and money laundering... illicit Bitcoin trading just uses these existing systems.
(disclaimer to NSA: this is a thought experiment
)
b) Disk cloning/image type backup regimes.... (you're wasting a lot of time and space backing up Operating System and Software, both of which you can and should reinstall from scratch.... focus your efforts on backing up files which you can't restore by other means). Plus you won't really get a true clone/image of your disk unless you unmount it, boot of something else and clone it.
Join Date: Dec 2006
Location: Belo Horizonte, Brazil
Age: 79
Posts: 50
Likes: 0
Received 0 Likes
on
0 Posts
Agreed that doing a complete backup image may not be very useful, particulary if there's a lot of junk (a lot uninvited) on the computer.
What I did on my last houskeeping which included a complete HD format and thorough clean of the HD, was to install all the basic software I use including any specific configurations for Office etc; no google earth or that sort of program. At that point I made a system image. I figure that, in the event I need to clean up my system, I have a useful starting without having to re-load all the separate components some of which are a pain due to having to contact companies to unlock applications that I have purchased (that's a real pain).
What I did on my last houskeeping which included a complete HD format and thorough clean of the HD, was to install all the basic software I use including any specific configurations for Office etc; no google earth or that sort of program. At that point I made a system image. I figure that, in the event I need to clean up my system, I have a useful starting without having to re-load all the separate components some of which are a pain due to having to contact companies to unlock applications that I have purchased (that's a real pain).
@occasional
If you're looking for backup software that will allow you to restore not only your data but also the operating system and installed applications, then you're looking for something that does a "bare metal" restore.
Use your favourite search engine, type in; backup "bare metal" and you'll be presented with a range of options. For a more specific search, add the operating system you use to the search.
That said, a better way would be to get new copies of the OS and application media (legit copies are easy and not so expensive) and then recover the license key details from your machine or from the software vendor and keep them all safe. Then backup your data. You then have two options...
a) keep them safe in case you need them or
b) having tested your backups, wipe the machine and reinstall the OS, applications and all patches/updates. Use something like Norton Ghost to make a disk image (this will be your "gold master" recovery point for any future system problems) (and make more than one copy), then put your data back onto the system.
JAS
If you're looking for backup software that will allow you to restore not only your data but also the operating system and installed applications, then you're looking for something that does a "bare metal" restore.
Use your favourite search engine, type in; backup "bare metal" and you'll be presented with a range of options. For a more specific search, add the operating system you use to the search.
That said, a better way would be to get new copies of the OS and application media (legit copies are easy and not so expensive) and then recover the license key details from your machine or from the software vendor and keep them all safe. Then backup your data. You then have two options...
a) keep them safe in case you need them or
b) having tested your backups, wipe the machine and reinstall the OS, applications and all patches/updates. Use something like Norton Ghost to make a disk image (this will be your "gold master" recovery point for any future system problems) (and make more than one copy), then put your data back onto the system.
JAS
Join Date: Aug 2002
Location: Earth
Posts: 3,663
Likes: 0
Received 0 Likes
on
0 Posts
What I did on my last houskeeping which included a complete HD format and thorough clean of the HD, was to install all the basic software I use including any specific configurations for Office etc; no google earth or that sort of program. At that point I made a system image. I figure that, in the event I need to clean up my system, I have a useful starting
Its a similar concept to how things work when you're rolling out a few hundred desktops to employees at some large companies. IT admin create a base system image (or images) which then get rolled out to desktops (although the tools and methodology used in the corporate world is somewhat different due to the ready availability of servers for offloading some aspects).
The whole point though, as you correctly infer, is that images have to be done on day zero in a clean state.
Using system images as a form of backup throughout the lifecycle of your PC is, however, very much not the intended use. System images full of accumulated crud are a fat lot of use to anyone.