Virus/Malware/Ransomware

Viewing 4 reply threads
  • Author
    Posts
    • #8602
      n37sh@rk
      Participant

      Hey guys,

      This could go in a few different places so I am posting it here. Has anyone run into Cryptolocker? If you have, what have you found to be the source? Is there a way to decrypt the information with out paying the ransom? So far i have been able to restore from backup for one customer the other wasn’t so lucky and ended up reformatting the PC. Im looking for any information on this if any one has reverse engineered it or done forensics on it.

    • #53566
      Triban
      Participant

      At this time there is no fast way to recover from the files being encrypted. You could either pay or wipe, re-image, restore from known good backup. I’ve heard some people paying and getting roughly a 3 day turnaround on the decryption. But like all ransom situations, you risk not getting anything for paying and only having to pay more. This type of attack reiterates a number of security measures that should be in place. Patching systems, not running as a privileged user, backing up your data regularly, and smart internet/email usage. You can read up on Kreb’s recent articles on the matter http://krebsonsecurity.com/2013/11/cryptolocker-crew-ratchets-up-the-ransom/ he does have some preventative measures listed but nothing to help if you have already been hit with it.

    • #53567
      ziggy_567
      Participant

      As far as recovering without paying the ransom, you have two options:

      1) Backups. This doesn’t do you any good after the fact if you’re not taking regular and complete backups, though.

      2) Volume Shadow Copies. I’ve heard rumblings that newer versions of Crypt0locker are accounting for VSS now, though.

      Good luck!

    • #53568
      GoS
      Participant

      Minor adware like yoursites123 can bring ransomware on your PC, info: http://nabzsoftware.com/types-of-threats/yoursites123

      A good and big article about cryptolocker can be found http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

    • #53569
      Gabriel999
      Participant

      Beware that hackers have just renewed Cryptolocker and have started spreading it as Cryptowall! I was infected with this threat several weeks ago, so I must warn users that now it is capable of affecting data, which is saved on external hard drives and Dropbox. So, your files may be doomed even if you have backups saved on your external drive.. However, I can’t agree that yoursites123 or similar browser hijacker can bring ransomware to the system. People are tricked into installing such threats as “important” attachments.
      Source: http://www.2-spyware.com/remove-cryptowall-virus.html

      I have also managed to find this post about yoursites123. You can check it for getting more knowledge about this thing… http://www.2-spyware.com/remove-yoursites123-com-virus.html

Viewing 4 reply threads
  • You must be logged in to reply to this topic.

Copyright ©2020 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?