October 10, 2013 at 2:46 pm #8602n37sh@rkParticipant
This could go in a few different places so I am posting it here. Has anyone run into Cryptolocker? If you have, what have you found to be the source? Is there a way to decrypt the information with out paying the ransom? So far i have been able to restore from backup for one customer the other wasn’t so lucky and ended up reformatting the PC. Im looking for any information on this if any one has reverse engineered it or done forensics on it.
November 21, 2013 at 7:11 pm #53566TribanParticipant
At this time there is no fast way to recover from the files being encrypted. You could either pay or wipe, re-image, restore from known good backup. I’ve heard some people paying and getting roughly a 3 day turnaround on the decryption. But like all ransom situations, you risk not getting anything for paying and only having to pay more. This type of attack reiterates a number of security measures that should be in place. Patching systems, not running as a privileged user, backing up your data regularly, and smart internet/email usage. You can read up on Kreb’s recent articles on the matter http://krebsonsecurity.com/2013/11/cryptolocker-crew-ratchets-up-the-ransom/ he does have some preventative measures listed but nothing to help if you have already been hit with it.
November 22, 2013 at 1:57 pm #53567ziggy_567Participant
As far as recovering without paying the ransom, you have two options:
1) Backups. This doesn’t do you any good after the fact if you’re not taking regular and complete backups, though.
2) Volume Shadow Copies. I’ve heard rumblings that newer versions of Crypt0locker are accounting for VSS now, though.
December 15, 2015 at 11:07 am #53568GoSParticipant
Minor adware like yoursites123 can bring ransomware on your PC, info: http://nabzsoftware.com/types-of-threats/yoursites123
A good and big article about cryptolocker can be found http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information
February 24, 2016 at 1:36 pm #53569Gabriel999Participant
Beware that hackers have just renewed Cryptolocker and have started spreading it as Cryptowall! I was infected with this threat several weeks ago, so I must warn users that now it is capable of affecting data, which is saved on external hard drives and Dropbox. So, your files may be doomed even if you have backups saved on your external drive.. However, I can’t agree that yoursites123 or similar browser hijacker can bring ransomware to the system. People are tricked into installing such threats as “important” attachments.
I have also managed to find this post about yoursites123. You can check it for getting more knowledge about this thing… http://www.2-spyware.com/remove-yoursites123-com-virus.html
You must be logged in to reply to this topic.