Virus/Malware/Ransomware

This topic contains 4 replies, has 5 voices, and was last updated by  Gabriel999 3 years, 9 months ago.

  • Author
    Posts
  • #8602
     n37sh@rk 
    Participant

    Hey guys,

    This could go in a few different places so I am posting it here. Has anyone run into Cryptolocker? If you have, what have you found to be the source? Is there a way to decrypt the information with out paying the ransom? So far i have been able to restore from backup for one customer the other wasn’t so lucky and ended up reformatting the PC. Im looking for any information on this if any one has reverse engineered it or done forensics on it.

  • #53566
     Triban 
    Participant

    At this time there is no fast way to recover from the files being encrypted. You could either pay or wipe, re-image, restore from known good backup. I’ve heard some people paying and getting roughly a 3 day turnaround on the decryption. But like all ransom situations, you risk not getting anything for paying and only having to pay more. This type of attack reiterates a number of security measures that should be in place. Patching systems, not running as a privileged user, backing up your data regularly, and smart internet/email usage. You can read up on Kreb’s recent articles on the matter http://krebsonsecurity.com/2013/11/cryptolocker-crew-ratchets-up-the-ransom/ he does have some preventative measures listed but nothing to help if you have already been hit with it.

  • #53567
     ziggy_567 
    Participant

    As far as recovering without paying the ransom, you have two options:

    1) Backups. This doesn’t do you any good after the fact if you’re not taking regular and complete backups, though.

    2) Volume Shadow Copies. I’ve heard rumblings that newer versions of Crypt0locker are accounting for VSS now, though.

    Good luck!

  • #53568
     GoS 
    Participant

    Minor adware like yoursites123 can bring ransomware on your PC, info: http://nabzsoftware.com/types-of-threats/yoursites123

    A good and big article about cryptolocker can be found http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

  • #53569
     Gabriel999 
    Participant

    Beware that hackers have just renewed Cryptolocker and have started spreading it as Cryptowall! I was infected with this threat several weeks ago, so I must warn users that now it is capable of affecting data, which is saved on external hard drives and Dropbox. So, your files may be doomed even if you have backups saved on your external drive.. However, I can’t agree that yoursites123 or similar browser hijacker can bring ransomware to the system. People are tricked into installing such threats as “important” attachments.
    Source: http://www.2-spyware.com/remove-cryptowall-virus.html

    I have also managed to find this post about yoursites123. You can check it for getting more knowledge about this thing… http://www.2-spyware.com/remove-yoursites123-com-virus.html

You must be logged in to reply to this topic.

Copyright ©2019 Caendra, Inc.

Contact Us

Thoughts, suggestions, issues? Send us an email, and we'll get back to you.

Sending

Sign in with Caendra

Forgot password?Sign up

Forgot your details?