.

Virus/Malware/Ransomware

<<

n37sh@rk

User avatar

Jr. Member
Jr. Member

Posts: 70

Joined: Thu Jan 24, 2013 1:07 pm

Location: Anywhere

Post Thu Oct 10, 2013 9:46 am

Virus/Malware/Ransomware

Hey guys,

This could go in a few different places so I am posting it here. Has anyone run into Cryptolocker? If you have, what have you found to be the source? Is there a way to decrypt the information with out paying the ransom? So far i have been able to restore from backup for one customer the other wasn't so lucky and ended up reformatting the PC. Im looking for any information on this if any one has reverse engineered it or done forensics on it.
<<

Triban

User avatar

Hero Member
Hero Member

Posts: 620

Joined: Fri Feb 19, 2010 4:17 pm

Post Thu Nov 21, 2013 2:11 pm

Re: Virus/Malware/Ransomware

At this time there is no fast way to recover from the files being encrypted. You could either pay or wipe, re-image, restore from known good backup. I've heard some people paying and getting roughly a 3 day turnaround on the decryption. But like all ransom situations, you risk not getting anything for paying and only having to pay more. This type of attack reiterates a number of security measures that should be in place. Patching systems, not running as a privileged user, backing up your data regularly, and smart internet/email usage. You can read up on Kreb's recent articles on the matter http://krebsonsecurity.com/2013/11/cryp ... he-ransom/ he does have some preventative measures listed but nothing to help if you have already been hit with it.
<<

ziggy_567

User avatar

Sr. Member
Sr. Member

Posts: 378

Joined: Tue Dec 30, 2008 1:53 pm

Post Fri Nov 22, 2013 8:57 am

Re: Virus/Malware/Ransomware

As far as recovering without paying the ransom, you have two options:

1) Backups. This doesn't do you any good after the fact if you're not taking regular and complete backups, though.

2) Volume Shadow Copies. I've heard rumblings that newer versions of Crypt0locker are accounting for VSS now, though.

Good luck!
--
Ziggy


eCPPT - GSEC - GCIH - GWAPT - GCUX - RHCE - SCSecA - Security+ - Network+

Return to Other

Who is online

Users browsing this forum: No registered users and 2 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software