Latest News: CryptoLocker Virus Spreading, Be wary of it!!
Source:
Britain’s National Crime Agency (NCA) has issued an “urgent alert” to computer users about the threat posed by the CryptoLocker malware.
The NCA’s National Cyber Crime Unit has warned that online criminals have launched a major internet attack designed to hold victims’ computer data hostage, and demand a ransom of hundreds of pounds be paid.
The cybercops’ alert warns that the CyberLocker ransomware – which encrypts computer files and demands a ransom be paid for the decryption key – has been distributed via spammed-out emails claiming to come from banks and financial institutions.
Last week, US-CERT issued a similar warning to American computer users.
What types of computers does CryptoLocker target?
CryptoLocker targets computers running versions of Windows. Mac computers are not affected.
How is CryptoLocker spread?
CryptoLocker isn’t a virus or a worm, it’s a Trojan horse. That means – like most malware seen today – it can’t travel under its own steam, and doesn’t self-replicate.
Instead, CryptoLocker is typically distributed via spammed-out email messages, perhaps claiming to come from your bank or a delivery company. If you click on the attached file (which might pretend at first glance to be a PDF file, but actually use the .PDF.EXE double extension trick to hide its executable nature), your computer becomes infected.
Of course, it’s possible the criminals behind CryptoLocker could also distribute it in other ways. For instance, by compromising websites with malicious exploit kits that take advantage of software vulnerabilities to install CryptoLocker on visiting computers.
What files does CryptoLocker encrypt?
Once your computer is infected, CryptoLocker hunts for files to encrypt. It doesn’t just on your hard drive, but on any connected drives, including mapped network shares, and even folders that you might sync up with the Cloud – such as DropBox.
Filenames which match the following patterns are encrypted by CryptoLocker:
So, you may well be saying goodbye to your documents, your databases, your photographs, your PowerPoint slides, your spreadsheets, and much else besides.
Will I see anything on my screen to tell me I’ve been hit?
Only when it’s too late.
After files have been encrypted, CryptoLocker displays a message that demands you electronically send the ransom payment (options may include Bitcoin, MoneyPak cashU, or UKash) in order to decrypt the files.
A 72 hour timer is displayed, which ticks down and explains that if you do not pay the ransom demand, your files will be permanently inaccessible and impossible to ever decrypt.
The clock is ticking…
MoneyPak? Bitcoins? Can’t I pay the CryptoLocker ransom with a credit card instead?
No, the criminals don’t give a credit card option.
One of the reasons is presumably because it would be easy for victims to “pay” the ransom using their credit card to have their files decrypted, and then use chargeback to claw back their money.
Of course, many people may not know how to send funds via Moneypak or Bitcoin – a possible stumbling block for the criminals.
So if I don’t pay the ransom in time, all of my data is lost?
Not quite. The first hope has to be that you have kept regular backups of your important data, separate from your computer, and that you can restore your system from them. If you weren’t keeping backups, then please learn something from this horrible experience.
Secondly, and I don’t recommend you take this this option, it has been reported that the criminals are now giving victims the ability to pay the ransom *after* the deadline has passed, and get their files decrypted that way.
Regardless of whether you approve of encouraging blackmailers by paying the ransom or not, the fact that this late decryption service is only accessible via TOR, and not the conventional web, probably puts it beyond the reach of typical computer users.
Can’t anti-virus software remove CryptoLocker and save my data?
Good anti-virus software should be able to detect and remove CryptoLocker – however, removing CryptoLocker isn’t the same as decrypting your data files. And anti-virus software cannot unscramble your data.
If you do remove a CryptoLocker infection you won’t be able to pay the ransom to have your files decrypted.
Fascinatingly, the criminals behind CryptoLocker anticipated this, and change the Windows wallpaper on infected computers to explain how users can download and reinstall CryptoLocker!
How do you protect against CryptoLocker?
Cryptolocker is a serious threat. If you’re unlucky enough to have your computer infected by it, and haven’t taken precautions, you may find yourself in the unpleasant situation of having to choose whether to pay the ransom, or never gain access to your data again.
That means you’re saying goodbye to your family photographs, and any other personal data you have amassed over the years. If you’re a business then the potential losses could be even more significant.
The answer is three-fold.
Firstly, protect your computer from becoming infected by keeping it up-to-date with anti-virus and security patches. Also be cautious of opening unsolicited email attachments or clicking on unknown links. If you are security savvy you can reduce the chances of being hit by a threat like CryptoLocker.
Secondly, consider setting a
Finally, for goodness sake, make backups of your important data and keep them separate from your computer (to prevent malware like CryptoLocker from encrypting your backups as well) That way, if the worst does happen, you should be able to restore your valuable data and not pay up to the crooks.
--------------
Spread this around so that we can prevent randoms from being victims!!
Source:
You must be registered for see links
Britain’s National Crime Agency (NCA) has issued an “urgent alert” to computer users about the threat posed by the CryptoLocker malware.
You must be registered for see images
The NCA’s National Cyber Crime Unit has warned that online criminals have launched a major internet attack designed to hold victims’ computer data hostage, and demand a ransom of hundreds of pounds be paid.
The cybercops’ alert warns that the CyberLocker ransomware – which encrypts computer files and demands a ransom be paid for the decryption key – has been distributed via spammed-out emails claiming to come from banks and financial institutions.
Last week, US-CERT issued a similar warning to American computer users.
What types of computers does CryptoLocker target?
CryptoLocker targets computers running versions of Windows. Mac computers are not affected.
How is CryptoLocker spread?
CryptoLocker isn’t a virus or a worm, it’s a Trojan horse. That means – like most malware seen today – it can’t travel under its own steam, and doesn’t self-replicate.
Instead, CryptoLocker is typically distributed via spammed-out email messages, perhaps claiming to come from your bank or a delivery company. If you click on the attached file (which might pretend at first glance to be a PDF file, but actually use the .PDF.EXE double extension trick to hide its executable nature), your computer becomes infected.
Of course, it’s possible the criminals behind CryptoLocker could also distribute it in other ways. For instance, by compromising websites with malicious exploit kits that take advantage of software vulnerabilities to install CryptoLocker on visiting computers.
What files does CryptoLocker encrypt?
Once your computer is infected, CryptoLocker hunts for files to encrypt. It doesn’t just on your hard drive, but on any connected drives, including mapped network shares, and even folders that you might sync up with the Cloud – such as DropBox.
Filenames which match the following patterns are encrypted by CryptoLocker:
????????.jpe, ????????.jpg, *.3fr, *.accdb, *.ai, *.arw, *.bay, *.cdr, *.cer, *.cr2, *.crt, *.crw, *.dbf, *.dcr, *.der, *.dng, *.doc, *.docm, *.docx, *.dwg, *.dxf, *.dxg, *.eps, *.erf, *.indd, *.kdc, *.mdb, *.mdf, *.mef, *.mrw, *.nef, *.nrw, *.odb, *.odc, *.odm, *.odp, *.ods, *.odt, *.orf, *.p7b, *.p7c, *.p12, *.pdd, *.pef, *.pem, *.pfx, *.ppt, *.pptm, *.pptx, *.psd, *.pst, *.ptx, *.r3d, *.raf, *.raw, *.rtf, *.rw2, *.rwl, *.sr2, *.srf, *.srw, *.wb2, *.wpd, *.wps, *.x3f, *.xlk, *.xls, *.xlsb, *.xlsm, *.xlsx, img_*.jpg
So, you may well be saying goodbye to your documents, your databases, your photographs, your PowerPoint slides, your spreadsheets, and much else besides.
Will I see anything on my screen to tell me I’ve been hit?
Only when it’s too late.
After files have been encrypted, CryptoLocker displays a message that demands you electronically send the ransom payment (options may include Bitcoin, MoneyPak cashU, or UKash) in order to decrypt the files.
You must be registered for see images
A 72 hour timer is displayed, which ticks down and explains that if you do not pay the ransom demand, your files will be permanently inaccessible and impossible to ever decrypt.
The clock is ticking…
MoneyPak? Bitcoins? Can’t I pay the CryptoLocker ransom with a credit card instead?
No, the criminals don’t give a credit card option.
One of the reasons is presumably because it would be easy for victims to “pay” the ransom using their credit card to have their files decrypted, and then use chargeback to claw back their money.
Of course, many people may not know how to send funds via Moneypak or Bitcoin – a possible stumbling block for the criminals.
So if I don’t pay the ransom in time, all of my data is lost?
Not quite. The first hope has to be that you have kept regular backups of your important data, separate from your computer, and that you can restore your system from them. If you weren’t keeping backups, then please learn something from this horrible experience.
Secondly, and I don’t recommend you take this this option, it has been reported that the criminals are now giving victims the ability to pay the ransom *after* the deadline has passed, and get their files decrypted that way.
You must be registered for see images
Regardless of whether you approve of encouraging blackmailers by paying the ransom or not, the fact that this late decryption service is only accessible via TOR, and not the conventional web, probably puts it beyond the reach of typical computer users.
Can’t anti-virus software remove CryptoLocker and save my data?
Good anti-virus software should be able to detect and remove CryptoLocker – however, removing CryptoLocker isn’t the same as decrypting your data files. And anti-virus software cannot unscramble your data.
If you do remove a CryptoLocker infection you won’t be able to pay the ransom to have your files decrypted.
Fascinatingly, the criminals behind CryptoLocker anticipated this, and change the Windows wallpaper on infected computers to explain how users can download and reinstall CryptoLocker!
You must be registered for see images
How do you protect against CryptoLocker?
Cryptolocker is a serious threat. If you’re unlucky enough to have your computer infected by it, and haven’t taken precautions, you may find yourself in the unpleasant situation of having to choose whether to pay the ransom, or never gain access to your data again.
That means you’re saying goodbye to your family photographs, and any other personal data you have amassed over the years. If you’re a business then the potential losses could be even more significant.
The answer is three-fold.
Firstly, protect your computer from becoming infected by keeping it up-to-date with anti-virus and security patches. Also be cautious of opening unsolicited email attachments or clicking on unknown links. If you are security savvy you can reduce the chances of being hit by a threat like CryptoLocker.
Secondly, consider setting a
You must be registered for see links
on your Windows PCs that prevents executables from running from certain locations on your hard drive.Finally, for goodness sake, make backups of your important data and keep them separate from your computer (to prevent malware like CryptoLocker from encrypting your backups as well) That way, if the worst does happen, you should be able to restore your valuable data and not pay up to the crooks.
--------------
Spread this around so that we can prevent randoms from being victims!!
Last edited:
