Rules
Terms of Use

Topic Options
#1020629 - Wed Nov 13 2013 02:01 AM CryptoLocker virus.
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5383
Loc: South of England
Is everyone aware of the CryptoLocker Ransomware virus? It's been high-profile News around the Internet but maybe some aren't aware of it. If unlucky enough to be tricked into installing this, all the files on the computer, including those held on other connected drives, will become encrypted and therefore unusable/inaccessible. Files stored on disks or drives that are disconnected when not in use will not be affected. I 'd guess that means providing they are not reconnected while the computer still has the virus.

The virus can be removed (although I'd reinstall the OS myself) but this will not restore your encrypted files. These become permanently lost unless you pay a ransom within a certain number of days and before removing the infection. When time is up, the developers of this virus destroy the decryption key and that's that. Files should always be backed up of course but perhaps this is another good reason for not putting the job off. Once done, keep the back-up drive disconnected as a precaution.

Dropbox folders can be affected but other than that, I think files in Cloud storage might be safe. I thought I should post about this because of the mention of Cloud storage and Dropbox in Sue's 'Beware of the cloud!' thread.

I don't know how at risk we are of getting this virus since it is aimed at companies that cannot afford to lose their files and are therefore more likely to pay the ransom. That said, there have been cases of infection and it's best to be aware of the virus at least.

A typical way of getting the virus is the good old e-mail attachment and I think most of us know to be careful of those anyway. The virus may arrive as a PDF file attachment that seems legitimate. However, it isn't a .PDF. What the file extension really is: '.PDF.EXE' but since Windows hides file extensions by default, you don't see the '.EXE' part. So you click on what seems like a PDF file and the computer is infected. There maybe attack vectors other than e-mail attachments that I'm unaware of at this time.

More can be read about this virus than I can write but maybe this post will make people aware and consider reading further about it. An Internet search will bring up much information.

Edit: Only a typo.


Edited by tellywellies (Wed Nov 13 2013 07:34 AM)
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#1020669 - Wed Nov 13 2013 06:18 AM Re: CryptoLocker virus. [Re: tellywellies]
flopsymopsy Offline
Moderator

Registered: Sat May 17 2008
Posts: 3530
Loc: Northampton England UK      
Good advice, tellywellies. I would also suggest that people alter their Windows file extension status so that these are no longer hidden. It may not be as tidy but it's a lot safer than clicking on an .exe file you didn't know was one. The methods for changing this are a little different according to the version of Windows - but googling for "Windows show file extensions" should get people to the right instructions.
_________________________
The Hubble Telescope has just picked up a sound from a fraction of a second before the Big Bang. The sound was "Uh oh".

Top
#1020683 - Wed Nov 13 2013 07:51 AM Re: CryptoLocker virus. [Re: tellywellies]
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5383
Loc: South of England
The advice to un-hide file extensions is also good. Then the ploy would be easily seen through.

I have recently been trying a small utility that is said to prevent CryptoLocker installing. No ill-efects noticed but the program provides a way to undo the changes it makes if necessary. 'CryptoPrevent' is being mentioned favourably in various computer forums and security articles. Worth reading about.

I think Sandboxie (my primary security program) would also stop infection.
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#1020772 - Wed Nov 13 2013 04:30 PM Re: CryptoLocker virus. [Re: tellywellies]
pyonir Offline
Mainstay

Registered: Sat Apr 25 2009
Posts: 872
Loc: Minnesota USA
Good idea bringing this up tw. A lot of viruses are being spread through PDF files nowadays. My advice to people that aren't very computer savvy...unless you know who the user is without a doubt and are expecting a PDF from the user, do not open ANY PDF's through email. That may be more difficult in a business environment, but if you have any doubt about a file, go with that doubt and contact the person that sent it to you to find out if it's legit.

If PDF files are a part of your everyday life (or frequently are used) it's best to review PDF analyzing tools. Here is a bit of info on some of them: http://blog.zeltser.com/post/5360563894/tools-for-malicious-pdf-analysis

More can be found with simple Google searches.

tw: Does Sandboxie protect against ransom viruses? I'll have to do some research on that...if it does, Sandboxie might be the best route for anyone using PDFs or just in general (which I know you promote anyway of course).

Top
#1020789 - Wed Nov 13 2013 06:09 PM Re: CryptoLocker virus. [Re: tellywellies]
WesleyCrusher Offline

Administrator

Registered: Thu Sep 04 2008
Posts: 4443
Loc: Germany
CryptoPrevent (which tw mentioned) is a free protection tool available against this particular trojan (which also works against several other, similar threats). I've read up on it and from my knowledge, it's both safe and effective. It is essentially an easy front-end tool to configure a complex and difficult to use Windows security mechanism (Group policy editor, for those in the know) that will prevent certain files from executing.

http://www.foolishit.com/vb6-projects/cryptoprevent/

I'd recommend just installing and running with default settings which should be appropriate for 99% of PCs (and the remaining 1% is owned by those who know what to do). Remember that if you're on a network and sharing files, you need to install this on *all* PCs that might come into contact with the internet to be protected.

This doesn't however mean you don't need backups... so take it as a reminder to update yours smile


Edited by WesleyCrusher (Wed Nov 13 2013 06:12 PM)
_________________________
FunTrivia Editor (Hobbies and Sci/Tech) and Administrator
Guardian of the Tower

Top
#1020792 - Wed Nov 13 2013 07:19 PM Re: CryptoLocker virus. [Re: tellywellies]
flopsymopsy Offline
Moderator

Registered: Sat May 17 2008
Posts: 3530
Loc: Northampton England UK      
I use Bitdefender and that protects against Cryptolocker. They also provide a free tool to prevent Cryptolocker from installing on PCs for people who don't have their antivirus/antispyware; you can download it here.
_________________________
The Hubble Telescope has just picked up a sound from a fraction of a second before the Big Bang. The sound was "Uh oh".

Top
#1020821 - Thu Nov 14 2013 01:31 AM Re: CryptoLocker virus. [Re: pyonir]
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5383
Loc: South of England
Originally Posted By: pyonir
tw: Does Sandboxie protect against ransom viruses? I'll have to do some research on that...if it does, Sandboxie might be the best route for anyone using PDFs or just in general (which I know you promote anyway of course).

This particular infection isn't done via a PDF. It only masquerades as one (really .pdf.exe) but Sandboxie would be good for giving protection against infected PDF files as well. Sandboxie is a good program to use for opening any type of e-mail attachment in my opinion. It gives that extra layer of protection not based on signature definitions. It just doesn't trust anything.

I think CryptoLocker.pdf.exe and its subsequent installation would be contained. Files within the sandbox would be infected but not those outside. Emptying the sandbox would remove these files. Since they are only copies of those on the system, the original files would remain OK. Emptying the sandbox would also remove the offending .pdf.exe file. Here is what Sandboxie's developer (screen name of 'tzuk') says about CryptoLocker...

Link to Sandboxie's forum: http://www.sandboxie.com/phpbb/viewtopic.php?p=95351#95351

The default settings are mentioned and I think most people would use them.

The above would depend on the e-mail attachment being saved but opened under the protection of Sandboxie (something I always do). Good security is all about layers though. I wouldn't open an e-mail attachment, even within Sandboxie, without scanning it for malware first using the AV program (Bitdefender in my case). So a double precaution there ..triple considering CryptoPrevent. If I were to get this particular infection despite all that, there are always my disk image back-ups.

No security program or measure can be guaranteed to protect a computer. Malware writers are clever people and will always attempt to bypass any defences. Getting infected might never happen but it does happen to some people. That's why back-ups are all-important.
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#1020967 - Thu Nov 14 2013 06:42 PM Re: CryptoLocker virus. [Re: tellywellies]
ladymacb29 Offline
Moderator

Registered: Wed Mar 15 2000
Posts: 15703
Loc: The Delta Quadrant
I thought I read something today saying it was masquerading as a zip file? And then since some virus protection programs were recognizing it, they changed it to be an encrypted/password protected zip file (and the email includes the password, of course).
_________________________
"Without the darkness, how would we see the light?" ~ Tuvok

Editor for Television Category

Top
#1020984 - Fri Nov 15 2013 04:11 AM Re: CryptoLocker virus. [Re: tellywellies]
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5383
Loc: South of England
I just did a search on that and yes, it looks to be the latest bit of trickery. Whilst looking into that, I read it might also be found on hacked web sites residing inside infected software installers. If that is the case, I guess you download and install what should be good software only to find that CryptoLocker has been installed along with it.
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#1021032 - Fri Nov 15 2013 09:51 AM Re: CryptoLocker virus. [Re: tellywellies]
sue943 Offline

Administrator

Registered: Sun Dec 19 1999
Posts: 36613
Loc: Jersey Channel Islands        
Nasty people.
_________________________
Many a child has been spoiled because you can't spank a Grandma!

Top
#1021158 - Sat Nov 16 2013 01:02 AM Re: CryptoLocker virus. [Re: tellywellies]
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5383
Loc: South of England
Let's hope they get tracked down soon. They may be clever people but I expect there are equally clever ones on their case. Sky News ran a report on it this morning.
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#1021242 - Sat Nov 16 2013 10:51 AM Re: CryptoLocker virus. [Re: tellywellies]
satguru Offline
Forum Champion

Registered: Thu Feb 17 2000
Posts: 7002
Loc: Kingsbury London UK           
My friend just clicked on a Facebook link and it wiped out her PC instantly. I'm guessing there is no solution after the event? She's a student and has all her work on the PC and it's now been wiped.

Update, I think she was lucky, it crashed and rebooted a few minutes later. But still useful to know if there is a solution as some people won't know till it's arrived and will be caught out.


Edited by satguru (Sat Nov 16 2013 11:39 AM)
_________________________
Does the brain create or receive consciousness?

Top
#1021246 - Sat Nov 16 2013 12:23 PM Re: CryptoLocker virus. [Re: tellywellies]
flopsymopsy Offline
Moderator

Registered: Sat May 17 2008
Posts: 3530
Loc: Northampton England UK      
Well, firstly I'm glad her work has not in fact been wiped out. Secondly, I hope she learns to back everything up at least weekly, and to make copies of her work as she goes along. As far as documents are concerned, it would be a relatively simple thing to copy anything she has worked on to a key drive and to do that daily before turning the machine off, making sure she disconnects the drive until she wants to use it. At least then she'd have her work up to the day before and wouldn't lose much.
_________________________
The Hubble Telescope has just picked up a sound from a fraction of a second before the Big Bang. The sound was "Uh oh".

Top
#1021276 - Sat Nov 16 2013 04:43 PM Re: CryptoLocker virus. [Re: tellywellies]
tellywellies Offline
Forum Champion

Registered: Sat Apr 13 2002
Posts: 5383
Loc: South of England
I wonder if that was just something that crashed the computer rather than a virus. I believe more is needed than a click on a link to become infected with CryptoLocker. A victim has to be tricked into downloading and installing it one way or another. As far as I'm aware, it can't be picked up on a drive-by. Also, I read that when the virus is installed, the effects aren't immediate. It takes a fair while for files to become encrypted. When done, a ransom demand is displayed and it's only then that you know about it.

Nonetheless, the incident could act as a good prod to get on and back files up. Just in case it was some sort of virus, a scan with whatever security software is installed would be good.
_________________________
Error: Keyboard not attached. Press any key to continue..

Top
#1021294 - Sat Nov 16 2013 06:32 PM Re: CryptoLocker virus. [Re: tellywellies]
satguru Offline
Forum Champion

Registered: Thu Feb 17 2000
Posts: 7002
Loc: Kingsbury London UK           
That would explain why it recovered and was so sudden, it was one of those 'read this important information' sort of link, not everyone avoids them like the plague. I'll pass on the advice, I remember when I typed a script I sent to the TV people and didn't copy it when I was 14 (before shops had copiers). I never saw it again and pretty much gave up doing it after that, she's also doing creative writing so will make sure it's in duplicate.
_________________________
Does the brain create or receive consciousness?

Top
#1021374 - Sun Nov 17 2013 09:42 AM Re: CryptoLocker virus. [Re: tellywellies]
sue943 Offline

Administrator

Registered: Sun Dec 19 1999
Posts: 36613
Loc: Jersey Channel Islands        
Our local police have issued a warning about this one.
_________________________
Many a child has been spoiled because you can't spank a Grandma!

Top
#1057505 - Thu Aug 07 2014 04:37 PM Re: CryptoLocker virus. [Re: tellywellies]
pyonir Offline
Mainstay

Registered: Sat Apr 25 2009
Posts: 872
Loc: Minnesota USA

Top

Moderator:  flopsymopsy, ladymacb29