Data recovery and disk repair questions and discussions related to old-fashioned SATA, SAS, SCSI, IDE, MFM hard drives - any type of storage device that has moving parts
November 12th, 2014, 15:03
It happens more and more often to read new threads about users who report that they have been attacked by the CryptoLocker virus, which causes the files encryption, meaning completely inaccessible.
To regain access to your files, you have to accept the blackmail by hackers that have infected your PC, that is to pay $ 400 within 72 hours, or if you want to regain access to your files in a second moment you have to pay them the double.
The service was broadcast last night on the italian TV shows you how these hackers infect your PC, the ransom mode, why police enforcement is not able to stop these criminals and what you can do to prevent the problem.
I translated the video with English subtitles, so that everyone can understand.
I believe knowing this can be very useful for careless users, and to make the lives of these hackers a bit more complicated.http://mfi.re/watch/m7r6mpw2dbm2b83/Cry ... ian_TV.mp4
November 12th, 2014, 15:42
Sad.. but the host dude is hilarious. Hope the audience does not think it is a parody of some sort.
November 12th, 2014, 16:22
No, it's not a parody.
November 12th, 2014, 18:03
is not a parody, i have some customers here affected by CryptoLocker.
Last case here is posted now 1 month ago.
viewtopic.php?f=1&t=29699Finally customer payed 3000 eur to hacker but not passwork sended.
if you pay is not sure you get your data.
Be carefull.
November 12th, 2014, 18:51
https://www.decryptcryptolocker.com/Plain cryptolocker can be decrypted now, any variant or other similar (cryptowall, etc) does not work with this, just regular cryptolocker.
November 13th, 2014, 4:53
A bit of info.
I saw a drive 2 weeks ago with the newer Cryptowall encryption. As far as I can tell the infection was introduced by an email attachment so that would be where people have to take care. When I looked at the folders containing the encrypted files I noticed the trojan goes for the .doc and .jpg files. The system users had been using MS Works for text processing so they were very fortunate as the .wps files remained untouched. All the jpeg photos were encrypted though the .bmp images also remained untouched.
November 13th, 2014, 6:33
WOW! someone uses Works!
But seriously, yes you really have to make sure your backup regime is good. And take care to not leave your backup drives mapped and authenticated, make sure your backup system cannot overwrite all your backups with malware.. I saw a small shop a few days ago and helped them transfer their database from a custom Acess97 app(forms) to their new POS system. They backed up everyday overwriting the 1 day old only copy!!
November 13th, 2014, 9:18
You misunderstood what I meant by audience and parody in the sentence I wrote due to my unclear writing.
I have worked on CryptoLocker cases several times. Bunch of headaches, again, as result of misunderstanding and customers not listening.
Meant audience as in the common folk watching news on TV. Since the guy was sort of hilarious in how he went about presenting the problem, in some areas of the video (e.g. following the cable to the guy in the Arctic), was sort of comical (as oppose to any technical person who is heavily aware of this problem to whom the video makes a whole lot of sense). Hence, the sense of parody the common folk may interpret the presentation as.
Nevertheless, it is good that the authorities attempt to inform/educate the public. Have not heard of this on the news in the US, yet.
November 15th, 2014, 21:47
There is a CryptoLocker copycat I'm seeing frequently.
Information and a dedicated forum on it is available at Bleeping Computer.
http://www.bleepingcomputer.com/forums/ ... r-copycat/
November 16th, 2014, 12:44
An efficient (that means not FREE) antivirus is more than sufficient to prevent it from ENTERING your system (not if you are facing the problem). All the case I have seen were the result of... "reckless computing". PERIOD.
P.S. I have hardware firewall and centralized, hardware based network filtering. So far, no problems of any kind . On PC, a COMMERCIAL Antivirus , paid . It costs less than you think in comparison to danger and possible downtime.
P.P.S. it's a good opportunity to fix things / make it won't happen again and make good money out of it, isn't it ?
November 17th, 2014, 10:05
Had a recent case where Crytowall was involved. Client had Eset Node32 Antivirus, up to date version and fully updated- first class antivirus software! It was established that the malware entered by her clicking on a fake ups email. All major documents, pictures, and her company database were encrypted. The antivirus detected and removed malware after the encryption had taken place. In her case ALL shadow copies were recoverable resulting in a very happy client.
November 17th, 2014, 15:33
Other AV detect the activity of the malware AND defeat the process before encryption , that is the best thing.
In this case there were shadow copies, what if not ? The AV did not decrypt, it just reverted the action of the malware by replacing the attacked files with shadow copies.
Powered by phpBB © phpBB Group.