http://blogs.computerworld.com/malware-and-vulnerabilities/24161/backup-your-data-now-new-more-powerful-ransomware-using-tor-spotted-wild

When did you last backup your data? Let that serve as a reminder to do so since a new ransomware, touted as a more powerful version of Cryptolocker, has been spotted in the wild. It uses the Tor network to anonymize its communication with the command and control server; that’s a relatively new twist for ransomware as it is more commonly seen with “banking Trojans.”

The new-and-improved ransomware has been selling as a “turnkey” system for $3,000 on Deep Web underground forums since mid-June; it’s currently available in English and Russian, making countries that use those languages the prime targets for attackers. Cybercrooks call the crypto-malware CTB-Locker (Curve-Tor-Bitcoin Locker); Microsoft identifies it as Critoni.A.

Find these guys, line them against the wall then shoot them.

http://blogs.computerworld.com/malware-and-vulnerabilities/24161/backup-your-data-now-new-more-powerful-ransomware-using-tor-spotted-wild



Find these guys, line them against the wall then shoot them.

Thanks for the heads up. Time for another backup. And yes, shoot them summarily.

I run Windows Home Server and don't think too much about backups. But it is not a perfect solution. I will usually burn a DVD with copies of folders containing racing data and program source code but I realized it has been too long since I've done that. Time to take another snap shot.

I run Windows Home Server and don't think too much about backups. But it is not a perfect solution. I will usually burn a DVD with copies of folders containing racing data and program source code but I realized it has been too long since I've done that. Time to take another snap shot.

Haha, that's all I ever need to back up is my horse racing files. I use a Passport external drive and then burn a DVD of it every now and then.

Let's hope Microsoft's (or other company's) engineers figure out something quick. These bad guys are getting smarter and craftier than the engineers. Possibly some rogue engineers trying to make a little more money. I read somewhere that even some rogue governments may be behind these ransomware acts.

Just curious... If you are infected, can the drive be read externally by another computer if removed?

Dave, strictly a guess: yes, however, the files are encrypted.

Given enough time, resources and powerful enough computers, ya, you could decrypt it.

How exactly does one become infected with this? I am pretty clueless when it comes to this Tor thing...this whole so called "dark web."

Any insight from anyone?

I believe it is via the usual means -- clicking on an email attachment or some other nefarious means of getting the encrypting app installed on the victims computer.

From the last time: http://en.wikipedia.org/wiki/CryptoLocker

I believe it is via the usual means -- clicking on an email attachment or some other nefarious means of getting the encrypting app installed on the victims computer.

From the last time: http://en.wikipedia.org/wiki/CryptoLocker

I have gotten it 4 or 5 times from nefarious sites. :mad: I had the FBI ransomware version of this malware many times also. Each time, I simply changed User Accounts on the fly and then ran Malwarebytes to remove the infection. The files were never encrypted. (maybe a weaker, but just as scary version?).

However, after I used a small nifty app I found called CryptoPrevent on FoolishIT.com, I never got the virus again. The app lets you also do a test to see if the 'fix' worked. Make sure you keep the free signatures updated. Here's a direct link to the site.

http://www.foolishit.com/vb6-projects/cryptoprevent/

I have gotten it 4 or 5 times from nefarious sites. :mad: I had the FBI ransomware version of this malware many times also. Each time, I simply changed User Accounts on the fly and then ran Malwarebytes to remove the infection. The files were never encrypted. (maybe a weaker, but just as scary version?).

However, after I used a small nifty app I found called CryptoPrevent on FoolishIT.com, I never got the virus again. The app lets you also do a test to see if the 'fix' worked. Make sure you keep the free signatures updated. Here's a direct link to the site.

http://www.foolishit.com/vb6-projects/cryptoprevent/
Looks good.

I must say, the author did a very good job writing the descriptions and documentation. I think every question that came to mind while reading a number of pages were answered. Heck, he even revealed the details of what appears in the event log -- two thumbs up in my book.

All my data is backed up on the clowd and github....it works perfectly...

All my data is backed up on the clowd and github....it works perfectly...

So far. Not to rain on your parade, but read these short articles about the cloud being affected by this malware. Just wanted to give you a heads up.

http://blog.backupify.com/2014/01/13/cryptolocker-virus-affects-google-drive-files/

http://www.drivepop.com/cryptolocker-affect-files-cloud-storage/

Just curious... If you are infected, can the drive be read externally by another computer if removed?
More details about the new malware: https://securelist.com/analysis/publications/64608/a-new-generation-of-ransomware/

It's been taken to a whole different level. Again, in theory, it could be undone but now with the compression, encryption in multiple steps it becomes nearly impossible to undo. The universe would likely expire before a brute force method would succeed.

So far. Not to rain on your parade, but read these short articles about the cloud being affected by this malware. Just wanted to give you a heads up.

http://blog.backupify.com/2014/01/13/cryptolocker-virus-affects-google-drive-files/

http://www.drivepop.com/cryptolocker-affect-files-cloud-storage/

Hmm..

Reading this articles I can see the word MICROSOFT all over the place... LINUX does not seem to have any of these problems and this is one of the (many) reasons of why you should start using it.

Hmm..

Reading this articles I can see the word MICROSOFT all over the place... LINUX does not seem to have any of these problems and this is one of the (many) reasons of why you should start using it.
Really?

This guy seems to not be so sure: https://www.cdc.informatik.tu-darmstadt.de/reports/reports/Steffen_Schreiner.diplom.pdf

Basically, you pick your poison then take your chances.

Really?

This guy seems to not be so sure: https://www.cdc.informatik.tu-darmstadt.de/reports/reports/Steffen_Schreiner.diplom.pdf

Basically, you pick your poison then take your chances.
\

What is exactly the point you are trying to make?

Do you really disagree that linux is thousands of times more secure when it comes to virus infections than Windows?

Although it is truth that no operating system can be 100% virus safe, linux is almost there..

You can read here of google it for yourself:

http://www.tecmint.com/linux-operating-system-is-virus-free/

Personally I am using LINUX as my OS of choice since 1996 and NEVER EVER (I MEAN NEVER) had any issue with virus and of course I have never installed or even have seen any LINUX targeted antivitus software...

The point is, as you said, no platform, no OS, is totally free from security problems whether they are of the malware kind or otherwise.

I don't mean to question your experiences and I certainly do not want to get into any debates which take on overtones of religious battles, however, most people on this board and those that post in this area are not experienced IT professionals or highly experienced amateurs. Making assertions that Linux is the way to go can be misleading.

The point is, as you said, no platform, no OS, is totally free from security problems whether they are of the malware kind or otherwise.

I don't mean to question your experiences and I certainly do not want to get into any debates which take on overtones of religious battles, however, most people on this board and those that post in this area are not experienced IT professionals or highly experienced amateurs. Making assertions that Linux is the way to go can be misleading.


DJ,

I really think that linux is the way to go!

Today's distros are EXTREMELY easy to install and operate, it certainly is not like the old days... Ubuntu for example installs in a matter of 15-20 minutes with minimum required user – interaction..

I am convinced that there is no special knowledge and experience required from the part of the user..

A few months ago, one of my friends who only knows very basic things about computers, like to use email, browse the web and use twitter etc bought a new laptop that came with Win8.1. When he asked me for help about installing a printer driver I suggested to him to get rid of Windows and install ubuntu, something that I did for him, since MS has made it SO DIFFICULT for the novice, to find its way to change the BIOS settings so the computer boots from the CD or flash... I also gave him a brief intro to libre and the file manager...

SINCE THEN I HAD TO INSTALL UBUNTU TO THREE MORE OF HIS FRIENDS WHO SEEMED TO PREFERED IT FROM WINDOWS... And none of this guys was even close to a power user...

Ubuntu is very simple to install and operate and clearly superior from windows in any way you see it!

I've messed around with Ubuntu client installs. It is a nice interface and even did fairly well on an old, old IBM TP 600X (read Pentium II -- I think).

The last go-around with open source OS was exploring FreeNAS. It caused me no serious problems until I tried to use zfs. I eventually decided I was bleeding edge using the latest (12 pre-stable?) then reinstalled with the stable release. That helped a great deal but still ran into some conceptual problems with zfs. That box is still sitting there waiting for the next time I've got nuttin' else to do.

The last go-around with open source OS was exploring FreeNAS.

I have no experience with FreeNAS. But the point is that ubuntu is (sorry for repeating it) very easy to install and use and also a better OS than MS...

\

What is exactly the point you are trying to make?

Do you really disagree that linux is thousands of times more secure when it comes to virus infections than Windows?Is it inherently more secure? Or are there far less people looking to attack it because, truth be told, there are far less people in the world using it compared to Windows...kind of the same thing with MAC OS.

So is it a case of being inherently more secure, or is it a case of far less attackers designing weapons against it...

If you have less weapons being aimed at you (in both sheer numbers and diversity), then of course you're going to be more secure and more EASY to secure....

What exactly makes Linux INHERENTLY more secure? Let's say the vast numbers of diverse viruses and malware that are thrown at Windows every day are suddenly directed at Linux. Written specially to attack Linux...all those hackers aiming all of their different guns at Linux instead of Windows...you're telling me it would continue to be as secure as it is today?

No way. Not a chance.

Is it inherently more secure? Or are there far less people looking to attack it because, truth be told, there are far less people in the world using it compared to Windows...kind of the same thing with MAC OS.

So is it a case of being inherently more secure, or is it a case of far less attackers designing weapons against it...

If you have less weapons being aimed at you (in both sheer numbers and diversity), then of course you're going to be more secure and more EASY to secure....

What exactly makes Linux INHERENTLY more secure? Let's say the vast numbers of diverse viruses and malware that are thrown at Windows every day are suddenly directed at Linux. Written specially to attack Linux...all those hackers aiming all of their different guns at Linux instead of Windows...you're telling me it would continue to be as secure as it is today?

No way. Not a chance.
Nothing makes it more secure.

Way back when, there used to be a series of manuals from the NSA called the rainbow series. They described security processes and procedures, and, a part of that landscape included the concept of trusted computers. In turn, trusted computer systems were rated with "A" being the most secured followed by "B" and "C."

Most "out of the box" systems were "C1" or "C2" while some specialized systems, or, systems with added software obtained a "B." At one point (again, a long time ago) the only OS with an "A" was Multics (http://en.wikipedia.org/wiki/Multics).

While my knowledge and experience is dated, I doubt too much has changed.

P.S. reading the wiki page for Multics, I see it says B2 but as I recall when deeply involved with knowing that stuff, I recall it being the only "A" system on the list.

Also, see:
http://en.wikipedia.org/wiki/Trusted_Computer_System_Evaluation_Criteria

Is it inherently more secure? Or are there far less people looking to attack it because, truth be told, there are far less people in the world using it compared to Windows...kind of the same thing with MAC OS.

I would say BOTH

LINUX is more secure as an OS and also has much less attackers.

I do not want to repeat arguments that well known and documented all over the web, some related links are the following:

http://www.pcworld.com/article/202452/why_linux_is_more_secure_than_windows.html

http://www.freeyourselffrommicrosoftandthensa.org/01-how-micrsoft-became-a-branch-of-the-nsa/1-2-why-linux-is-more-secure-than-windows

http://www.datamation.com/open-source/is-desktop-linux-secure-2.html

Also, I have to add that as a linux user, I do not really care if it is inherently more secure, based on some theoretical assumptions, but what really happens in the real world, where there is no need for a linux antivirus and almost no trojans, spyware etc

Much like Unix, Linux is more secure because the kernel itself is harder to get at. Apps are still vulnerable, though. However, I think that the main reason is that hackers want to make the most noise, steal the most info, create the most damage, etc. That's why Windows is less secure -- a vast majority of people use it, hence more possible damage. If hackers wanted to get at Linux it would already be done.

The only way to be truly secure is stay off the Interwebs and write/use your own OS.

With regard to not running anti-malware software, how would you know if there's a keylogger on your Linux box if there's nothing to detect it? (A few years ago someone here posted that they don't use anti-malware on a Windows machine and wasn't worried. I would ask the same question of them.)

And the main problem with regular usage of Linux is lack of known apps. Sure there are "equivalents" but they're not mainstream programs like MS Office.

I got hit by these wonderful people. I am not sure how they got me though. It looks like a MS essentials got rid of them for now. Fortunately DropBox had almost all of my work.

Another free product:

http://www.surfright.nl/en/cryptoguard

I'm not a techie-but you guys have helped me out of a couple of computer jams over the last couple of years. I was hit with ransomware. Lost everything, and no I am too stupid to run a backup. Can something like Hitman reverse the infection or as I have been told, basically screwed unless I pay the ransom?

I copied all of my files and downloaded them to a disk. I then had the hard drive reformated and reinstalled software as needed.

Thanks for any help
Bob

Over the years I've been saved by a couple of things more than once. The first is System Restore built right into Windows, if the machine was fine a week or two ago you probably have a restore point from around that time to roll back to.

If not, if something has you in a world of trouble Malwarebytes is a great one to try (and buy if you want real-time protection moving forward). I run AVG free on most of my machines along with Malwarebytes Pro. I regularly save backups of important files to an external hard drive. Saving a windows image backup to an external hard drive is helpful too. I don't do full OS backups though except on my most critical systems.

Very good article here:

http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html

... Saving a windows image backup to an external hard drive is helpful too. I don't do full OS backups though except on my most critical systems.

How do you restore the image backup and when do you know when to do this?

Thanks.

How do you restore the image backup and when do you know when to do this?

Thanks.

If your system gets corrupted or infected to the point where no tools can "fix it", it's time to restore an image backup. An image backup is a real time saver, since it restores all your installed software and settings, saving much time from a "new o/s install", and the re-installing all the apps.

I found the built-in image backup tool in Vista premium worked pretty well, and used it a couple of times when I got viruses. I'm not sure about the various flavors of Windows 7 or 8.x, and whether a built-in tool is available, but there are aftermarket products that offer this feature.

To restore an image backup requires booting up from CD or USB while having access to your backup of the image, usually the C: drive, on another disk. You then start up the backup/restore tool, and go from there. It's usually pretty straight-forward. I've had a couple of external USB drives from Maxtor that had the software included to do this.

I agree with Delta that Linux is the way to go, and since suffering through about a half dozen bad viruses, I cut over to Linux Mint 4-5 years ago and have had zero problems. If you need to run Windows, you'd be better off running it as a virtual machine, and protecting it using snapshots at the VM level. I'm about to order a new PC, and I doubt I'll get Windows with it, though my work PC (Windows 7 Pro) does work fine, and whatever tools our desktop support folks use keeps the bad guys at bay - though of course I only browse on work-related web sites on it, except for an occasional foray to PA..... :)

How do you restore the image backup and when do you know when to do this?

Thanks.

Starting first with System Restore, in Win7 click the Start button and type system restore. If you roll back far enough it should get you out of trouble unless it's been infected for a very long time. At that point if it persists I would download the free version of Malwarebytes and run a scan.

I'm assuming you had some version of anti-virus on it already and ran a scan with that, if you don't have AV you can try a web-based online scanner from Trend Micro or one of those.

At this point if it's still not behaving normally that's when I would punt and reach for the image, in fact it could be reached for first instead of last it just depends upon whether or not you care about losing what's been installed since.

A suggestion, with every new Windows machine you buy after setting up Windows the first day when it's all clean and running smoothly it's always a good idea to have a full system image saved so you can do a bare metal restore if you need to. Save one image out of box and then another after installing your apps. After that saving one every month or two to an external hard drive is a good practice. You will need to use the OS DVD to restore a full system image, you boot to the DVD and go from there. Saving the image can be done without a DVD while Windows is running.

Hoofless has a great suggestion for using a VM, I have suggested VMs out here for a long time but I also hesitate because I know many out here don't purchase machines with good enough specs to run the VMs smoothly. Snapshotting the VM is a great way to keep it clean and roll back in seconds rather than the minutes, hours or even days to get back to a clean system. It will run slower with a snapshot though so there's some learning around all of that. Snapshots should not be left running on a production system, if you're just using the VM to surf with then I wouldn't worry about the snapshot and the performance penalty. Aside from that VMs are great and my most critical systems are all VMs right now.

Thanks to both of you with your replies. For both of my machines XP and Win8.1, I never received a CD or DVD of my Windows OS with my purchases. I don't currently have any problems but, I've always have been wondering how to restore an image once made.

Where or how did you acquire your CD or DVD?

Thanks to both of you with your replies. For both of my machines XP and Win8.1, I never received a CD or DVD of my Windows OS with my purchases. I don't currently have any problems but, I've always have been wondering how to restore an image once made.

Where or how did you acquire your CD or DVD?

If you just want to restore an image but you don't have the Windows OS disc then you can create a system repair disc, Win7's windows image backup allows you to do that but you may need a CD / DVD burner. XP didn't have image backup but again as Hoofless said there are third party utilities to do this, Acronis is a commercial disk imaging software, Clonezilla is a free one.

Typically Dell PCs will come with the Windows OS disc or increasingly a flash drive, it's a Dell OEM version which means if you ever have to do a full reinstall it will only activate on the Dell, you wont be able to for instance pop the Dell disc into an HP, install it, and have windows automatically activate. A full retail disc with a full retail key will activate on anything once, and it can be moved over to a newer machine later if necessary.

Frankly the best thing to do when you get a new PC these days is to wipe it clean and do a fresh install of Windows using a full Retail OS cd (not oem). You can buy full retail discs at decent prices on ebay (http://www.ebay.com/bhp/windows-7-full-retail) if you don't like ebay I have also purchased a few times from Royal Discount.

It takes some hours of work to do a clean install, you'll probably have to first go to your PC manufacturers web site and download all of your PCs device drivers for that OS because the Windows disc won't have all of the drivers in-box. The good thing about it though, (clean install, and by clean I mean delete the disk partitions first) is you end up with a smooth running PC instead of Dell or Lenovo's sometimes poorly-coded crapware programs pre-installed on there.

I never received a CD or DVD of my Windows OS with my purchases.
A number of manufacturers put the backup 'disk' in a special partition on the installed disk. Check your manuals to see if this is the case for your machines. If this is the case there should be a recovery scenario outlined there. Some also had a utility to use that hidden data to create your own O/S backup CD or DVD.

When I ordered my last PC (now 8+ years ago) from Dell, I made sure to get the o/s DVD with it. Although the laptop I had ordered from Dell did have a compressed image partition for restoring the system to the initial "new" release, it still contained all the bloat-load apps.

The first thing I did was exactly what MJC described - I wiped the system clean, and then re-installed Windows Vista (Ultimate), then tested the system image backup (complete PC backup) and restore. Then I installed Linux and ran dual bootable for years, before reverting to single Linux image and VMs.

Windows XP didn't have a system image backup capability, but did have a decent backup program (developed originally by Veritas) which at one time could be used for bare metal restores. Since XP is on the way out, I wouldn't spend much time with it as boot up O/S on a machine - and would only run it under a VM.

Windows 8.1 appears to have some sort of image backup capability. In theory, you should be able to plug in a USB drive that has enough storage to back up at least the C: drive, and you'd be protected:

http://windows.microsoft.com/en-us/windows-8/what-happened-to-backup-restore

There are other steps you can take to provide a safer PC experience. There are browser tweaks to increase security (I picked up one virus just from clicking on a banner ad accidently on a legit site - but got nailed 'cause I had UAC disabled), or you can log in and run under a non-admin account. I tried that with Vista, but found it very cumbersome. Linux runs as a non-root user, and sudo is much easier to use than trying to fiddle with Windows security.

The bottom line is that security is still a big problem, and even running with the latest patches doesn't guarantee immunity. Not only will my next PC have some more horsepower, but I'll be redeploying my current hardware with NO INTERNET connection, so I have at least one system I don't have to worry about.....

Again, thanks for all of your replies. The described processes is a little (actually way) over my head. If I have a problem, I'll probably opt to just buy another machine.

Again, thanks for all of your replies. The described processes is a little (actually way) over my head. If I have a problem, I'll probably opt to just buy another machine.

Well, then you're falling into the vendor's designed "trap". :) And, as one who makes a living consulting on backup/recovery and disaster recovery, I won't try to talk you out that approach.

Actually, it's not too difficult to do a system backup and restore, but it's best to test it on a new system, when you don't have any critical data to lose on it (yet). Even if you don't opt for a more complex tool, you should at least copy all the folders containing critical data to a USB drive on a regular basis. Or, hook up with a cloud app and store your data there. I keep a handful of files out on Microsoft's One Drive.

And, like Delta pointed out, Linux is also easy to install and use, and for the casual PC user (email, web browsing, watching Youtube, etc.) it's great and more secure. It's the user of more complex applications (desktop publishing, financial apps, commercial horse racing products) that has to steer back to Windows or a MAC, which supports more "user friendly" applications like these.

Again, thanks for all of your replies. The described processes is a little (actually way) over my head. If I have a problem, I'll probably opt to just buy another machine.

No problem. Yeah I understand where you're coming from. Disk Imaging kind of takes it to another level and not everyone wants to go to that level. Virtual machines for most people would be yet another level too. I'd suggest 'System Restore' for an entry-level 'recovery' of Windows, that's about as user-friendly as it's going to get.

MS has built some other newer recovery options into the OS as of Windows 8, I think there's a Refresh option or something, I haven't used it before though so I can't comment but it might be worth a look. The thing about 'System Restore' which can be nice is for example if you store all of your documents and spreadsheets in your 'My Documents' folder then a system restore operation doesn't delete those files, restoring a full system image would wipe it out.

Having no backup strategy at all is bad though. Hoofless again gives great advice. People should minimally buy an external USB drive and copy important files off to it regularly. When I'm working on important spreadsheets, adding code to them or whatever I'm actually saving copies off it off to the external drive several times per day.

I've used system restore several times. And, having lost data with previous machines because once I even had a short (smoke and everything) I now backup my data on USB drives (yes plural). My new machine has very little data stored on it, just software and I think the HD has 640 gigs plus OneDrive.

.... Hoofless again gives great advice.

I don't hear that from my customers very often..... :)

One of the tools I support which hasn't proven very popular is a "auto-backup" package. As you save a file, it copies it out to an external USB drive, a file share, or a TSM server (IBM's backup application for open systems). I use it on my laptop in my home office, and leave the USB drive at home when I travel. Should my laptop get stolen or corrupted, it's an easy process to replace all the data, though I'd still have some work restoring/installing applications first. I believe there are a number of consumer apps that can do this, and I've seen NAS file shares with backup tools that can do it as well.

WhoDoYouLike, if you have 640 GB on your hard drive, that's about 600 GB of data. Not a ton, but it's good you have it backed up.

I try to run my personal desktop lean enough so I don't have to worry about an image backup. With Linux, this is pretty easy, as re-installing the O/S and reloading a few extra packages is very quick. With Windows, it's a bit more cumbersome to re-install the o/s, apply all the patches, install and reconfigure apps - partly because the NTFS file system is so much slower than ext. So it doesn't take too many apps on Windows before it's worth looking into how to do an image backup. I'm completely weaned off Windows apps myself except for tax prep software, which I install briefly on my work laptop and then remove. But for those who run Windows for more than a few apps, a quick and easy backup/restore method is a must.....as it's not IF you'll get infected/corrupted, it's just when and how badly.....