 |
|
07-24-2014, 08:18 AM
|
#1
|
|
Screw PC
Join Date: Jun 2003
Posts: 15,728
|
New ransomware -- $3K price tag
http://blogs.computerworld.com/malwa...r-spotted-wild
Quote:
When did you last backup your data? Let that serve as a reminder to do so since a new ransomware, touted as a more powerful version of Cryptolocker, has been spotted in the wild. It uses the Tor network to anonymize its communication with the command and control server; that’s a relatively new twist for ransomware as it is more commonly seen with “banking Trojans.”
The new-and-improved ransomware has been selling as a “turnkey” system for $3,000 on Deep Web underground forums since mid-June; it’s currently available in English and Russian, making countries that use those languages the prime targets for attackers. Cybercrooks call the crypto-malware CTB-Locker (Curve-Tor-Bitcoin Locker); Microsoft identifies it as Critoni.A.
|
Find these guys, line them against the wall then shoot them.
__________________
Truth sounds like hate to those who hate truth.
Last edited by DJofSD; 07-24-2014 at 08:20 AM.
|
|
|
|
07-24-2014, 09:19 AM
|
#2
|
|
Registered User
Join Date: Feb 2013
Location: Central New Jersey
Posts: 1,467
|
Quote:
|
Originally Posted by DJofSD
|
Thanks for the heads up. Time for another backup. And yes, shoot them summarily.
|
|
|
|
|
07-24-2014, 09:25 AM
|
#3
|
|
Screw PC
Join Date: Jun 2003
Posts: 15,728
|
I run Windows Home Server and don't think too much about backups. But it is not a perfect solution. I will usually burn a DVD with copies of folders containing racing data and program source code but I realized it has been too long since I've done that. Time to take another snap shot.
__________________
Truth sounds like hate to those who hate truth.
|
|
|
|
|
07-24-2014, 09:36 AM
|
#4
|
|
Registered User
Join Date: Feb 2013
Location: Central New Jersey
Posts: 1,467
|
Quote:
|
Originally Posted by DJofSD
I run Windows Home Server and don't think too much about backups. But it is not a perfect solution. I will usually burn a DVD with copies of folders containing racing data and program source code but I realized it has been too long since I've done that. Time to take another snap shot.
|
Haha, that's all I ever need to back up is my horse racing files. I use a Passport external drive and then burn a DVD of it every now and then.
Let's hope Microsoft's (or other company's) engineers figure out something quick. These bad guys are getting smarter and craftier than the engineers. Possibly some rogue engineers trying to make a little more money. I read somewhere that even some rogue governments may be behind these ransomware acts.
|
|
|
|
|
07-24-2014, 11:35 AM
|
#5
|
Join Date: Mar 2001
Location: Reno, NV
Posts: 16,908
|
Just curious... If you are infected, can the drive be read externally by another computer if removed?
|
|
|
|
07-24-2014, 11:38 AM
|
#6
|
|
Screw PC
Join Date: Jun 2003
Posts: 15,728
|
Dave, strictly a guess: yes, however, the files are encrypted.
Given enough time, resources and powerful enough computers, ya, you could decrypt it.
__________________
Truth sounds like hate to those who hate truth.
|
|
|
|
|
07-24-2014, 11:54 AM
|
#7
|
|
PA Steward
Join Date: Mar 2001
Location: Del Boca Vista
Posts: 88,533
|
How exactly does one become infected with this? I am pretty clueless when it comes to this Tor thing...this whole so called "dark web."
Any insight from anyone?
|
|
|
|
|
07-24-2014, 11:59 AM
|
#8
|
|
Screw PC
Join Date: Jun 2003
Posts: 15,728
|
I believe it is via the usual means -- clicking on an email attachment or some other nefarious means of getting the encrypting app installed on the victims computer.
From the last time: http://en.wikipedia.org/wiki/CryptoLocker
__________________
Truth sounds like hate to those who hate truth.
|
|
|
|
|
07-24-2014, 12:24 PM
|
#9
|
|
Registered User
Join Date: Feb 2013
Location: Central New Jersey
Posts: 1,467
|
Quote:
|
Originally Posted by DJofSD
I believe it is via the usual means -- clicking on an email attachment or some other nefarious means of getting the encrypting app installed on the victims computer.
From the last time: http://en.wikipedia.org/wiki/CryptoLocker |
I have gotten it 4 or 5 times from nefarious sites.  I had the FBI ransomware version of this malware many times also. Each time, I simply changed User Accounts on the fly and then ran Malwarebytes to remove the infection. The files were never encrypted. (maybe a weaker, but just as scary version?).
However, after I used a small nifty app I found called CryptoPrevent on FoolishIT.com, I never got the virus again. The app lets you also do a test to see if the 'fix' worked. Make sure you keep the free signatures updated. Here's a direct link to the site.
http://www.foolishit.com/vb6-projects/cryptoprevent/
|
|
|
|
|
07-24-2014, 12:46 PM
|
#10
|
|
Screw PC
Join Date: Jun 2003
Posts: 15,728
|
Quote:
|
Originally Posted by Longshot6977
I have gotten it 4 or 5 times from nefarious sites. I had the FBI ransomware version of this malware many times also. Each time, I simply changed User Accounts on the fly and then ran Malwarebytes to remove the infection. The files were never encrypted. (maybe a weaker, but just as scary version?).
However, after I used a small nifty app I found called CryptoPrevent on FoolishIT.com, I never got the virus again. The app lets you also do a test to see if the 'fix' worked. Make sure you keep the free signatures updated. Here's a direct link to the site.
http://www.foolishit.com/vb6-projects/cryptoprevent/ |
Looks good.
I must say, the author did a very good job writing the descriptions and documentation. I think every question that came to mind while reading a number of pages were answered. Heck, he even revealed the details of what appears in the event log -- two thumbs up in my book.
__________________
Truth sounds like hate to those who hate truth.
|
|
|
|
|
07-24-2014, 12:59 PM
|
#11
|
|
Registered user
Join Date: Oct 2008
Location: FALIRIKON DELTA
Posts: 4,439
|
All my data is backed up on the clowd and github....it works perfectly...
__________________
whereof one cannot speak thereof one must be silent
Ludwig Wittgenstein
|
|
|
|
|
07-25-2014, 03:36 PM
|
#13
|
|
Screw PC
Join Date: Jun 2003
Posts: 15,728
|
Quote:
|
Originally Posted by Dave Schwartz
Just curious... If you are infected, can the drive be read externally by another computer if removed?
|
More details about the new malware: https://securelist.com/analysis/publ...of-ransomware/
It's been taken to a whole different level. Again, in theory, it could be undone but now with the compression, encryption in multiple steps it becomes nearly impossible to undo. The universe would likely expire before a brute force method would succeed.
__________________
Truth sounds like hate to those who hate truth.
|
|
|
|
|
07-26-2014, 10:05 AM
|
#14
|
|
Registered user
Join Date: Oct 2008
Location: FALIRIKON DELTA
Posts: 4,439
|
Quote:
|
Originally Posted by Longshot6977
|
Hmm..
Reading this articles I can see the word MICROSOFT all over the place... LINUX does not seem to have any of these problems and this is one of the (many) reasons of why you should start using it.
__________________
whereof one cannot speak thereof one must be silent
Ludwig Wittgenstein
|
|
|
|
|
07-26-2014, 10:11 AM
|
#15
|
|
Screw PC
Join Date: Jun 2003
Posts: 15,728
|
Quote:
|
Originally Posted by DeltaLover
Hmm..
Reading this articles I can see the word MICROSOFT all over the place... LINUX does not seem to have any of these problems and this is one of the (many) reasons of why you should start using it.
|
Really?
This guy seems to not be so sure: https://www.cdc.informatik.tu-darmst...ner.diplom.pdf
Basically, you pick your poison then take your chances.
__________________
Truth sounds like hate to those who hate truth.
|
|
|
|
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
|
|
