Posted on 10/27/2013 10:48:13 AM PDT by Windflier
The Crypto Locker virus is a new piece of “ransomware” that is said to be one of the worst viruses to ever infect Windows PCs. The virus takes over a computers files, encrypts them, and then holds the files ransom until a user pays to have them freed by clearing out the virus.
The Crypto Locker virus is sent to users through emails that have innocent enough looking senders, such as UPS or FedEx. Once the file is installed a display pops up demanding upwards of $100 to restore a users important files. In same cases users have stated that Crypto Locker has demanded two to four bitcoins, or the equivalent of approximately $700 to $800.
Technology expert Anthony Mongeluzo tells Mountain News:
“Ransomware causes your computer files to be non-accessible and when that happens you have two choices. You can recover if you have a backup which I hope you do or pay the ransom within 100 hours. If you do not pay the ransom you lose all of your data.”
The program disguises itself as a JPEG, PDF, or other Microsoft Office file.
To recover files users are given a strict time-frame of 100 hours. Users who have actually paid the fee have reported receiving their files back in a 3-4 hour time period. Crypto Locker after payment is made states that all files will be returned after payment is verified. Regular credit cards (which are subject to chargebacks) can not be used. If you don’t have Bitcoins you can purchase a Green Dot MoneyPak to make the purchase.
Windows PC users are being encouraged to back up all of their important files at all times. Once infected brute force hacking your files back is not really something to be considered as the files are RSA-encrypted with strong backup technology.
If you want to prevent Crypto Locker from being installed there is a handy tool by FoolishIT LLC that creates software restriction policies on your Windows PC. The tool is free, easy to install and a necessity for users with thousands of files to protect.
I'm posting this news from a second source so more Freepers become informed about this active threat to their computers and files.
I think there have been two.
One suggested a change to your files, encrypt them yourself first.
Another suggested something called Crypto-Protect
I wonder if you have Dropbox, and this thing encrypts the files in your local Dropbox folder, if then Dropbox is going to sync up those encrypted files on all your devices.....if so, OUCH!!!!
Anybody that downloads software from foolishit.com is probably gonna regret it.
Thanks. I did a search on the keyword, 'cryptolocker' and only found the one thread.
McAfee.com’s Internet Security program puts a big red flag against going to the www.foolishit.com website.
I've looked over the site, and it looks completely legit. The site's being linked to lots of articles about this virus, as they seem to be the only ones who've put together a defensive tool to block it.
The author of the blocking tool has been tweaking and updating it throughout the last couple of days.
Seems like this is just a LIPCU tax. I will be the first in this thread to say I just upgraded to Mavericks for free, and apart from some heavy reindexing CPU usage I am very pleased with the performance. As for security, I don’t dwell on that very much.
with a name like that, I’d be suspicious too
That will make it at least a little more likely that the virus writers will write a workaround for this "protection".
McAfee seems to throw out a lot of false warnings. People with other virus protection programs are reporting no such warnings about this site.
I use MS Security Essentials with Firefox and didn't see any warning.
The thing is, it doesn’t matter if you remove the program...once it runs the damage is done.
And in fact, if you do want to recover your files, you are going to need the program to do it.
This is nasty.
Given that most viruses come by being overly trusting I always go by the sniff test, and no matter how you slice their name, either their “preferred” Foolish IT or the website that kind of sounds a lot like “full of crap” they don’t pass my sniff test. Others have solutions out there too, others that don’t smell funny.
The FoolishIT protection tool installs a set of commands that disallow any encryption of your files. Not sure what sort of workaround you could come up with the get around that.
It's also possible to do it manually. See here:
Nasty yes, but spread trough a very banal phishing attack (not spear phishing).
Looking at the Crypto-Protect guy’s site, he seems to be having difficulty staying ahead of them...
In a company that uses shared network drives, it only takes one.
I can believe it. I guess he needs the assistance of one of those bigger AV companies
So did I. There are some changes for sure, but I am happy with it.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.