Crypto Locker Virus Takes Over Windows PCs With 'Ransomware'

The Inquisitor ^ | 27 October 2013 | James Kosur

[fr_freak]

The Crypto Locker virus is sent to users through emails that have innocent enough looking senders, such as UPS or FedEx...The program disguises itself as a JPEG, PDF, or other Microsoft Office file.

Part of this problem is the absolutely ridiculous option in Windows of hiding file extensions, an option which used to be the default (don't know how Win7 or Win8 handles it). So, instead of seeing the email attachment as imgoingtoscrewyou.pdf.exe, the user just sees imgoingtoscrewyou.pdf and thinks "What harm can a PDF file do?"

[dfwgator]

I never understood why Microsoft did that?

[palmer]

Looks like some sort of change in the registry under policy settings. It would be fairly trivial for the virus writer to change the policy back before doing their dirty deed. Whether that makes sense for them depends on how many people use this form of “protection”. Remember Windows is “protected” to begin with but that doesn’t stop virus writers or even slow them down much.

[jdege]

I don’t see anything about its incubation period.

Does it infect the files, then immediately start demanding ransom? Or does it infect the files, and then wait a few weeks so that your current backups will be infected, as well?

If there’s no incubation period, I can’t see how this is any worse than a HD failure - just restore from backup and carry on.

(If you don’t have automated backups running at least daily, I’m sorry, but you truly are too stupid to be running a computer.)

[Terry L Smith]

Since it is “new”, ( I remember the big bruhaha about an FNI screen popping up freezing your computer, earlier this year), it seems as though this is something that will always follow a new Windows release, i.e., sys7 or sys8. Also, as long as folks use Internet Explorer, this might be able to slip in.

I use Waterfox, a Mozilla derivative, and Microsoft Essentials. I got rid of Microsoft Office, since I am a retired journalist, (no matter what or how Washington wishes to define it).

[Moltke]

Once infected brute force hacking your files back is not really something to be considered as the files are RSA-encrypted with strong backup technology.

Better call Saul the NSA!

(But as it seems (per the article) to propagate through email attachments, I'm not really worried. The 'threat' is only to those who cannot discriminate bogus emails. Email scams have been around for a looong time.)

[Windflier]

Others have solutions out there too, others that don’t smell funny.

Well, instead of arguing about 'smell tests' how 'bout posting the links to these other solutions you've found?

We're all trying to help our fellow Freepers here.

[COBOL2Java]

You’re right. He says he’s appealing the warning to McAfee. I went to the site and downloaded his software. Thanks for letting me know.

[E. Pluribus Unum]

CryptoPrevent is a tiny utility to lock down any Windows OS to prevent infection by the Cryptolocker malware or ‘ransomware’, which encrypts personal files and then offers decryption for a paid ransom.

[Covenantor]

Sure sounds like the basic plot premise of Neal Stephenson’s “Reamde”.

Life imitating art?

[Windflier]

Looking at the Crypto-Protect guy’s site, he seems to be having difficulty staying ahead of them.

I read that thread. It looks more like he's cleaning up some things that he overlooked in his earlier versions. I haven't seen any evidence that the CryptoLocker criminals have changed their virus.

[discostu]

You already linked to a thread with a bunch of them.

[Windflier]

I don’t see anything about its incubation period. Does it infect the files, then immediately start demanding ransom?

Yes. It also starts a 100 hour countdown clock at the same time. If the infected user hasn't paid up by the time the clock elapses, the key is thrown away and the files are essentially lost forever.

[Venturer]

The thing I cannot understand is why these people are not in jail.

They ransom computers-—ectortion.

You send them money, how hard could it be for the FBI with all its, super powers to find where the money goes and bust this bunch?

[Moltke]

At least the ‘hide file extension’ function is one of the easiest to undo. In fact, one of the settings I’ve always changed after installing a Windows OS.

[ZULU]

These people should be skinned alive

[Windflier]

as it seems (per the article) to propagate through email attachments, I'm not really worried.

Most of us have been doing email long enough to be able to distinguish between phony phishing emails and the real thing, but I read in an article (linked in the other thread) that this thing is also propagating through clickable elements on websites.

That significantly raises the threat level, if true.

[Windflier]

CryptoPrevent is a tiny utility to lock down any Windows OS to prevent infection by the Cryptolocker malware or ‘ransomware’

Thanks. The link to that tool is embedded in the article above.

[Mears]

bfl

[Windflier]

You already linked to a thread with a bunch of them.

The link I provided points to just one CryptoLocker blocking tool. You said you knew of other solutions. It'd be helpful if you shared them.