Posted on 10/27/2013 10:48:13 AM PDT by Windflier
The Crypto Locker virus is a new piece of “ransomware” that is said to be one of the worst viruses to ever infect Windows PCs. The virus takes over a computers files, encrypts them, and then holds the files ransom until a user pays to have them freed by clearing out the virus.
The Crypto Locker virus is sent to users through emails that have innocent enough looking senders, such as UPS or FedEx. Once the file is installed a display pops up demanding upwards of $100 to restore a users important files. In same cases users have stated that Crypto Locker has demanded two to four bitcoins, or the equivalent of approximately $700 to $800.
Technology expert Anthony Mongeluzo tells Mountain News:
“Ransomware causes your computer files to be non-accessible and when that happens you have two choices. You can recover if you have a backup which I hope you do or pay the ransom within 100 hours. If you do not pay the ransom you lose all of your data.”
The program disguises itself as a JPEG, PDF, or other Microsoft Office file.
To recover files users are given a strict time-frame of 100 hours. Users who have actually paid the fee have reported receiving their files back in a 3-4 hour time period. Crypto Locker after payment is made states that all files will be returned after payment is verified. Regular credit cards (which are subject to chargebacks) can not be used. If you don’t have Bitcoins you can purchase a Green Dot MoneyPak to make the purchase.
Windows PC users are being encouraged to back up all of their important files at all times. Once infected brute force hacking your files back is not really something to be considered as the files are RSA-encrypted with strong backup technology.
If you want to prevent Crypto Locker from being installed there is a handy tool by FoolishIT LLC that creates software restriction policies on your Windows PC. The tool is free, easy to install and a necessity for users with thousands of files to protect.
I never understood why Microsoft did that?
Looks like some sort of change in the registry under policy settings. It would be fairly trivial for the virus writer to change the policy back before doing their dirty deed. Whether that makes sense for them depends on how many people use this form of “protection”. Remember Windows is “protected” to begin with but that doesn’t stop virus writers or even slow them down much.
I don’t see anything about its incubation period.
Does it infect the files, then immediately start demanding ransom? Or does it infect the files, and then wait a few weeks so that your current backups will be infected, as well?
If there’s no incubation period, I can’t see how this is any worse than a HD failure - just restore from backup and carry on.
(If you don’t have automated backups running at least daily, I’m sorry, but you truly are too stupid to be running a computer.)
Since it is “new”, ( I remember the big bruhaha about an FNI screen popping up freezing your computer, earlier this year), it seems as though this is something that will always follow a new Windows release, i.e., sys7 or sys8. Also, as long as folks use Internet Explorer, this might be able to slip in.
I use Waterfox, a Mozilla derivative, and Microsoft Essentials. I got rid of Microsoft Office, since I am a retired journalist, (no matter what or how Washington wishes to define it).
Better call Saul the NSA!
(But as it seems (per the article) to propagate through email attachments, I'm not really worried. The 'threat' is only to those who cannot discriminate bogus emails. Email scams have been around for a looong time.)
Well, instead of arguing about 'smell tests' how 'bout posting the links to these other solutions you've found?
We're all trying to help our fellow Freepers here.
You’re right. He says he’s appealing the warning to McAfee. I went to the site and downloaded his software. Thanks for letting me know.
Sure sounds like the basic plot premise of Neal Stephenson’s “Reamde”.
Life imitating art?
I read that thread. It looks more like he's cleaning up some things that he overlooked in his earlier versions. I haven't seen any evidence that the CryptoLocker criminals have changed their virus.
You already linked to a thread with a bunch of them.
Yes. It also starts a 100 hour countdown clock at the same time. If the infected user hasn't paid up by the time the clock elapses, the key is thrown away and the files are essentially lost forever.
The thing I cannot understand is why these people are not in jail.
They ransom computers-—ectortion.
You send them money, how hard could it be for the FBI with all its, super powers to find where the money goes and bust this bunch?
At least the ‘hide file extension’ function is one of the easiest to undo. In fact, one of the settings I’ve always changed after installing a Windows OS.
These people should be skinned alive
Most of us have been doing email long enough to be able to distinguish between phony phishing emails and the real thing, but I read in an article (linked in the other thread) that this thing is also propagating through clickable elements on websites.
That significantly raises the threat level, if true.
Thanks. The link to that tool is embedded in the article above.
bfl
The link I provided points to just one CryptoLocker blocking tool. You said you knew of other solutions. It'd be helpful if you shared them.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.