Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Crypto Locker Virus Takes Over Windows PCs With 'Ransomware'
The Inquisitor ^ | 27 October 2013 | James Kosur

Posted on 10/27/2013 10:48:13 AM PDT by Windflier

The Crypto Locker virus is a new piece of “ransomware” that is said to be one of the worst viruses to ever infect Windows PCs. The virus takes over a computers files, encrypts them, and then holds the files ransom until a user pays to have them freed by clearing out the virus.

The Crypto Locker virus is sent to users through emails that have innocent enough looking senders, such as UPS or FedEx. Once the file is installed a display pops up demanding upwards of $100 to restore a users important files. In same cases users have stated that Crypto Locker has demanded two to four bitcoins, or the equivalent of approximately $700 to $800.

Technology expert Anthony Mongeluzo tells Mountain News:

“Ransomware causes your computer files to be non-accessible and when that happens you have two choices. You can recover if you have a backup which I hope you do or pay the ransom within 100 hours. If you do not pay the ransom you lose all of your data.”

The program disguises itself as a JPEG, PDF, or other Microsoft Office file.

To recover files users are given a strict time-frame of 100 hours. Users who have actually paid the fee have reported receiving their files back in a 3-4 hour time period. Crypto Locker after payment is made states that all files will be returned after payment is verified. Regular credit cards (which are subject to chargebacks) can not be used. If you don’t have Bitcoins you can purchase a Green Dot MoneyPak to make the purchase.

Windows PC users are being encouraged to back up all of their important files at all times. Once infected brute force hacking your files back is not really something to be considered as the files are RSA-encrypted with strong backup technology.

If you want to prevent Crypto Locker from being installed there is a handy tool by FoolishIT LLC that creates software restriction policies on your Windows PC. The tool is free, easy to install and a necessity for users with thousands of files to protect.


TOPICS:
KEYWORDS: computers; cryptolocker; virus
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-73 next last
To: Windflier
The Crypto Locker virus is sent to users through emails that have innocent enough looking senders, such as UPS or FedEx...The program disguises itself as a JPEG, PDF, or other Microsoft Office file.

Part of this problem is the absolutely ridiculous option in Windows of hiding file extensions, an option which used to be the default (don't know how Win7 or Win8 handles it). So, instead of seeing the email attachment as imgoingtoscrewyou.pdf.exe, the user just sees imgoingtoscrewyou.pdf and thinks "What harm can a PDF file do?"
21 posted on 10/27/2013 11:11:02 AM PDT by fr_freak
[ Post Reply | Private Reply | To 1 | View Replies]

To: fr_freak

I never understood why Microsoft did that?


22 posted on 10/27/2013 11:11:48 AM PDT by dfwgator
[ Post Reply | Private Reply | To 21 | View Replies]

To: Windflier

Looks like some sort of change in the registry under policy settings. It would be fairly trivial for the virus writer to change the policy back before doing their dirty deed. Whether that makes sense for them depends on how many people use this form of “protection”. Remember Windows is “protected” to begin with but that doesn’t stop virus writers or even slow them down much.


23 posted on 10/27/2013 11:13:19 AM PDT by palmer (Obama = Carter + affirmative action)
[ Post Reply | Private Reply | To 15 | View Replies]

To: Windflier

I don’t see anything about its incubation period.

Does it infect the files, then immediately start demanding ransom? Or does it infect the files, and then wait a few weeks so that your current backups will be infected, as well?

If there’s no incubation period, I can’t see how this is any worse than a HD failure - just restore from backup and carry on.

(If you don’t have automated backups running at least daily, I’m sorry, but you truly are too stupid to be running a computer.)


24 posted on 10/27/2013 11:15:09 AM PDT by jdege
[ Post Reply | Private Reply | To 1 | View Replies]

To: Windflier

Since it is “new”, ( I remember the big bruhaha about an FNI screen popping up freezing your computer, earlier this year), it seems as though this is something that will always follow a new Windows release, i.e., sys7 or sys8. Also, as long as folks use Internet Explorer, this might be able to slip in.

I use Waterfox, a Mozilla derivative, and Microsoft Essentials. I got rid of Microsoft Office, since I am a retired journalist, (no matter what or how Washington wishes to define it).


25 posted on 10/27/2013 11:20:33 AM PDT by Terry L Smith
[ Post Reply | Private Reply | To 1 | View Replies]

To: Windflier
Once infected brute force hacking your files back is not really something to be considered as the files are RSA-encrypted with strong backup technology.

Better call Saul the NSA!

(But as it seems (per the article) to propagate through email attachments, I'm not really worried. The 'threat' is only to those who cannot discriminate bogus emails. Email scams have been around for a looong time.)

26 posted on 10/27/2013 11:22:23 AM PDT by Moltke (Sapere aude!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: discostu
Others have solutions out there too, others that don’t smell funny.

Well, instead of arguing about 'smell tests' how 'bout posting the links to these other solutions you've found?

We're all trying to help our fellow Freepers here.

27 posted on 10/27/2013 11:24:41 AM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 14 | View Replies]

To: Windflier

You’re right. He says he’s appealing the warning to McAfee. I went to the site and downloaded his software. Thanks for letting me know.


28 posted on 10/27/2013 11:25:27 AM PDT by COBOL2Java (I'm a Christian, pro-life, pro-gun, Reaganite. The GOP hates me. Why should I vote for them?)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Windflier
CryptoPrevent is a tiny utility to lock down any Windows OS to prevent infection by the Cryptolocker malware or ‘ransomware’, which encrypts personal files and then offers decryption for a paid ransom.
29 posted on 10/27/2013 11:26:40 AM PDT by E. Pluribus Unum (Who knew that one day professional wrestling would be less fake than professional journalism?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Windflier

Sure sounds like the basic plot premise of Neal Stephenson’s “Reamde”.

Life imitating art?


30 posted on 10/27/2013 11:28:02 AM PDT by Covenantor ("Men are ruled...by liars who refuse them news, and by fools who cannot govern." Chesterton)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigbob
Looking at the Crypto-Protect guy’s site, he seems to be having difficulty staying ahead of them.

I read that thread. It looks more like he's cleaning up some things that he overlooked in his earlier versions. I haven't seen any evidence that the CryptoLocker criminals have changed their virus.

31 posted on 10/27/2013 11:28:22 AM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 17 | View Replies]

To: Windflier

You already linked to a thread with a bunch of them.


32 posted on 10/27/2013 11:29:35 AM PDT by discostu (This is Jack Burton in the Pork Chop Express, and I'm talkin' to whoever's listenin' out there.)
[ Post Reply | Private Reply | To 27 | View Replies]

To: jdege
I don’t see anything about its incubation period. Does it infect the files, then immediately start demanding ransom?

Yes. It also starts a 100 hour countdown clock at the same time. If the infected user hasn't paid up by the time the clock elapses, the key is thrown away and the files are essentially lost forever.

33 posted on 10/27/2013 11:31:22 AM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 24 | View Replies]

To: Windflier

The thing I cannot understand is why these people are not in jail.

They ransom computers-—ectortion.

You send them money, how hard could it be for the FBI with all its, super powers to find where the money goes and bust this bunch?


34 posted on 10/27/2013 11:32:16 AM PDT by Venturer (Keep Obama and you aint seen nothing yet.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: fr_freak; dfwgator

At least the ‘hide file extension’ function is one of the easiest to undo. In fact, one of the settings I’ve always changed after installing a Windows OS.


35 posted on 10/27/2013 11:34:02 AM PDT by Moltke (Sapere aude!)
[ Post Reply | Private Reply | To 21 | View Replies]

To: Windflier

These people should be skinned alive


36 posted on 10/27/2013 11:34:16 AM PDT by ZULU (Impeach that Bastard Barrack Hussein Obama)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Moltke
as it seems (per the article) to propagate through email attachments, I'm not really worried.

Most of us have been doing email long enough to be able to distinguish between phony phishing emails and the real thing, but I read in an article (linked in the other thread) that this thing is also propagating through clickable elements on websites.

That significantly raises the threat level, if true.

37 posted on 10/27/2013 11:35:20 AM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 26 | View Replies]

To: E. Pluribus Unum
CryptoPrevent is a tiny utility to lock down any Windows OS to prevent infection by the Cryptolocker malware or ‘ransomware’

Thanks. The link to that tool is embedded in the article above.

38 posted on 10/27/2013 11:37:40 AM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 29 | View Replies]

To: Mears

bfl


39 posted on 10/27/2013 11:37:41 AM PDT by Mears (Liberalism is the art of being easily offended.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: discostu
You already linked to a thread with a bunch of them.

The link I provided points to just one CryptoLocker blocking tool. You said you knew of other solutions. It'd be helpful if you shared them.

40 posted on 10/27/2013 11:39:41 AM PDT by Windflier (To anger a conservative, tell him a lie. To anger a liberal, tell him the truth.)
[ Post Reply | Private Reply | To 32 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-73 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson