Posted on 10/27/2013 10:48:13 AM PDT by Windflier
The Crypto Locker virus is a new piece of “ransomware” that is said to be one of the worst viruses to ever infect Windows PCs. The virus takes over a computers files, encrypts them, and then holds the files ransom until a user pays to have them freed by clearing out the virus.
The Crypto Locker virus is sent to users through emails that have innocent enough looking senders, such as UPS or FedEx. Once the file is installed a display pops up demanding upwards of $100 to restore a users important files. In same cases users have stated that Crypto Locker has demanded two to four bitcoins, or the equivalent of approximately $700 to $800.
Technology expert Anthony Mongeluzo tells Mountain News:
“Ransomware causes your computer files to be non-accessible and when that happens you have two choices. You can recover if you have a backup which I hope you do or pay the ransom within 100 hours. If you do not pay the ransom you lose all of your data.”
The program disguises itself as a JPEG, PDF, or other Microsoft Office file.
To recover files users are given a strict time-frame of 100 hours. Users who have actually paid the fee have reported receiving their files back in a 3-4 hour time period. Crypto Locker after payment is made states that all files will be returned after payment is verified. Regular credit cards (which are subject to chargebacks) can not be used. If you don’t have Bitcoins you can purchase a Green Dot MoneyPak to make the purchase.
Windows PC users are being encouraged to back up all of their important files at all times. Once infected brute force hacking your files back is not really something to be considered as the files are RSA-encrypted with strong backup technology.
If you want to prevent Crypto Locker from being installed there is a handy tool by FoolishIT LLC that creates software restriction policies on your Windows PC. The tool is free, easy to install and a necessity for users with thousands of files to protect.
That thread also has instructions for a Windows setting that will stop it outright, and a few other things. That’s where all my other solutions came from.
Protecting the American people isn't part of Emperor Obama's mission directives to his spy agencies.
Now get back to work, prole. Someone's got to feed the 47%.
Slowly. In public. Tied over fire ant mounds.
Are the instructions to do that something you can quickly type out for those of us who don't know how?
You should already be backing up your important files especially your digital photos anyway. External hard drives are cheap and there are cloud storage sites that will provide a limited amount of storage for free. To be really safe I back up my photo files on flash drives and store them in my bank safety deposit box.
I’m bookmarking this. I’m not that computer savvy but this sounds like something that should be done.
That's true, but life is messy, and not everyone backs up their files when they should. Criminals, such as those who launched this menace, are exploiting that human shortcoming.
They ought to be hung by the neck til dead for committing this crime.
Glad I could help, friend. That’s the whole idea of this thread.
There's this from Malwarebytes...
A pet peeve of mine - *No* windows box leaves my bench with extensions hidden, ever.
WinXP-Win7 (32/64bit)
Control Panel => Folder Options [Tab='View'] - Remove the check from 'Hide extensions for known file types'. Apply/OK.
Any operating system that is so full of holes that this can happen, is nothing but junk.
Malwarebytes just picked up 3 files which got past Kaspersky.
Thanks for the link, NC.
Per the article, only paid users of Malwarebytes Pro versions have protection against their computers being infected by this virus. Free users have no protection, and will lose their files (or be forced to pay the ransom) if they're infected.
Here's an interesting tidbit about infection vectors from a link in the article:
CryptoLocker currently has the following infection vectors:1. This infection was originally spread sent to company email addresses that pretend to be customer support related issues from Fedex, UPS, DHS, etc. These emails would contain an attachment that when opened would infect the computer.
2. Currently dropped by Zbot infections disguised as PDF attachments
3. Via exploit kits located on hacked web sites that exploit vulnerabilities on your computer to install the infection.
4. Through Trojans that pretend to be programs required to view online videos. These are typically encountered through Porn sites.
So this thing isn't just being spread through email attachments. That makes the threat level a lot higher.
Thanks much, Roamer. I’m going to make that change right away.
No point in barking at reality, friend. We live in an imperfect world.
It's structured differently than virus protection programs, and regularly picks up things that anti-virus programs miss. I use the free version and run it at least once a week.
You can use Software Restriction Policies to block executables from running when they are located in the %AppData% folder, or any other folder, which this thing launches from. See these articles from MS:
http://support.microsoft.com/kb/310791
http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx
This can also be set up in group policy.
File paths of the infection are:
C:\Users\User\AppData\Roaming\{213D7F33-4942-1C20-3D56=8-1A0B31CDFFF3}.exe (Vista/7/8)
C:\Documents and Settings\User\Application Data\{213D7F33-4942-1C20-3D56=8-1A0B31CDFFF3}.exe
Please see further instructions at this link to manually protect your computer from the CryptoLocker virus.
And this is why you should make sure whatever opsys you use is locked up tighter than the NSA files. You can bark at Windoze all you want but keep in mind that the beloved MACos and the penguin are also subject to attack.
NO operating system is bullet proof. Security is the users' responsibility. What I run may not be everyone's cup of tea so your mileage may vary but for starters Firefox with NoScript. At least with that combo if something executes from a web link, you OK'd it...
There are other options to lock down (originally typed 'lock-up' but windoze manages that quite well on its own..;-) your machine including some in the link in post #56.
Your choice as to whether you want to do that or just complain about the holes...
I've been calling the use of MS-Windows in the business sphere criminal fiduciary negligence for years. The lost productivity guaranteed by use of microsoft software is staggering.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.