Posted on 11/21/2013 2:56:18 AM PST by markomalley
Massachusetts cops have admitted paying a ransom to get their data back on an official police computer infected with the devilish Cryptolocker ransomware.
Cryptolocker is a rather unpleasant strain of malware, first spotted in August, that encrypts documents on the infiltrated Windows PC and will throw away the decryption key unless a ransom is paid before a time limit. The sophisticated software, which uses virtually unbreakable 256-bit AES and 2048-bit RSA encryption, even offers a payment plan for victims who have trouble forking out the two Bitcoins (right now $1,200) required to recover the obfuscated data.
On November 6, a police computer in the town of Swansea, Massachusetts, was infected by the malware, and the cops called in the FBI to investigate. However, in order to get access to the system the baffled coppers decided that it would be easier to pay the ransom of 2 BTC, then worth around $750, and received the private key to unlock the computer's data on November 10.
"It was an education for [those who] had to deal with it," Swansea police lieutenant Gregory Ryan told the Herald News. "The virus is so complicated and successful that you have to buy these Bitcoins, which we had never heard of."
Ryan said that essential police systems weren't affected by the infection, and federal agents are still investigating the infection, hopefully to find clues that'll lead the Feds to the malware's writer. The software nasty is thought to have been the work of Eastern European criminal gangs, but no one knows for sure.
"The virus is not here anymore," Ryan said. "We've upgraded our antivirus software. We're going to try to tighten the belt, and have experts come in, but as all computer experts say, there is no foolproof way to lock your system down."
Apart from not being a fool that is. Cryptolocker primarily spreads via email attachments, typically a PDF that claims to be from a government department or delivery service. As ever, experts advise not to open attachments unless you are sure of its contents and the source. ®
Moral to the story: back up your data regularly and put an air gap between your live data and your backup.
A bigger moral - don’t trust a bunch of dumb doughnut eaters to handle your computer security.
Good article, thanks for posting.
Local cops handle that about as often as I stop over at Brad Pitt's house for a backyard barbecue. I hate those @#$% ads.
But the fact that you remember the commercial means they’ve succeeding in their marketing campaign.
I’ve had one call from a friend about Cryptolocker on their machine. They were frantic and asked if I could help. I told them, “Nope. You either pony up the cash, or your data is lost forever.”
He didn’t believe me and accused me of not wanting to help because of a falling out between our wives. So what did he do? He took his computer to Best Buy! Not only did they tell him the same thing, but they charged him to put a new hard drive into his computer while his old one was fine just encrypted.
...While not foolproof, upgrading to Linux would go a long way to resolve their virus issues. I doubt they're up to using it though. I'd prefer they keep using windows so they can spend more time worring about viruses than violating our rights.
He took his computer to Best Buy!
I would posit that the above was your friend's biggest mistake. Love to shop at Best Buy, but I know more about computers than 85% of the Geek Sqad. And don't EVEN get me started on their customer service.
Best Buy is worthless. When I was unemployed for 6 months a few years ago, I put in an application to work on the Geek Squad. I’m in my early 30s with over 10 years of IT experience under my belt. The zit-faced “supervisor” who interviewed me told me that he didn’t think I had the skills to do what they did.
I literally laughed in his face and asked him, “You have MY resume, right?”
Since the “virus” is written to be platform independent, it COULD infect a Linux or Mac computer, but since you need SUDO or the admin password to perform installations on those respective platforms, the incidence is very low if non-existent.
This is a police department. I’ve yet to consult or work for a government agency that uses anything but Windows.
That’s assuming that you have shadow copies turned on. Most people don’t set up any thing like that in Windows, it’s mostly out-of-box crap.
Do yourself a favor: buy a 2TB-4TB backup drive, plug it into your machine, and set Windows to backup at least once a week. Set it to wake up your computer at 2 AM, do the backup, and shut down. It’s not hard, and it’s the only way to recover from something like this.
A bump for the best advice in the thread, and it applies to Macs and Linux boxes as well. For Pete's sake, back your data up! Some clown tries this, you say, "fine", slick your drive, restore last night's backup and you can walk off laughing at them. I've done it twice in the last couple of years out of mere suspicion that I might have been compromised (also good advice - don't let idiots use your computer).
This is no different from any other catastrophic hard drive casualty. Nobody is immune from this. Nobody.
Yup. I allow sudo on my desktop, but make sure to require authentication. You can allow sudo to be passwordless, but I don't think it's a good idea.
You've got that right! That has to be without a doubt the most annoying radio commercial I've ever heard. I do the same as you, and either change the channel as soon as I hear those cymbals, or turn my radio off for several minutes (my apologies to whatever commercial follows that godawful one).
They must have one enormous marketing budget, because they flood the airwaves 24x7.
It's not like you weren't invited.....we missed you last weekend.
“Apart from not being a fool that is. Cryptolocker primarily spreads via email attachments, typically a PDF that claims to be from a government department or delivery service.”
I got one of those a couple weeks ago. Almost fell for it as I was expecting packages from Amazon. But there were some tells that made me suspicious.
Ubuntu Linux requires SUDO to do a lot of things, but you could conceivably not set a password for your user account, thus negating the SUDO requirement.
The Horror
The Horror
It is also best to BU the entire disk or OS once in a while. There is freeware that will do this, or although the system image backup feature was removed in Windows 8.1, it can be accessed via the Power Shell.
Didn't see one of the easiest full/incremental Windows BU packages there (maybe because it's a file-by-file, not an image backup, but it saved my backside a couple of times (just booted from a cloned drive and cloned it back onto affected partition in a space of a few minutes) - XXCLONE from Pixelab
They have a free (slightly crippled, but very functional) non-commercial and a low-cost full versions of software.
Also, "an ounce of prevention..." :
CryptoPrevent from FoolishTech - free utility in only 350K file that protects against Cryptolocker AND some other malware as well:
Incidentally, due to the way that CryptoPrevent works, it actually protects against a wide variety of malware, not just Cryptolocker! CryptoPrevent is a tiny utility to lock down any Windows OS to prevent infection by the Cryptolocker malware or 'ransomware', which encrypts personal files and then offers decryption for a paid ransom. CryptoPrevent artificially implants group policy objects into the registry in order to block certain executables in certain locations from running. Note that because the group policy objects are artificially created, they will not display in the Group Policy Editor on a Professional version of Windows — but rest assured they are still there!
A 2T+ USB-powered drive(s) for backups and data portability is a no-brainer investment of about $100 per drive and a peace-of-mind lifesaver.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.