topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 12:23 pm
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: CryptoLocker and CryptoPrevent  (Read 17890 times)

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
CryptoLocker and CryptoPrevent
« on: October 30, 2013, 12:52 PM »
MakeUseOf has an article on CryptoLocker and CryptoPrevent, and though I don't quote the linkbait title, it does bring up an interesting question.

If you do fall victim to cryptolocker, and payment does work, is it ethical to pay?

(CryptoLocker was also discussed in the Bitcoin thread)

Raven

  • Participant
  • Joined in 2013
  • *
  • Posts: 1
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #1 on: November 03, 2013, 02:28 PM »
Another question - what's next? We have seen fake Antivirus scans, then FBI virus, and now this crypto crap, what's next?

Actually, it is not always necessary to pay, our local computer repair man uses some forensic tools to find and restore files:
http://en.wikipedia....ital_forensics_tools (as they are not completely deleted)

PS: for those in need and just to remove the infection, here is a guide utilizing malwarebytes: http://privacy-pc.co...ptolocker-virus.html

PPS: Though it is evil, such viruses teach people to do regular backups.

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #2 on: November 03, 2013, 04:43 PM »
PPS: Though it is evil, such viruses teach people to do regular backups.
Actually, it just teaches them what can happen if they don't do backups.

Among other things, our company sells a service that backs up client servers hourly and can spin them up quickly in the case of hardware failure or other calamity. We've already used it twice to restore client servers that were 'Crypto-Lockered".  (Not the same client both times!)  We also saw it hit at another site; we didn't have our backup system in place there so I'm not sure what came of it.  But if your company depends on its data, and the data gets honked, and you don't have a good backup, either you pay up or your company is gone.  To heck with ethics, I think most small business owners would not want to go out of business just to prove a point.
vi vi vi - editor of the beast

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 2,192
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #3 on: November 03, 2013, 05:32 PM »
Further to the ethics points, I am seeing a surprising number of people, not companies, pay up.

Pay for the likes of MBAM pro and you are half, it's never a full step anymore, a step ahead

Renegade

  • Charter Member
  • Joined in 2005
  • ***
  • Posts: 13,288
  • Tell me something you don't know...
    • View Profile
    • Renegade Minds
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #4 on: November 04, 2013, 04:05 AM »
Is it ethical to hand over your wallet to a robber with a gun/knife?

I don't think it's an ethical question. It's a practical question. Do you save your own skin?

For ransomware, it's close to the same question.

It sets up a damned if you do, damned if you don't dichotomy - no matter what you do, you're damned. Those aren't ethical questions. They're ethical traps.

A coyote running through the woods steps into a trapper's trap which firmly clamps around his leg. He can either stay there waiting for the trapper to come and kill him, or die waiting, or he can chew off his leg. The coyote is damned, damned or damned. Which damnation do you prefer?

Colourless green ideas sleep furiously.

A barber in a town shaves all the men who do not shave themselves. Does the barber shave himself?

Johnny creates a maze for which there is no exit. Sally goes in and the entrance slams shut. How does she get out?

MULTIPLE CHOICE:
Q) Which of the following chocolate bars contains nuts?

1) Ferarri 458 Spider
2) Coconut trees
3) Star Wars: A New Hope
4) Lime green

These kinds of cases only show that it is possible to create questions that are outside of a particular domain and that asking the question within that domain yields a nonsensical answer.

You only lose if you play the game.
Slow Down Music - Where I commit thought crimes...

Freedom is the right to be wrong, not the right to do wrong. - John Diefenbaker

IainB

  • Supporting Member
  • Joined in 2008
  • **
  • Posts: 7,540
  • @Slartibartfarst
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #5 on: November 04, 2013, 04:40 AM »
Further to the ethics points, I am seeing a surprising number of people, not companies, pay up.
Pay for the likes of MBAM pro and you are half, it's never a full step anymore, a step ahead
Yes, I always regarded my investment in a licence for MBAM Pro to be preventive, rather than curative. MBAM Pro has realtime scanning, which is apparently an effective Crilock avoidance tool - assuming that you keep it enabled. There doesn't seem to be any cure for Crilock, and paying the ransom does not mean that you won't get immediately reinfected - as some people have found out to their chagrin.

Giampy

  • Participant
  • Joined in 2009
  • *
  • Posts: 444
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #6 on: November 04, 2013, 04:56 AM »
such viruses teach people to do regular backups.

It's not sufficent, as certain ransomware attack all the hard disks.
People should do backups in a removable device and then they should disconnect it.
"A refrigerator without beer is like a body without soul"

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #7 on: November 04, 2013, 08:05 AM »
such viruses teach people to do regular backups.

It's not sufficent, as certain ransomware attack all the hard disks.
People should do backups in a removable device and then they should disconnect it.

This.

So I guess, this brings up the other point...

...are the perpetrators of Cryptolocker held to reliability in unlocking the files by the fact that if they don't people will stop paying?  And since most people that pay are individuals, then are they held to a certain maximum price by the same regard?

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #8 on: November 19, 2013, 09:04 PM »
Is this CryptoPrevent safe -and advisable- from this source?

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 888
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #9 on: November 20, 2013, 05:17 AM »
I have installed it on my home PCs and advised some client techs to install on PCs of.. umm.. "likely suspects".. ;D

Have not seen any issues that it causes on Win 7 or 8. Same thing can be done with a GPO at business sites but this is an easy way to make the same settings at smaller sites.

I think if you're a business owner who employs non-technical staff this ought to scare the bejesus out of you. Unless all your work is done through a web proxy or something.
vi vi vi - editor of the beast

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #10 on: November 20, 2013, 06:24 AM »
Is this CryptoPrevent safe -and advisable- from this source?

I ran an older version from that site (under file properties it says product version is 3.01) on Win7 & Win8 machines, and havent had any problems with anything.
The version I used allowed whitelisting - it looks like the newer version doesnt. Guess I should update it...

EDIT//
Updated from within the app. The interface/process works very well (requested to reapply the settings - which I did; have yet to reboot).
Tom
« Last Edit: November 20, 2013, 07:43 AM by tomos »

paulobrabo

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 88
  • The Brazilian Bomber
    • View Profile
    • Brabo Illustration
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #11 on: November 20, 2013, 09:37 AM »
There's also the beta version of HitmanPro.Alert with Cryptoguard.

http://www.surfright.nl/en/cryptoguard

HitmanPro.Alert 2.5 contains a new feature, called CryptoGuard that monitors your file system for suspicious operations. When suspicious behavior is detected, the malicious code is neutralized and your files remain safe from harm.

CryptoGuard works silently in the background at the file system level, keeping track of processes modifying your personal files. CryptoGuard works autonomously, so no user interaction is required.

CryptoGuard works at the file system level and does not conflict with full disk encryption software like BitLocker, Sophos SafeGuard or TrueCrypt.

Free! I've installed this on my father's PC...  ;D and now it's on mine too  :Thmbsup:
English will never be my first language, it doesn't meter how hard I try.
« Last Edit: November 20, 2013, 09:39 AM by paulobrabo, Reason: Added info »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #12 on: November 20, 2013, 09:52 AM »
There's also the beta version of HitmanPro.Alert with Cryptoguard.
[...]
Free! I've installed this on my father's PC...  ;D and now it's on mine too  :Thmbsup:

does that work okay with your anti-virus? - which anti-virus?
Sounds like you dont have HitmanPro anti-malware installed as well (?)
TIA :-)
Tom

paulobrabo

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 88
  • The Brazilian Bomber
    • View Profile
    • Brabo Illustration
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #13 on: November 20, 2013, 01:42 PM »

does that work okay with your anti-virus? - which anti-virus?
Sounds like you dont have HitmanPro anti-malware installed as well (?)
TIA :-)

No, no HitmanPro anti-malware here, only the free .Alert thingie with Cryptolocker prevention. And yes, it works flawlessly with my Avast 2014 Free!
English will never be my first language, it doesn't meter how hard I try.

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #14 on: November 21, 2013, 11:41 PM »
Thank you everyone.
Do I have to get the paid version of HitmanPro?
I think it was 39 Euros per year.
Or is the HitmanPro.Alert with Cryptoguard free?
If free, I wonder if it will run updates.

Or should I just get CryptoPrevent for $15 ($10 off reg. $25) one-time fee.

I just got Malwarebytes.

I already have Norton 360 Premier Edition, but couldn't get confirmation that it protects against CryptoLocker.
« Last Edit: November 22, 2013, 02:18 AM by bit »

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #15 on: November 22, 2013, 02:48 AM »
Do I have to get the paid version of HitmanPro?
-
according to the post above yours: no

Hitman Pro is anti-malware - costs $
The naming is confusing - they have HitmanPro.Alert and Cryptoguard which I think are the same thing (free).

from paulobrabo's link above:
When the above alert is displayed, the malicious process is neutralized. It can no longer harm your files.

To remove the malicious code from your computer you click on the Scan with HitmanPro button which will automatically download the HitmanPro anti-malware application (if not already installed on your computer).

HitmanPro will scan your computer for malicious programs and allows you to remove them.
-
the CryptoGuard thingy from Hitman is free - as a free app, I'd imagine it does not auto-update, but I dont know.
Tom

paulobrabo

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 88
  • The Brazilian Bomber
    • View Profile
    • Brabo Illustration
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #16 on: November 22, 2013, 12:18 PM »
Indeed, the naming is confusing, but no – you don't have to have HitmanPro (which costs money) to have your files protected by HitmanPro.Alert (free). Alert will not clean your computer from infection (you may have to use another program for that, say Malwarebytes Free/Pro), but it won't let your files be encrypted, actually stopping the infection before it can do any harm.

As for updates, as Alert is behavior based and not signature based, that shouldn't be a big problem. From the website, about HitmanPro.Alert:

  • Future proof technology does not rely on malware signatures.
  • Compatible with all antivirus programs and runs alongside any other security software.

English will never be my first language, it doesn't meter how hard I try.

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,645
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #17 on: November 22, 2013, 03:57 PM »
I think it may be helpful to see what has or has not detected at least one variant of Cryptolocker:

  - https://www.virustot...cdad993bb9/analysis/

It looks like most of the well known anti-malware detect it.  However, I'm sure the slime creating this work constantly to have variants that slip past detection.

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #18 on: November 24, 2013, 02:48 AM »
I just got the paid version of CryptoPrevent.

By the way, here's a head's-up on an attempted phishing attack.
I recently received an expertly-presented email spoofing Paypal, with perfectly imitated graphics-intensive letterhead just like Paypal, and full of hyperlinks to various sub-departments.
It said my account had encountered suspicious activity, a 'Paypal Identity Issue', with case serial number, and that my access to Paypal was being restricted until I could clear this up.
I was then instructed to reply to the email, and give my correct user name, password, credit card and bank info, mother's maiden name, and a host of other critical details.
It was a disaster-in-the-making, a rat trap waiting to be sprung by me, the unsuspecting target.
I did NOT click on any links in the email, but instead went to my browser and logged into Paypal with no problem whatsoever.
Curiously, I was still 'in denial' and trying to convince myself that this was actually happening.
I found Paypal's email address for reporting 'spoofs', which is appropriately named <[email protected]> and forwarded the email, and a second one sent to me by the scam artists as a 'reminder'.
Paypal sent back a notice a day later that it was indeed a phishing attempt.
That @#$&* phishing email looked exactly like a Paypal graphics letterhead, so authentic it was amazing.
So beware and be aware, "they're out there".
Reminder: Paypal will never ask you for your critical info like credit card number, bank account number, your mother's maiden name, Paypal log-in password and so on, by email.
If they do, they ain't Paypal and it's probably a phishing rat-trap waiting for you to spring it on yourself.

wraith808

  • Supporting Member
  • Joined in 2006
  • **
  • default avatar
  • Posts: 11,186
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #19 on: November 24, 2013, 12:49 PM »
One thing that I do want to remind people of that are in the same position as bit- with an authentic looking e-mail from their financial institution:

A little bit of convenience is not worth a whole lot of heartache.

Even with official e-mails and such, I never use the links in the e-mail.  Anything that you find in the email should be findable if you go to the site yourself and login.  Most financial institutions have a secure internal messaging system- the one that you receive by your e-mail is in general just a backup from what I've seen.  Look for the alert there in your messages.  Sometimes it even in the banner when you sign in- that's if you need to do anything.  Especially in relation to some problem with your account.  Worst case- call.  But don't get in the habit of clicking links to financial institutions I think is the best advice towards phishing that can be given.

tomos

  • Charter Member
  • Joined in 2006
  • ***
  • Posts: 11,959
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #20 on: November 24, 2013, 01:22 PM »
Yeah, I was impressed by the quality of some recent PayPal spam as described by bit. It even fooled gmail's spam filters, and they're usually very good I find.
Tom

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #21 on: November 24, 2013, 04:50 PM »
Also, if you send the spoof email to your financial institution's fraud department, extract and send the full headers as well.
They're not normally sent if you just forward the email and they may help track down the phisher.
« Last Edit: November 24, 2013, 05:34 PM by 4wd »

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #22 on: November 24, 2013, 05:28 PM »
Actually what clued me in that the spoof phishing Paypal attack was bogus, is that nobody gets my actual email address.
I have a paid subscription to www.Sneakemail.com which allows me to create a unique email address for each new contact.
They only see that, not my real email address.
Sneakemail then forwards all contacts to my actual email address, which is set up using a Desktop web browser email software program.
And I can click on reply, and back it goes to Sneakemail which forwards it back to them, still hiding my 'core email address'.

When the Paypal phishing attack came in, it was from one of my other Sneakemail contacts, IOW; not from Paypal.
So I was immediately made aware that I was getting a supposed Paypal contact from a different party, who was not Paypal.
I don't like admitting this, but the truth is, if it wasn't for Sneakemail, I might have fallen for it before, although by now I'm much more aware of the danger.

Anyways, a second spoof Paypal phishing attack email came, and I set a 'rule' at Sneakemail to block anything from that email address containing 'Paypal' in the text body.
That stopped the phishing attacks, but then they started trying to sell me designer handbags and shoes from the same email address.
This was supposedly from the email address of someone who was a friendly acquaintance, but who was obviously not the person actually doing it.
So then I created a new Sneakemail contact for the person from whom the 'spoof Paypal phishing attack' supposedly originated, and deleted the old one, and that stopped.

However, I actually have received spam emails from Paypal, offering 'sale prices' to sell me designer shopping bags, shoes, and so on.
I have no idea how or why this happens, or if Paypal encourages it, or what.
But I set a new Sneakemail contact email address for Paypal, and reported the spam to Paypal, then deleted the old one, and that problem went away.
And in that case, Paypal did not confirm a phishing attack.

My 'core email address', my 'real one', remains free of further spoofs or phishing attacks.
And if they want to play more games, Sneakemail gives me what I need to deal with it.
The only thing Sneakemail can't do is add attachments directly; for that, you just send a quickie email to whoever asking them to reply back, then you add the attachment in your reply to them.
« Last Edit: November 24, 2013, 05:41 PM by bit »

bit

  • Supporting Member
  • Joined in 2013
  • **
  • Posts: 686
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #23 on: November 24, 2013, 05:34 PM »
Also, if you send the spoof email to your  financial  institution's fraud department, extract and send the full headers as well.
They're not normally sent if you just forward the email and they may help track down the phisher.
I see your signature reads 'Four wheel drive: Helping you get stuck faster, harder, further from help....
Just as a quickie post in an aside, here's a fix-a-flat idea for you that might amaze a few people (like it did for me).  ;D
« Last Edit: November 24, 2013, 05:42 PM by bit »

4wd

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 5,641
    • View Profile
    • Donate to Member
Re: CryptoLocker and CryptoPrevent
« Reply #24 on: November 24, 2013, 05:45 PM »
It helps if you never receive HTML email, (I never have nor will I ever accept it), makes links a little harder to hide ;D

phish.pngCryptoLocker and CryptoPrevent

I see your signature reads 'Four wheel drive: Helping you get stuck faster, harder, further from help....
Just as a quickie post in an aside, here's a fix-a-flat idea for you that might amaze a few people (like it did for me).  ;D

I've seen that, unfortunately it doesn't tell you how you fix the the 3" hole in the side of the tyre from where you staked it on a branch.
Answer: If you haven't got a spare tyre/tube, pack it with grass/clothes/etc and drive out.  ;)
« Last Edit: November 24, 2013, 06:05 PM by 4wd »