Cryptolocker - Malware infection $300 ransom

Hi, thought I would post this here, it is a pretty nasty piece of malware and the best protection from it is user awareness. Reported cases rising exponentially every day.

Current iteration demands $300.00 within 72 hours to decrypt your files. Infection vector is email attachments and links, mainly comes as a dipute claim. Current focus is on businesses, but personal systems have been infected. No OS is currently safe, even with full service packs, security patches and mainstream anti virus. Malware installs, encrypts all files with common extensions (.doc, .docx, .xls, .jpg, .gif, .jpeg and lots more), pops up a ransom demand and starts a 72 hour timer. You pay it looks like the decryption is legit, you don't pay it uninstalls itself and you are done, no way to recover the public key to decrypt your files.
Also infects mapped and attached drives that have write permissions, does not need admin privileges and bypasses UAC (the pop up and screen dimming asking if it's ok to do something) as it is changing your own files.

What can you do to protect yourself?
1) DO NOT click on attachments or links in your email unless you are absolutely certain they are legitimate and from a trusted source – if it’s a real dispute claim you’ll get a phone call or hardcopy in snail mail
2) Ensure your Outlook or preferred email client DOES NOT automatically display images in emails
3) Offsite backups – not the kind that replicate changed files immediately, but the kind that backup everything with versioning offsite every night or a single copy that is put away (cold storage). This will allow you to restore to the previous day.
4) Running system restore on your machine so you can rollback to a previous date.
5) Try to transfer files via email or some other medium, USB drives can spread infections, even if the file you transferred was clean.

Much more info here:
http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/

Wayne

 

Wayne,
Many thanks for posting this - it's a genuine threat and could be a real problem for people on here who have lots of files they cannot afford to lose....make sure you back-up all your files physically off the computer as it can lock files in attached drives and network files. Note* System Restore is powerless in this situation with regard to the locked files.

Regards
Hugh

 

Hugh, it really is a nasty threat. All sorts of stuff going on out there now including significant attacks on cell phones of all flavours.

If I can make one recommendation to people, aside from backing up as you've already indicated it is get a very good anti virus program and make sure it is running at all times. This includes on your phone.
I am not one to normally plug any particular product, but as an IT MSP (managed service provider) for businesses we install and use only 1 AV/malware/protection product. It comes as a regular AV for 1 machine, or as a bundle that covers off up to 4 devices including phones - the product is webroot secure anywhere - and here is a little video to show you why we use it.

https://www.youtube.com/watch?v=uKMZ1Ukw_7I

According to Webroot their product would not only catch this threat, but would be able to rollback from it. Something other products cannot do.

Wayne

 

Just received this - it is one of the latest cryptolocker emails - do not move it to your inbox and do not click the link!!!

----------------------------------------------------------------------------------------

To: you
From: WhatsApp Messaging Service <Some Royal wanker @ A$$hole.mail>

You have a new Voice Message!
Message Details:
Time of Call: Nov-10 2013 03:23: 23
Lenth of Call: 23sec


111 <random long link in here also>
<random long link here>
Play

*If you cannot play, move message to the "Inbox" folder.


2013 WhatsApp Inc

---------------------------------------------------------------------

Regards,
Wayne