Jump to content
JWTalk - Jehovah's Witnesses Online Community

"CryptoLocker" warning


Recommended Posts

I usually don't pass on all the dire warnings I get about a current computer virus, but this one that we started seeing late last month is a particularly bad one, so I wanted to pass on the warning as we are seeing more and more cases of it.. 

 

Please friends, do not download ANY "EXE or ZIP" files that come to you in an email, even if they seem to be from a trusted source!

 

There currently no way to reverse the damage and recover your files without paying the ransom!

 

ICryptoLocker: A particularly pernicious virus

By Susan Bradley

 

Online attackers are using encryption to lock up our files and demand a ransom — and AV software probably won't protect you.

 

Here are ways to defend yourself from CryptoLocker — pass this information along to friends, family, and business associates.

Forgive me if I sound a bit like those bogus virus warnings proclaiming, "You have the worst virus ever!!" But there's a new threat to our data that we need to take seriously. It's already hit many consumers and small businesses. Called CryptoLocker, this infection shows up in two ways.

 

First, you see a red banner (see Figure 1) on your computer system, warning that your files are now encrypted— and if you send money to a given email address, access to your files will be restored to you.

 

post-535-0-73362500-1382668562.jpg

 

 

Figure 1. CryptoLocker is not making idle threats.

 

The other sign you've been hit: you can no longer open Office files, database files, and most other common documents on your system. When you try to do so, you get another warning, such as "Excel cannot open the file [filename] because the file format or file extension is not valid," as stated on a TechNet MS Excel Support Teamblog.

 

As noted in a Reddit comment, CryptoLocker goes after dozens of file types such as .doc, .xls, .ppt, .pst, .dwg, .rtf, .dbf, .psd, .raw, and .pdf.

 

CryptoLocker attacks typically come in three ways:

 

1) Via an email attachment. For example, you receive an email from a shipping company you do business with. Attached to the email is a .zip file. Opening the attachment launches a virus that finds and encrypts all files you have access to — including those located on any attached drives or mapped network drives.

 

2) You browse a malicious website that exploits vulnerabilities in an out-of-date version of Java.

 

3) Most recently, you're tricked into downloading a malicious video driver or codec file.

There are no patches to undo CryptoLocker and, as yet, there's no clean-up tool — the only sure way to get your files back is to restore them from a backup.

 

Some users have paid the ransom and, surprisingly, were given the keys to their data. (Not completely surprising; returning encrypted files to their owners might encourage others to pay the ransom.) This is, obviously, a risky option. But if it's the only way you might get your data restored, use a prepaid debit card — not your personal credit card. You don't want to add the insult of identity theft to the injury of data loss.

 

In this case, your best defense is prevention

Keep in mind that antivirus software probably won't prevent a CryptoLocker infection. In every case I'm aware of, the PC owner had an up-to-date AV application installed. Moreover, running Windows without admin rights does not stop or limit this virus. It uses social engineering techniques — and a good bit of fear, uncertainty, and doubt — to trick users into clicking a malicious download or opening a bogus attachment.

 

 

Here is the Snopes page confirming this:

 

http://www.snopes.com/computer/virus/cryptolocker.asp

Link to comment
Share on other sites

One way to prepare for such a virus is to always keep uninfected backup files of all your documents, etc so you can replace any that do get infected.

 

You can also set up user policy that will not allow an .exe to run from %AppData%\*.exe and/or %AppData\*\*.exe%

 

These efforts may/will help you block/recover from this particular malware to an extent, but avoiding it is the best protection.

"Let all things take place decently and by arrangement."
~ 1 Corinthians 14:40 ~

Link to comment
Share on other sites

Thanks Musky. Just after I saw this - our IT dept. sent out the same thing.

 

Apparently, someone clicked a link from an email  :nope: and now some files on the network are encrypted. They are pulling in the backups!!

 

NEVER NEVER NEVER - click on a link from an email!!! - especially if you don't know why it was sent to you  :nope:

 

Thanks Bro.

Plan ahead as if Armageddon will not come in your lifetime, but lead your life as if it will come tomorrow (w 2004 Dec. 1 page 29)

 

 

 

 

Soon .....

 

Link to comment
Share on other sites

IT looks like our IT dept had fun over the weekend:

 

 

Good Morning,

 

No additional workstations were identified with this particular malware.  DoIT staff worked over the weekend to recover encrypted files from backups, and implemented new measures to prevent further infections.  We continue to crawl the file servers looking for additional affected areas.   Root cause has not yet been determined, but it is likely that the malware came in via email.   

 

Be particularly on the lookout for emails purporting to be a “voicemail”  with an attachment, possibly even looking like it came from an internal email address.   The City does not use email to forward voicemails – this is a phishing scam.  Do not open the attachment or click on any links, report it to the Help Desk immediately at x4357.   As always, do not open attachments or click on links in emails that you are not sure of the source and contents.   

Plan ahead as if Armageddon will not come in your lifetime, but lead your life as if it will come tomorrow (w 2004 Dec. 1 page 29)

 

 

 

 

Soon .....

 

Link to comment
Share on other sites

Mrs Musky has gotten several of these "voice mail" emails the last few days through her Real Estate email server. I am thinking of setting up a test machine and infecting it with this virus to see the damage it does and see how long it takes to do it. Might learn something useful in combating it. 

Link to comment
Share on other sites

  • 2 weeks later...

Hi, a brother sent me a email this afternoon and he advised that a new malware virus that has been on the news is really Dangerous and people should be heed and protect themselves.  He wrote the below (I copied from my email) and the rest of you can check the two suggestions that he added to protect oneself from the virus attack.  Hope this helps, I'll get the story from NBC News, I can't recall if I put it in here (the forum), not sure if I put it in Entertainment or Secular News? 

 

This is for real. Take this seriously.

 

Once your system is infected you will likely never get your files back. I have been paying attention to this because part of my job is to check people’s computers in for virus removal once they have been infected and to give advice on preventing infections from occurring. This virus reportedly encrypts your files. That means, for example, that with a Microsoft Word document, if you can even open, it all you will see is garbled characters that won’t even resemble your document. You need a special software “key” that was used to encrypt it to be able to unencrypt it so it is readable information again. From some of what I have read, even if you pay the $300.00 for the “key” to decrypt it you don’t get it. And if you use software to remove the malware your files stay encrypted so they are useless to you. Some people reportedly removed the virus and when that didn’t unencrypt their files they sent the $300.00 to the attackers. The attackers, once they determines that the virus had been removed then demanded $1200.00 for the key to decrypt the files.

 

The company I work for is gathering information on ways to prevent this from infecting your computer. At least currently, once a computer has been infected there is nothing you can do to get your files back. Unless you really know what you are doing it is probably best to take your computer to a known expert to have your computer restored to an earlier point or to have Windows reinstalled.

 

If your computer hasn’t been infected my best suggestion would be to install Malwarebytes Pro. I am waiting for confirmation but according to one of the techs at work and as best I know at this point it will protect you from this attack. There are two versions of Malwarebytes. One is free and the other (Malwarebytes Pro) is $24.95. It is very good, highly recommended software anyway for protection against many types of threats. Even if you don’t get this infection, if you get a different one, not only will it potentially do damage to your computer but if you bring it to where I work we will charge you $99.99 to remove viruses that are removable (some places charge more). So it is cheap insurance. We recommend a good antivirus (particularly ESET) in conjunction with Malwarebytes. You can get both online (www.eset.com and www.malwarebytes.org ).

 

(the last paragraph is just a suggestion, some of you may have other protections that you like and are free.  Malwarebytes.org has a free download on it as well as purchase, no one is obligated to purchase or download any of the above who read this on here)

Link to comment
Share on other sites

Or - the really really hard thing - NEVER NEVER NEVER - click on a link from an email!!! 

 

But - hey - who am I to tell you the free way to handle this.

 

Try the $24.99 or $99.99 option   :lol1:

 

note: last night I received a call from Microsoft. Apparently, my computer (which wan't even on) was sending "them" messages that it need to be fixed   :eek:   :lol1:

 

After a chuckle to myself - and knowing this was a scam - I kept him on the phone as long as I could. Hey, I figured - as long as he was talking to me - he wasn't scamming some older person   :nope:

 

After 30 minutes - while I was really watching TV - he asked for a small fee of $29.99 and the kind offer to send me to a website where I could download software that would "fix" my computer.   :yes: I bet it would "fix" it all right   :nope:

 

The moment I told him I wasn't going to pay the fee - he hung up. Arrgghh, I should have told him I would and given him a fake card number. Maybe I could have kept him on the phone longer pretending to go the website.


Edited by trottigy
Plan ahead as if Armageddon will not come in your lifetime, but lead your life as if it will come tomorrow (w 2004 Dec. 1 page 29)

 

 

 

 

Soon .....

 

Link to comment
Share on other sites

At work I get these calls all the time. Then I hand the phone to Frances. She loves to talk on the phone. Her conversations consist of I'm gonna buy me a motorcycle, a red one, I want 2 or 3 of dem. A blue one, a green one. I'm gonna get me one. By then they have hung up.

For beautiful eyes, look for the good in others; for beautiful lips, speak only words of kindness; and for poise, walk with the knowledge that you are never alone.

Link to comment
Share on other sites

Yes a very serious Virus.  I spent four days recovering files from the company's various backup systems (cloud, tape, disk).  The virus stays dormant on the infected computer while it encrypts files and then enters mapped drives to servers and starts to work on them (only xls, xlsx, doc, docx and jpg files were encrypted in our case). By the time the user complained about problems, all his Excel and Word files were encrypted (he lost them all because he did not save them in the home directory on a server) and about 8,000 files on several servers were encrypted. I was able to recover all except 3 files.  Worst virus I have encountered and we have dealt with many.  Backup, Backup, Backup is the only solution that helped us.

 

PS -  When the files were encrypted ownership was changed to the infected user.  This is how I was able to find all the encrypted files.  Used TreeSize professional to find all files on the server with the infected user as owner.  Not all files in a directory were affected,  nor all folders, so i could not do a blanket restore (some unaffected files were updated and a blanket restore would cancel files updated by users).  It was a slow restore, manual restore, sometimes just one file in a directory.  Four days.


Edited by jake3328
Link to comment
Share on other sites

Can you get it on a tablet? I don't think I have any files on my tablet.I have Apps.

 

It is EXTREMELY unusual to get a virus on a tablet.

 

BUT the rule still holds true - don't click on a clink from an email.

 

Call the person who sent it and ask them what it is - AFTER verified - you might click.

 

note: same for attachments.

Plan ahead as if Armageddon will not come in your lifetime, but lead your life as if it will come tomorrow (w 2004 Dec. 1 page 29)

 

 

 

 

Soon .....

 

Link to comment
Share on other sites

  • 2 weeks later...

The people that are behind the "cryptolocker" ransom-ware are now offering customer service! What nerve! LOL

 

http://techtalk.pcpitstop.com/2013/11/14/ransomware-crooks-offering-customer-service/

 

 

Here is a link to a free "anti-crypto" program if anyone is really worried about this threat:

 

http://www.foolishit.com/vb6-projects/cryptoprevent/

Link to comment
Share on other sites

  • 11 months later...

Join the conversation with your brothers and sisters!


You can post now, and then we will take you to the membership application. If you are already a member, sign in now to post with your existing account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.

About JWTalk.net - Jehovah's Witnesses Online Community

Since 2006, JWTalk has proved to be a well-moderated online community for real Jehovah's Witnesses on the web. However, our community is not an official website of Jehovah's Witnesses. It is not endorsed, sponsored, or maintained by any legal entity used by Jehovah's Witnesses. We are a pro-JW community maintained by brothers and sisters around the world. We expect all community members to be active publishers in their congregations, therefore, please do not apply for membership if you are not currently one of Jehovah's Witnesses.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

JWTalk 23.8.11 (changelog)