Malware Virus Ransom

[Allabord4Jah]

(If I have this in the wrong spot, please remove and put it where it should go, am not quite sure)

 

 

 

On NBC News this morning.

 

 

Nasty new malware locks your files forever, unless you pay ransom

 

Nasty new malware locks your files forever, unless you pay ransom

1 hour ago

Sophos

The criminals behind CryptoLocker deliver their digital ransom note on the victim's computer screen. The typical demand is for $300 or two Bitcoins. Note the yellow countdown clock at the bottom left. It gives the time remaining until the unique decryption key is destroyed and the encrypted files are inaccessible forever.

CryptoLocker, a new and nasty piece of malicious software is infecting computers around the world – encrypting important files and demanding a ransom to unlock them. 

According to Sophos, the worldwide digital security company, it’s been hitting pretty hard for the past six weeks or so.

“It systematically hunts down every one of your personal files – documents, databases, spreadsheets, photos, videos and music collections – and encrypts them with military-grade encryption and only the crooks can open it,” said Chester Wisniewski, a senior security advisor at Sophos.

Even though it’s infected, your computer keeps working normally; you just can’t access any of your personal files. It’s scary, especially if you haven’t backed-up your data.

“Cybercrime is evolving, as the bad guys get smarter and use newer technologies,” noted Michael Kaiser, executive director of the National Cyber Security Alliance. “They’re always looking for new ways to steal your money.”

CyrptoLocker is different from other types of “ransomware” that have been around for many years now that freeze your computer and demand payment. They can usually be removed which restores access to your files and documents.

Not CryptoLocker – it encrypts your files. There’s only one decryption key and the bad guys have that on their server. Unless you pay the ransom – within three days, that key will be destroyed. And as the message from the extorters says” “After that, nobody and never will be able to restore files…”

The typical extortion payment is $300 USD or 300 EUR paid by Green Dot MoneyPak, or for the more tech savvy, two Bitcoins, currently worth about $400.

To instill a sense of urgency, a digital clock on the screen counts down from 72 hours to show much time is left before that unique decryption key is destroyed.

One victim described his anguish in an online post: “The virus cleverly targeted …all of our family photos, including all photos of my children growing up over the last 8 years. I have a distraught wife who blames me!”

This sophisticated malware is delivered the old-fashioned way – an executable file hidden inside an attachment that looks like an ordinary ZIP file or PDF. One small business reports being compromised after clicking on an email attachment that was designed to look like a shipping invoice from the U.S. Postal Service.

Open that file and bad things start to happen, although it may take several days for the ransom demand to pop up on your screen after the machine is infected.

“The author or this (malware) is a genius. Evil genius, but genius none the less,” an IT professional commented in an online tech forum. Another wrote, “This thing is nasty and has the potential to do enormous amounts of damage worldwide.”

Good anti-virus software can remove the CryptoLocker malware from your computer, but it cannot undo the damage – the encryption is that good.

“It’s the same type of encryption used in the commercial sector that’s approved by the federal government,” Wisniewski told me. “If the crooks delete that encryption key, your files are gone forever – even the NSA can’t bring them back.”

Victims large and small

The cyber-crooks are targeting both businesses and individual computer users – anyone who will pay to regain access to their files.

The CryptoLocker forum on BleepingComputer.com is filled with page after page of horror stories. Here is a small sample:

“When we discovered the infection from a user’s workstation on the network, this program had encrypted over 180,000 files through the network shares in a period of 6 days. I pretty much shut down the business for 2 days after we realized what was happening.”

“Our company was infected this morning. The virus hit a machine 4 days ago and today we got the pop up about the ransom. All files on the network drive the user had access to are now encrypted.”

“We had a workstation get infected yesterday that encrypted everything on our network share drive. We had backups, although they weren’t recent enough, so despite all feelings against it, we paid the ransom and everything started to decrypt overnight.”

Of course, there’s no guarantee there will be a happy ending if you pay the ransom. And then there’s the bigger issue – by doing this, you’re helping fund a criminal operation.

“It encourages them to continue this bad behavior,” said Howard Schmidt, former White House Cyber Security Advisor and a co-founder of Ridge-Schmidt Cyber. “As people pay the ransom, the bad guys have the money to reinvest in create research that are more virulent and hide better from detection.”

How to protect yourself

Go on the Internet and there’s no way to guarantee malware won’t make it onto your computer – even if you follow all the rules of safe computing. So you need to act defensively, and that means regular backups.

“Backup, back, up, back up,” said Schmidt. “That’s the only way to reduce the risk of losing your files forever.”

If you have a recent backup, you can recover from CryptoLocker and other malware with no serious consequences. That backup should be a snapshot of everything on the system and not a simple synchronization, as happens with most automated external hard drives and many cloud-based services.

With these synchronized backups, stored files that have changed on the master drive are overwritten with the new ones. If a malicious program encrypts your master files, those backups would also be encrypted – and useless. Your backup should be disconnected from your computer until the next time you need to access it.

 

******************************************************************************************************

A brother sent me this email on how to protect myself.  Since am computer stupid, I've called another brother for help to download (the free version) of what the first brother sent me from the last paragraph - sites where I can download free malware protection and or purchase it.   Below is the email he sent me about the above article that has been in the news and on T.V. 

****************************************************************************************************** 

 

Hi all,

 

This is for real. Take this seriously.

 

Once your system is infected you will likely never get your files back. I have been paying attention to this because part of my job is to check people’s computers in for virus removal once they have been infected and to give advice on preventing infections from occurring. This virus reportedly encrypts your files. That means, for example, that with a Microsoft Word document, if you can even open, it all you will see is garbled characters that won’t even resemble your document. You need a special software “key” that was used to encrypt it to be able to unencrypt it so it is readable information again. From some of what I have read, even if you pay the $300.00 for the “key” to decrypt it you don’t get it. And if you use software to remove the malware your files stay encrypted so they are useless to you. Some people reportedly removed the virus and when that didn’t unencrypt their files they sent the $300.00 to the attackers. The attackers, once they determines that the virus had been removed then demanded $1200.00 for the key to decrypt the files.

 

The company I work for is gathering information on ways to prevent this from infecting your computer. At least currently, once a computer has been infected there is nothing you can do to get your files back. Unless you really know what you are doing it is probably best to take your computer to a known expert to have your computer restored to an earlier point or to have Windows reinstalled.

 

If your computer hasn’t been infected my best suggestion would be to install Malwarebytes Pro. I am waiting for confirmation but according to one of the techs at work and as best I know at this point it will protect you from this attack. There are two versions of Malwarebytes. One is free and the other (Malwarebytes Pro) is $24.95. It is very good, highly recommended software anyway for protection against many types of threats. Even if you don’t get this infection, if you get a different one, not only will it potentially do damage to your computer but if you bring it to where I work we will charge you $99.99 to remove viruses that are removable (some places charge more). So it is cheap insurance. We recommend a good antivirus (particularly ESET) in conjunction with Malwarebytes. You can get both online (www.eset.com and www.malwarebytes.org ).

 

*************************************************************************************** 

 

No one in here is obligated to purchase anything or download it, check things out yourselves first and then make a sound decision. Perhaps some of you already have better protection on your cell phones apps, tablets, or computers. 

 

[trottigy]

I see Musky posted about this a few weeks back - in the General forum. http://jwtalk.net/forums/topic/12070-cryptolocker-warning/

 

But you posted it as a news item. It is fine here and it is a good reminder.

[Allabord4Jah]

I see Musky posted about this a few weeks back - in the General forum. http://jwtalk.net/forums/topic/12070-cryptolocker-warning/

 

But you posted it as a news item. It is fine here and it is a good reminder.

Oh, thank you very much.

[Allabord4Jah]

Update, had a dear brother download the Malwarebytes on my p.c.    Thank goodness it didn't find that ransom virus on it.  I also saved my files on Flash Drive.   Got 64GB at WalMart.   It was under $50.00.  Cheaper then getting a Backup harddrive! 

[Allabord4Jah]

Update, had a dear brother download the Malwarebytes on my p.c.    Thank goodness it didn't find that ransom virus on it.  I also saved my files on Flash Drive.   Got 64GB at WalMart.   It was under $50.00.  Cheaper then getting a Backup harddrive! 

The brother who helped me this evening, I purchased the Malwarebytes because he did some research on this virus, and the free download just won't cut it.  So now its on and I feel a little safer.  

[trottigy]

I wonder. Do you think they put it out there so ones would buy there protection?

I just cant bring myself to pay someone for trying to dupe me. I'll stick with not clicking links in emails and pay them nothing.

[Allabord4Jah]

My nephew's business was hit with this virus Friday.  His partner could not go into any of his folders, all his files were destroyed.  The loss of business $$$ was a lot.  My nephew went out (and he's got $$$) and purchased a backup hard drive for his computer at home and his one and only computer in his office.  The partner got the RED Virus block, with the yellow ransom time.  He is not paying them a dime.  And as for your statement, in a way I do agree, I was thinking about these programs are being sold to make money.  That is the case to me too, but I just couldn't take the chance, my nephew's business is only 10 minutes from where I live, and if his business got hit, those of us surrounding area "might" be too.  To each his own.