kissinuk Posted January 2, 2014 Share Posted January 2, 2014 (edited) Just a quick warning to be very aware of Cryptolocker which is taking hold at a very high rate now. Basically it holds your data (photos, docs, music etc) to ransom by encrypting all the files. If affected you can request the decryption key... for around $300! The only way to protect yourself is to back up any data you cannot afford to lose and then disconnect the backup device. If you backup to USB or network and leave it connected it can encrypt that too! It is generally spread by running attachments via email, but also via some websites. There is something called Cryptoprevent which will help stop this incarnation, it's worth running as all it does is modify permissions so the malware cannot run (for now). More info here: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information Cryptoprevent can be downloaded here (free, just need to run it once): http://www.fooli"Ooops, word censored!".com/vb6-projects/cryptoprevent/ (Foolish IT, is a well respected IT site with an unfortunate domain name!) Edited January 2, 2014 by Guest Quote Link to comment Share on other sites More sharing options...
Grandmashazzie Posted January 2, 2014 Share Posted January 2, 2014 Mmmmm Kissinuk with all respect to you the web address of cryptoprevent doesn't fill me with confidence Quote Link to comment Share on other sites More sharing options...
kissinuk Posted January 2, 2014 Author Share Posted January 2, 2014 (edited) Foolish IT is a well established and legit website, with an unfortunate domain name! Their URL was chosen as tongue in cheek originally. The download is perfectly safe and is also mentioned on the Bleepingcomputer link above (also well respected in the IT world). If you're still not convinced then you can do the same as Cryptoprevent manually by following this advice (very complicated, so recommend you just use the download!). Taken from Bleeping Computer: You can use the Windows Group or Local Policy Editor to create Software Restriction Policies that block executables from running when they are located in specific paths. For more information on how to configure Software Restriction Policies, please see these articles from MS: http://support.microsoft.com/kb/310791 http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx The file paths that have been used by this infection and its droppers are: C:\Users\\AppData\Local\.exe (Vista/7/8) C:\Users\\AppData\Local\.exe (Vista/7/8) C:\Documents and Settings\\Application Data\.exe (XP) C:\Documents and Settings\\Local Application Data\.exe (XP) In order to block the CryptoLocker and Zbot infections you want to create Path Rules so that they are not allowed to execute. To create these Software Restriction Policies, you can either use the CryptoPrevent tool or add the policies manually. Both methods are described below. ...told you Edited January 3, 2014 by Guest Quote Link to comment Share on other sites More sharing options...
Lavenders_Blue Posted January 2, 2014 Share Posted January 2, 2014 What does this virus affect? PCs? Tablets and phones? Are there any devices/systems more vulnerable than others (eg should you be more cautious if using Windows than Apple)? Quote Link to comment Share on other sites More sharing options...
Grandmashazzie Posted January 2, 2014 Share Posted January 2, 2014 Sorry Kissanuk thank you for putting me right. Quote Link to comment Share on other sites More sharing options...
kissinuk Posted January 2, 2014 Author Share Posted January 2, 2014 What does this virus affect? PCs? Tablets and phones? Are there any devices/systems more vulnerable than others (eg should you be more cautious if using Windows than Apple)? Sorry should have made that clear, it only affects Windows (all versions inc 8.1). Quote Link to comment Share on other sites More sharing options...
Lavenders_Blue Posted January 2, 2014 Share Posted January 2, 2014 Thanks kissinuk, would that include a Windows phone then? (I have one!) Quote Link to comment Share on other sites More sharing options...
kissinuk Posted January 2, 2014 Author Share Posted January 2, 2014 Thanks kissinuk, would that include a Windows phone then? (I have one!) No, your phone will be safe . Can't believe people write stuff like this, apparently they have made a fortune from ransom money. It also made the BBC news site over Xmas: http://www.bbc.co.uk/news/technology-25506020 Quote Link to comment Share on other sites More sharing options...
Lavenders_Blue Posted January 3, 2014 Share Posted January 3, 2014 Thanks kissinuk, that's really helpful info and I will pass it on. Quote Link to comment Share on other sites More sharing options...
Ain't Nobody Here Posted January 3, 2014 Share Posted January 3, 2014 You've prompted me to do a backup of everything, thanks . Quote Link to comment Share on other sites More sharing options...
bluekarin Posted January 3, 2014 Share Posted January 3, 2014 My hubby had two emails before christmas supposedly from HMRC with some interesting looking zip files attached. He didn't open them as HMRC don't send out emails. When I told him of cryptoocker, he realised this was one way they could infect your machine. Quote Link to comment Share on other sites More sharing options...
Lewis Posted January 8, 2014 Share Posted January 8, 2014 Thanks for the heads up! Quote Link to comment Share on other sites More sharing options...
