Jump to content
Chickens Dogs Cats Rabbits Guinea Pigs Hamsters and Gerbils Birds
kissinuk

Cryptolocker

By kissinuk, in The Nesting Box

Recommended Posts

kissinuk Frequent Layer

kissinuk

Posted
Posted (edited)

Just a quick warning to be very aware of Cryptolocker which is taking hold at a very high rate now. Basically it holds your data (photos, docs, music etc) to ransom by encrypting all the files. If affected you can request the decryption key... for around $300!

 

The only way to protect yourself is to back up any data you cannot afford to lose and then disconnect the backup device. If you backup to USB or network and leave it connected it can encrypt that too! It is generally spread by running attachments via email, but also via some websites.

 

There is something called Cryptoprevent which will help stop this incarnation, it's worth running as all it does is modify permissions so the malware cannot run (for now).

 

More info here: http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

 

Cryptoprevent can be downloaded here (free, just need to run it once): http://www.fooli"Ooops, word censored!".com/vb6-projects/cryptoprevent/ (Foolish IT, is a well respected IT site with an unfortunate domain name!)

Edited by Guest
Link to comment
Share on other sites
kissinuk Frequent Layer

kissinuk

Posted
  • Author
Posted (edited)

Foolish IT is a well established and legit website, with an unfortunate domain name!

 

Their URL was chosen as tongue in cheek originally. The download is perfectly safe and is also mentioned on the Bleepingcomputer link above (also well respected in the IT world).

 

If you're still not convinced then you can do the same as Cryptoprevent manually by following this advice (very complicated, so recommend you just use the download!). Taken from Bleeping Computer:

 

You can use the Windows Group or Local Policy Editor to create Software Restriction Policies that block executables from running when they are located in specific paths. For more information on how to configure Software Restriction Policies, please see these articles from MS:

 

http://support.microsoft.com/kb/310791

http://technet.microsoft.com/en-us/library/cc786941(v=ws.10).aspx

 

The file paths that have been used by this infection and its droppers are:

 

C:\Users\\AppData\Local\.exe (Vista/7/8)

C:\Users\\AppData\Local\.exe (Vista/7/8)

C:\Documents and Settings\\Application Data\.exe (XP)

C:\Documents and Settings\\Local Application Data\.exe (XP)

 

In order to block the CryptoLocker and Zbot infections you want to create Path Rules so that they are not allowed to execute. To create these Software Restriction Policies, you can either use the CryptoPrevent tool or add the policies manually. Both methods are described below.

 

...told you :wink:

Edited by Guest
Link to comment
Share on other sites
kissinuk Frequent Layer

kissinuk

Posted
  • Author
Posted
What does this virus affect? PCs? Tablets and phones? Are there any devices/systems more vulnerable than others (eg should you be more cautious if using Windows than Apple)?

 

Sorry should have made that clear, it only affects Windows (all versions inc 8.1).

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...