Did You Know?



Reply
Community Leader
Jasper_The_Rasper
Posts: 1,094
Registered: ‎06-12-2013

Cryptolocker copycat ransomware emerges – but an antidote is possible

Hot on the tail of devilish Cryptolocker comes a copycat software nasty that holds victim's files to ransom – but the newcomer's encryption is potentially breakable, we're told.

Security startup IntelCrawler claims a "large-scale distribution" of the new so-called Locker malware began earlier this month.

Locker, once it has infected a PC, copies and encrypts a victim's documents, adding a ".perfect" extension, and then deletes the original data. The trojan also places a contact.txt file in each directory containing contact details of the malware author – usually a throwaway mobile phone number or an email address.

Victims are warned that if they harass or threaten the extortionist, the decryption key to unlock the files will be deleted, revealing the mindset of the scumbags behind the scam.

IntelCrawler contacted a crook listed in the contact file, and was told someone would have to pay up $150 to a Perfect Money or QIWI VISA Virtual Card number to receive the decryption key needed to restore the information on a Locker-infected machines.

In order to decrypt, you need to provide an identifying code written in the “contact.txt” file, as well as the hostname of the compromised computer.

 

Full Topic

 

Community Leader

Please use plain text.
Frequent Voice
GTR707
Posts: 159
Registered: ‎11-19-2013

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

Best defense is to have a backup plan. EVERY computer should be backed up daily or weekly. Use an external hard drive. Windows 7 & 8 have a great backup and disk imaging built in. You can also use a 3rd party backup and imgaing such as Easues Todo or Macrium Reflect. Both have free versions. Shadow Explorer and get your encrypted files back. 

Please use plain text.
Frequent Voice
JHLittleDogTech
Posts: 77
Registered: ‎11-24-2013

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

Yes to backups! But make sure after each backup you detattch your external as it will jump to any mapped drive

Justin Holst
Little Dog Tech
Associates Software Development/ Network Administration/ Cyber Security
Please use plain text.
TripleHelix
Posts: 5,383
Topics: 401
Kudos: 3,268
Ideas: 5
Registered: ‎02-03-2012

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

I agree to Back up files and such but if we had a poll in this Community I would think 99% of the users don't do it and I haven't found a good imaging software in which doesn't mess up my SSD's but that was a few years ago but I haven't tried any since but do back up important files weekly and is Ideal for me and if need be I do a clean install of the OS when required.

 

TH

coollogo_com-133794099.gif


asapvip.png   SigSVIP.png    Sr.Expert Advisor Jan 23 2014.png


Webroot® SecureAnywhere™ Internet Security Complete 2014 Beta Tester v8.0.4.70 on my main system Windows 7 Ultimate 64bit & on Win XP 32bit, Win Vista 32bit, Win 7 32bit, Win 8.1 Pro 32bit & 64bit all on VM's. 


MVP.gif.pngMicrosoft® MVP Consumer Security 2012/15


New to the Community? Register now and start posting!

Please use plain text.
Frequent Voice
GTR707
Posts: 159
Registered: ‎11-19-2013

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

[ Edited ]

There are tons of great free imaging software that works perfect. Yes most people do not backup there pc. Here is a list of free imgaing programs:

 

1. Windows Backup & Recovery

2. Macrium Reflect

3. Paragon

4. Aomei

5. Easeus Todo (My choice) 

 

One thing to keep in mind is that you MUST make a recovery cd with each one of these. When your pc will not boot due to malware or an OS error you can boot off the cd and mount your stored image. 

Please use plain text.
Baldrick
Posts: 1,825
Topics: 102
Kudos: 1,169
Ideas: 8
Registered: ‎02-03-2012

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

Hi Daniel

 

I use AX Time Machine (www.ax64.com).  I am sure that you have seen the thread over at WIlders.  It is undergoing some changes due to a merger with RealCopy...but I have ditched ATI in favour of this and so far it has not let me down.  It is simple & easy to use...you can do both 'cold', i.e., full from outside WIndows & 'hot', i.e., incrementals from iinside Windows, restores so infact acts as both a basic imager AND a rollback app.

 

If you have not yet checked it out then I would heartily recommend it (plus the developer, Isso, offer absolutely first rate support both via his web site and the Wilders thread).

 

Hope that is of use?

 

Regards

 

 

Baldrick

Expert Advisor


Webroot SecureAnywhere Complete 2014 Beta Tester v8.0.4.70...+ VoodooShield v1.30....working together as the NEW perfect combination!
Please use plain text.
Frequent Voice
GTR707
Posts: 159
Registered: ‎11-19-2013

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

Why spend $40 when I listed 5 FREE backup/imaging tools. Including Windows itself. Kinda like a paying for a defragger. 

Please use plain text.
Baldrick
Posts: 1,825
Topics: 102
Kudos: 1,169
Ideas: 8
Registered: ‎02-03-2012

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

With respect, based on that attitude, there would only be freeware and no paid software around.  The reason I have suggested it is because, the app IMHO is better than the freeware, and worth the money asked for by the developer. 

 

Also, none of the apps listed previously do what this one does...which as I said, is more than just plain imaging; it also does rollback, and I offered it up as an alternative.  I am not pushing it...in the same way that I do not push WSA. :smileywink:

Expert Advisor


Webroot SecureAnywhere Complete 2014 Beta Tester v8.0.4.70...+ VoodooShield v1.30....working together as the NEW perfect combination!
Please use plain text.
DavidP1970
Posts: 3,229
Kudos: 1,651
Registered: ‎10-28-2012

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

Admittedly there is a lot of decent freeware out there, but as Baldrick pointed out very often the paid verions have additional or enhanced features that can make the expense more than worth it.  The choice is up to the individual consumer, and which featureset will meet the specific needs.



      

New to the Community? Register now and start posting!



Helpful Webroot Links:


Download (PC)   Download (Best Buy Subscription)   Submit Trouble Ticket   Account Console   User Guides   



"If you don't learn something new every day, you need to pay more attention. I often get my daily learning here so grab a chair and stay a while!"
WSA-Complete (Beta Tester), Toshiba Satellite L305, Intel Pentium Dual CPU at 1.87 GHz, 3 GB RAM With Windows 7 (x86) (Yes its old.. but it still usually works! : )
Please use plain text.
Frequent Voice
GTR707
Posts: 159
Registered: ‎11-19-2013

Re: Cryptolocker copycat ransomware emerges – but an antidote is possible

[ Edited ]

Very true. But everything I listed can do anything a paid imaging software can do. Aoemi is a FULL featured free imaging tool with a PE recovery. Easeus Todo Free just lacks differential and a PE recovery. This is a great web site to visit. I use Easues Todo Backup Home which I got for FREE on Give-away-of-the-day. The notion that free software is inferior to paid software is absurd. 

 

http://www.techsupportalert.com/

 

Also keep in mind that free does not mean inferior. That's like saying avast Free or AVG Free have an inferior detection rate when compared to there paid counter parts. This is untrue. Lacking certain features yes. I believe in always telling people about free software. Just like using LibreOffice over Microsoft Office. Why spend $300 on Office when Libre is Free. I like to present my customers with free alternatives to everything. Money is tight for everyone now a days, including myself. WSA is the only software I have purchased and is well worth it. If Webroot offered a free version I would be using that instead. Thanks and have a great day.

Please use plain text.