12-15-2013 02:50 AM - edited 12-15-2013 03:11 AM
Microsoft's prediction: Ransomware like Cryptolocker will hit harder in 2014
My (explanoit's) take:
In a post to Microsoft's Security Blog on December 11th, Microsoft makes it clear it thinks ransomware is a big deal. It's on a list of 8 major predictions their top security employees have for the coming year 2014. Cryptolocker has already shown the incredible danger this threat poses to users and businesses in one of the most interesting developments of 2013. Ransomware has always had a place, but the implementation of well architectured cryptography and Bitcoin as a minimally traceable way to extract funds makes ignoring it now impossible.
Personally, I have heard from PC repair shop and IT support businesses saying they have had many customers devastated by Cryptolocker. In addition, someone I have spoken who work closely with large corporations and the government regarding cybercrime says that officials are serious about this surging class of threat.
Combining resurgent ransomware and the abandonment of fixing Windows XP security bugs makes for a very dangerous environment for anyone left behind. Do not be that person. If you are not running at least Windows Vista you are in danger come August 2014.
Business Products Sr. Community Leader and Expert Advisor - WSA-Enterprise and WSAWSS administrator of 1700+ computers
First company to 1000+ WSA endpoints | Power User / Business Ambassador / WSA-C and WSA-E Beta tester
Find me on Twitter!
12-15-2013 07:09 AM
I believe it. Especially around the holidays with so many people ordering stuff online. One email version of Cryptoplocker pretends to be an invoice from Amazon.com or some other large retailer, with the invoice enclosed of an order that is supposedly about to be dispatched.
Of course, the "invoice" is an .exe file. You know the rest!
12-17-2013 03:37 AM
Great information .....and sadly many many many will ignore! I did not know Bitcoin had involvment, but I know now. Correct me if I am wrong; I just last week read from another forum that Microsoft would suspend support for XP in April 2014 and he (a community leader) said to be specific.....08 April 2014. So, I will be waiting to get our response and thank you for all the great posts. I feel educated when I find one of your in-depth posts.
12-17-2013 04:08 AM
We have implemented group policy restrictions. Takes care of it all. Also using OpenDNS provides great protection. HitmanPro.Alert now with CryptoGaurd is great along with CrytoPrevent.
But the best defense is to have ALL you data backed up onto an external HDD or the cloud. Shadow Explorer can get your files back once encypted but its time consuming.
12-17-2013 04:17 AM
Shadow Copy cant recover the files if the VSS has been disabled by the infection (which most of the new variants do). Pretty much all the variants of Crypto will change local versions of files which are then uploaded to the cloud backups so that isnt the best way to keep yourself safe either.
12-17-2013 06:09 AM - edited 12-17-2013 06:11 AM
I am not worried about my local cloud files. I can still go into my Google Drive via the web and get everything back. But that is also why I backup to my external HDD twice a week. Google drive files are encrypted. Here is a great tutorial featuring Shadow Explorer.
Using something like HitmanPro.Alert or CryptoPrevent is a great means of hardening your system for FREE.
06-24-2014 04:06 PM
The following is a update on Cryptolocker
Time’s up! CryptoLocker ransomware is back in business
By Wayne Williams Posted on 24 June 2014
CryptoLocker recently had something of a setback when law enforcement agencies managed to seize control of servers running it and the GameOver Zeus botnet. Britain's National Crime Agency (NCA) declared this would give computer users a unique two week opportunity to secure their systems, which seemed a rather precise claim.
It turns out that prediction wasn’t too far off the mark. Three weeks after that warning, and CryptoLocker is indeed making its return, this time as a standalone threat. The new strain does not rely on 2048-bit RSA encryption nor need a Command and Control server to work
betanews/ full read here/ http://betanews.com/2014/06/24/times-up-cryptolock