Announcement

**Spitz** · 07-06-2015, 07:24 PM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Originally posted by c_hegge View Post

I've been noticing that lately, I seem to be getting customers at work nearly every day with the cryptolocker (or the similar cryptowall) virus, and needless to say, most are less than impressed that there is nothing that can be done to recover their data. The pattern seem to have been a fake email claiming that they have had a speeding ticket. If you click on a link in it (supposedly to a photo of the car in question), it gives you the virus.

Has anyone else noticed an increase in this type of malware of late?

Not recently, it was worse the first of the year here.

**goontron** · 07-06-2015, 07:41 PM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

yes.

**retiredcaps** · 07-06-2015, 11:12 PM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Originally posted by c_hegge View Post

most are less than impressed that there is nothing that can be done to recover their data.

I read this a while back. Worth trying?

http://blogs.cisco.com/security/talos/teslacrypt

**diif** · 07-06-2015, 11:16 PM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Which antivirus are they using ?

Home users or corporate ?

**c_hegge** · 07-07-2015, 01:07 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

^
The last one I saw had no antivirus at all, but the majority of victims have free antivirus programs (usually either AVG or MS Security essentials). I haven't seen it with a corporate antivirus (or for a corporate user) as yet. On my file server, I have the group policy set to disallow .exe files from running within the AppData folder (which most ransomware does), so it should be impossible for it to get infected with it.

The malware itself isn't hard to remove (A scan with Malwarebytes has always done it). Getting the files back is another story, though. This latest variant (Cryptowall 3.0 - http://www.bleepingcomputer.com/viru...re-information). I'll give that tool a go next time I run into one, but not that hopeful, as it's for a completely different virus with a different form of encryption.

**stj** · 07-07-2015, 03:53 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

you know it's funny,
governments will spend millions to kill some camel rider in another country with a drone-launched 100,000$ missile for a twitter-post,
but they dont do shit about this type of thing.

is it "them" doing it?
if i had my way, viruses and mal-ware would be countered with deathsquads - not security software!!

**diif** · 07-07-2015, 04:14 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Thanks c_hegge, clicking on a link shouldn't mean automatic infection, is there something else going on ? Something not updated ? I know Flash is usually the weakness if Java isn't installed.
I've yet to have a call from my customers, so i guess the answer is not yet.
From the tests i've done in the past, MSE detected virus infected exes as they ran but didn't actually stop the file from running.

There is a program here that might be worth giving out to your customers. recommended Krebs as well as others. by https://www.foolishit.com/cryptoprev...re-prevention/

**diif** · 07-07-2015, 04:19 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Originally posted by stj View Post

you know it's funny,
governments will spend millions to kill some camel rider in another country with a drone-launched 100,000$ missile for a twitter-post,
but they dont do shit about this type of thing.

is it "them" doing it?
if i had my way, viruses and mal-ware would be countered with deathsquads - not security software!!

The problem is that the virus writers are not usually from the US but Eastern Block countries (Russia, Ukraine, etc.) and they are careful to not target users in their own countries.

There was recently the high profile arrest of the alleged Zeus Botmaster.

**stj** · 07-07-2015, 04:51 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

if you think someone like putin wouldnt have 20 military police beat the cap out of them and arrest them, your wrong.
i suspect they are simply not being hunted.
ofcourse ukraine is now a crimescene run my assorted filth that would probably simply take a percentage from such behaviour.
Mikhail Saakashvili the wanted criminal and previous leader of georgia now hiding in odessa for example.

**diif** · 07-07-2015, 04:59 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

They are attacking the West, not Russia etc, Putin has no interest in people not attacking his country or peoples. that is why they are not being hunted, they are not criminals in their own country.

Ukraine is not that bad. I have a customer who goes over regularly and is setting up a business there.

**c_hegge** · 07-07-2015, 06:10 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Originally posted by diif View Post

Thanks c_hegge, clicking on a link shouldn't mean automatic infection, is there something else going on ? Something not updated ? I know Flash is usually the weakness if Java isn't installed.
I've yet to have a call from my customers, so i guess the answer is not yet.
From the tests i've done in the past, MSE detected virus infected exes as they ran but didn't actually stop the file from running.

There is a program here that might be worth giving out to your customers. recommended Krebs as well as others. by https://www.foolishit.com/cryptoprev...re-prevention/

Yeah. I know about the cryptoprevent tool. It basically does the same thing as my local security policy fix on my file server (although it's better for Windows 7 Home Premium systems, as they don't have a Local Security Policy Editor)

I think that the infected email contains a link to a website where the users is told to enter a CAPTCHA and download a file. The user is told that the file is either an invoice or a photo or something along those lines, and they are fooled into downloading and opening it. I haven't personally had it, so I'm going by what customers tell me the last ting they did was, and the speeding fine email seems to be the most common story. There was even an article about it in the Sydney Morning Herald - http://www.smh.com.au/nsw/fake-speed...02-13sbxk.html

**stj** · 07-07-2015, 07:03 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Originally posted by diif View Post

They are attacking the West, not Russia etc, Putin has no interest in people not attacking his country or peoples. that is why they are not being hunted, they are not criminals in their own country.

Ukraine is not that bad. I have a customer who goes over regularly and is setting up a business there.

putin is inteested in stability and trust, russia is an emerging business hub - he does not want russia seen as the next nigeria/israel where scammers go untouched.

as for ukraine, i wouldnt go near the place, it's unstable and that's not good for any financial investment.
you have a government that took over with a coup and throws reporters out of windows,
right wing "nazi's" as they have been labeled who seem to be operating independantly of any other group,
western mercenary's,
freedom fighters / terrorists - depending on your view who want independance from the stuff i just listed,
the CIA have infested the kiev police headquarters, and nothing good ever followed them,
and NATO would be pretty happy to help the place get nuked if they could blame it on russia afterwards!!

not only would i NOT have anything to do with ukraine, i would avoid country's that border it too!!!

**JJR** · 07-07-2015, 07:37 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

I've only had one instance of Crypto** in the shop since the turn of the year as most of the good AVs now block it.

Virtually impossible to decrypt but if you are lucky you might be able to recover data from the shadow copies.

**diif** · 07-07-2015, 07:46 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Originally posted by stj View Post

putin is inteested in stability and trust, russia is an emerging business hub - he does not want russia seen as the next nigeria/israel where scammers go untouched.

as for ukraine, i wouldnt go near the place, it's unstable and that's not good for any financial investment.
you have a government that took over with a coup and throws reporters out of windows,
right wing "nazi's" as they have been labeled who seem to be operating independantly of any other group,
western mercenary's,
freedom fighters / terrorists - depending on your view who want independance from the stuff i just listed,
the CIA have infested the kiev police headquarters, and nothing good ever followed them,
and NATO would be pretty happy to help the place get nuked if they could blame it on russia afterwards!!

not only would i NOT have anything to do with ukraine, i would avoid country's that border it too!!!

Stability and trust ?! that's why the Ukranian border is shrinking.
They are going untouched because they are not attacking Russia.
There is plenty of good things going on in the Ukraine and the business my client is going into seems to be making plenty of money for his competitors.
If it was as bad as you claim i don't think he'd be visiting or setting up a business there.
There is a mafia presence same as in Russia but business practices and prices are adjusted accordingly.

I have no intention of visiting, there is no need as i am handling his website for him and i don't like flying.

**RJARRRPCGP** · 07-07-2015, 08:15 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

If some E-mails come with an embedded file with a photo file name extension that isn't a photo and instead malware, then it looks like Microsoft may not have learned from the Internet Explorer 6 era! (or shortly before)

Microsoft allegedly had an exploit where the malware file looks like a GIF, JPG or PNG and possibly receives malware as soon as you even read the E-mail.

**diif** · 07-07-2015, 11:16 AM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Originally posted by c_hegge View Post

Yeah. I know about the cryptoprevent tool. It basically does the same thing as my local security policy fix on my file server (although it's better for Windows 7 Home Premium systems, as they don't have a Local Security Policy Editor)

I think that the infected email contains a link to a website where the users is told to enter a CAPTCHA and download a file. The user is told that the file is either an invoice or a photo or something along those lines, and they are fooled into downloading and opening it. I haven't personally had it, so I'm going by what customers tell me the last ting they did was, and the speeding fine email seems to be the most common story. There was even an article about it in the Sydney Morning Herald - http://www.smh.com.au/nsw/fake-speed...02-13sbxk.html

Reminds me of a scam email one of the teachers received at my last school. Accused her of downloading copyrighted material. "I was that enraged as i've never downloaded anything illegal i clicked on the link" ....shortly followed by a call to us "my laptop is running funny". All the teachers had local admin rights. (Not my doing).

**RJARRRPCGP** · 07-07-2015, 01:54 PM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

Originally posted by diif View Post

Reminds me of a scam email one of the teachers received at my last school. Accused her of downloading copyrighted material. "I was that enraged as i've never downloaded anything illegal i clicked on the link" ....shortly followed by a call to us "my laptop is running funny". All the teachers had local admin rights. (Not my doing).

With my Yahoo E-mail account, I keep getting spam E-mails about a problem with my PayPal account.
IIRC, they're phishing E-mails.

**rhomanski** · 07-07-2015, 03:17 PM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

I used to get the Paypal emails. I just asked Paypal the first time and then forwarded the emails to them after that.

**Pentium4** · 07-10-2015, 05:38 PM

Re: Anyone noticed an outbreak of Cryptolocker malware lately?

I noticed a large surge of Crypto in November/December here on the west coast of the US. Right before Christmas I had 5 come in in one day. They seemed to slow down a lot after the new year. A few customers cried when they heard they couldn't get their data back.

Announcement

Anyone noticed an outbreak of Cryptolocker malware lately?

Anyone noticed an outbreak of Cryptolocker malware lately?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment