Using bitcoins as a ransom to release your hijacked computer, often via a link to track a package -

http://boston.cbslocal.com/2013/12/18/cryptolocker-ransomware-being-described-as-the-perfect-crime/

yes this is a nasty bit of kit. Had encounters.

Recovery potential - 0% without paying.

I found a patch which battens down the vectors this thing uses. Seems to do the job. Just trying to remember what it is called.

Crypto prevent is the tool. Patch on link about half way down.
http://www.makeuseof.com/tag/cryptolocker-is-the-nastiest-malware-ever-heres-what-you-can-do/

I'm wondering if the AV companies have handle on this yet. When I was looking at it, it was still early days and they were not picking it up.

If anyone sees any kind of popup telling you to pay up you need to pull the plug on the PC immediately. It is probably too late by then but maybe you can limit the damage. The hard drive will need to go into a new PC or a drive caddy and your data moved from the infected disk to a new disk. Old disk = trash can. Rebuild PC operating system on new disk.

Cryptolocker is a real piece of work.

Uses an innocuous link to direct users to a website where the malware is hosted. Exploits a hole in the browser, downloads itself and starts encrypting profile data.

It uses AES-256 for the encryption algorithm, so unless you pay you'll never get your data back. I back up my data weekly in case of hard drive failure, but I would just wipe my drive and start over and restore it.

Another fly in the bitcoin ointment.

If you properly backup your files, it would only be a minor inconvenience if some piece of malware were to encrypt your local copies.

Backup often and in multiple places.

If you are concerned about having backups floating around, encrypt the files first with a password that you know.

Another fly in the bitcoin ointment.

Bitcoin is just a vehicle that is used to perpetuate the crime for financial gain. In the same respect, would you blame the gun for allowing a thug to hold up a gas station so that he could steal FRN's? :)

It's nothing more than a tool, and like all tools of human invention it cuts both ways.

If you properly backup your files, it would only be a minor inconvenience if some piece of malware were to encrypt your local copies.

Backup often and in multiple places.

If you are concerned about having backups floating around, encrypt the files first with a password that you know.

Sage advice. You cannot have enough backups and backups of backups. Where possible use multiple layers/backups for redundancy. Prevention is way better than any cure when dealing with stuff like this.

I have a main OS drive and everything is saved on a backup drive. Has proven beneficial since I started computing early '90s. I would like to get a new board so I can run multiple drives and backups. Now that I don't have any backup networked I feel quite vulnerable. Not sure how to approach this without jumpering an extra drive to backup my world.

I have a main OS drive and everything is saved on a backup drive. Has proven beneficial since I started computing early '90s. I would like to get a new board so I can run multiple drives and backups. Now that I don't have any backup networked I feel quite vulnerable. Not sure how to approach this without jumpering an extra drive to backup my world.

Just look into an inexpensive NAS (Network Attached Storage) device.
http://www.amazon.com/BUFFALO-LinkStation-Diskless-Enclosure-Performance/dp/B008DWAGPG/ref=sr_1_7?ie=UTF8&qid=1387500627&sr=8-7&keywords=NAS

I've had mine for about 5 years now. A drive failed in it once, but replaced the failed drive and it automatically started rebuilding the RAID array.

Just look into an inexpensive NAS (Network Attached Storage) device.
http://www.amazon.com/BUFFALO-LinkStation-Diskless-Enclosure-Performance/dp/B008DWAGPG/ref=sr_1_7?ie=UTF8&qid=1387500627&sr=8-7&keywords=NAS

I've had mine for about 5 years now. A drive failed in it once, but replaced the failed drive and it automatically started rebuilding the RAID array.

Okay, If I has a RAIR array and one drive caught this Cryptolocker, wouldn't all the drives become corrupt?

Okay, If I has a RAIR array and one drive caught this Cryptolocker, wouldn't all the drives become corrupt?

Crypto locker (at least currently) just targets your profile data. My Documents, Desktop, Favorites, Pictures, Video's etc. It isn't designed to encrypt external storage devices. You could also limit it with a simple Batch file.

Net use U: \\NAS_Storage\SharedFile
start C:\Program Files\BackupUtility\backup.exe
net use U: /delete
exit

That simple script is just a broad example of how you can run it as an automatic function of mapping the external storage, perform a predetermined backup operation. Once it completes disconnect the drive mapping so that the cryptolocker virus doesn't even see an external device.

Crypto locker (at least currently) just targets your profile data. My Documents, Desktop, Favorites, Pictures, Video's etc. It isn't designed to encrypt external storage devices. You could also limit it with a simple Batch file.

Net use U: \\NAS_Storage\SharedFile
start C:\Program Files\BackupUtility\backup.exe
net use U: /delete
exit

That simple script is just a broad example of how you can run it as an automatic function of mapping the external storage, perform a predetermined backup operation. Once it completes disconnect the drive mapping so that the cryptolocker virus doesn't even see an external device.

Cheese man! I am just not able to grasp this. I thought dos sucked and still do thats why I can't even program to mine. I'll take my chances.

net use u: = create a drive letter "U" that I can see in My Computer.


\\NAS_storage\

Is the name of the storage device. It could be a PC or a NAS (box with hard drives drives in it)

If might be the human friendly name of the device or it's IP Address (\\192.168.0.X\ or what ever sequence your network uses). Those vertical lines are supposed to be backslashes but they look odd on my view of this page.


SharedFile is the name of the file itself or the name of the folder you created for the files to be stored in e.g. SharedFolder.

That's the first part.

Second part does the copying process. Any number of backup programs. Robocopy works ok and is one type of backup tool. Looks complicated to command but it not.

3rd Part reverses the 1st part and disconnects the NAS from your computer and removes the U drive in the My Computer window so no one would see it when searching your PC.

Exit is because he saved all 4 lines into a text file which he called something like "Backup2U.bat" which when double clicked will execute those 4 lines of text commands. Exit kills the script process once complete.

= create a drive letter "U" that I can see in My Computer.



Is the name of the storage device. It could be a PC or a NAS (box with hard drives drives in it)

If might be the human friendly name of the device or it's IP Address (\\192.168.0.X\ or what ever sequence your network uses). Those vertical lines are supposed to be backslashes but they look odd on my view of this page.

is the name of the file itself or the name of the folder you created for the files to be stored in e.g. SharedFolder.

That's the first part.

Second part does the copying process. Any number of backup programs. Robocopy works ok and is one type of backup tool. Looks complicated to command but it not.

3rd Part reverses the 1st part and disconnects the NAS from your computer and removes the U drive in the My Computer window so no one would see it when searching your PC.

Exit is because he saved all 4 lines into a text file which he called something like "Backup2U.bat" which when double clicked will execute those 4 lines of text commands. Exit kills the script process once complete.

Thanks Glass, I had to step away from the computer for a little while so I didn't have a chance to explain my simple script.

I write automated scripts at work for repetitive simple task all the time. Usually using batch or Powershell, depends on what I'm wanting to do. But that's a pretty good detailed explanation of what that script is doing.

Robocopy is an awesome utility, I wrote a script at work for the help desk personal to automate the windows profile transfer. Even factors in whether it's Windows XP or Windows 7. I even have it perform a complete log to detail what files were copied.

Just a warning to everyone that there are new variants of this pest in the wild. I have come across a couple issues in the past 2 weeks. One of them was pretty serious and looks like it was a skin of the teeth escape from serious problems.

If you have installed anything that blocked the early versions of this Ransomware virus it would be a Good Idea! to update, refresh or reinstall with a newer version.

I have used CryptoPrevent and it seems to work ok. It does need occasional updating. The free version requires manual updating. If inclined to pay you can get a version that auto uptates. CryptoPrevent is made by an outfit called Foolish It.

https://www.foolishit.com/cryptoprevent-malware-prevention/

Of course, use anti virus, Free AVG or Free Avast are good for the cost conscious. Symantec and McAffee are not. McAffee is now widely considered to be a virus or virus like.

Running more than one Anti Virus on your PC can cause problems and allow infections to occur. In every instance where I have seen malware, adware or crypto infections there has been a regular Anti Virus as well as free scanners issued by Nortons and McAffee. I believe that when this occurs some kind of interference happens and PC's can get infected more easily.

When installing Java or similar updates, make sure to Uncheck the special offers which is usually a Virus scanner from some well known company. I also find Chrome to be particularly infectable for some reason. Nearly all infections coming in via javascript in Chrome.

Get Adblockplus.org for all your browsers.
Get malwarebytes.org to run from time to time for things your AV will not detect.
Pay attention when reading and opening emails.

My wi-fi router has 2 USB 3.0 ports on it. I put a speedy 64GB thumb drive in one of the USB ports, and this works very well as a backup drive for the PCs. They get backed up nightly to this thumb drive using a simple batch file.

If the house was on fire I would just grab the thumb drive and let the PCs burn.