Cryptolocker Randsomeware
 

Article:
https://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

I never heard of this stuff before today when I went to pick up some ink from my computer guy.

Per his instructions I went to Costco and picked up a one terabyte USB back up drive for $64.00 (on sale till the fourth of this month).

Key to using the back up is opening up some files first to make sure they are not encrypted. If they are and you back up, you contaminate and encrypt your back up copies, which is a bad thing.

Maybe you cloud guys don't wory so much, was also told about copy.com.

Tell me what you know, I'm still learing about this. I cannot afford to lose all my data by encryption.

I was told that if you pay the randsome, they don't unlock you anyway.

Beware of phony FedEx and UPS tracking emails, that is how they first got around.

Really? People are still falling for fake UPS tracking emails? I realize not everyone is computer savvy, but to a large degree, if you're gullible enough to click on an attachment from an email that wasn't expected, you kind of deserve what's coming to you.

I posted a thread on this last month.

I have dropbox and copy.com accounts and for a variety of reasons prefer copy.

No one deserves it.

And they are getting trickier about it all the time.

Copy.com is much more generous with capacity as I understand it.

In this day and age, if you run a business and are not smart enough to protect your data (or hire someone to do it for you), you shouldn't be running a business.

I was using CD's but got behind when things got busy.

Years ago zip drives were the standard, that takes me back.

Look into Data at Rest encryption software. It's not at all difficult to use, and provides an additional layer of security.

The storage battle swings like a pendulum, today dropbox is more generous on the paid / higher tier accounts but tomorrow that may change again.

Copy has a better interface, much more user friendly.

If you are like me and have multiple email accounts used for/with different clients you can aggregate them all under one copy account. Drop requires you to have a separate email per drop account which for me means constantly logging out as A and logging back in B, C, D or E.

In terms of sharing data with others copy wins hands down.

with drop if you share 6 GB of data it takes 6 gb from your allocation as well as 6 gb from each person you share with. So if you shard with 2 people that's 18 gb.

With copy it's split by number of people sharing so each of those 3 from above only get hit with 2 gb each.

While that will protect your data from being stolen, I doubt it will protect against cryptolocker, and that system will simply encrypt the password encrypted file a second time. Kinda like zipping a zipped file a second time.

Nasty bugs these cyber criminals are coming up with these days...

-Z

I refuse to give these criminals anything... Another reason to back up your data and be diligent!

There's a young idiot at work that actually paid the ransom. They sent him the key and it worked but I have heard it often doesn't or it's never received.
All he had to do was back up his data at least once a week to avoid this.

And I've seen it encrypt network files... A lady at work just ignored the issue until our security guys flagged her LT because of what was happening on the servers.
They had to do a full restore to fix the damage. All of her data was lost. (over 10 years worth because she never did a back up, ever)

So why can't they find the people that write this stuff? Surely the payment leaves a trail.

Last I heard, they had the code for this and were able to unlock the locked files. Is that not the case?

No, they are up to version 3.0 no unlock, restore backup or pay ransom

Why do you people put up with Windows?

Cryptolocker Randsomeware
 

'Zactly.

I use a Mac and I have a Linux box that is standalone (local LAN only, no internet connection) where I keep the stuff I really care about. I also use time machine every few days. Have never, ever had an issue except for a stolen CC# (used to buy plane tickets in Russia) a few years ago - that was due to the CC company getting hacked (not me) and they didn't charge me when I contested it - the company offered a new card, I told them to keep it, closed my account and went on with life. It was a few years ago so I suspect they only got the CC# (if they'd gotten anything more I imagine it would have turned into nasty business by now, this was maybe 5-6 years ago). Thankfully I didn't (and don't) store my payment info. or it's possible they might've been able to go after my bank account.

Lesson: don't EVER store your payment information on anyone else's site or server and don't enroll in "auto pay" programs (since those necessarily keep your payment information on their servers, out of your control). Most companies now outsource their payment and data processing and the level of protection given to customer data in places like India or Bangladesh or Mexico or Vietnam won't be nearly as good as what's typically employed in the US (mostly due to liability concerns).

Another way to do it (if you're hell-bent on the "convenience" of auto-pay or saving your CC# info on other peoples' sites so you don't have to enter it every month) is to use a card with a very low limit or a debit card that you only transfer funds into to cover payments right before they post each month (although that might be as much or more work than simply manually entering the payment data in the first place unless you automate those transfers themselves I suppose...)

Or just have fewer accounts, fewer things to pay and worry about and live happier. :)

The biggest data crooks out there aren't Russian hackers anyway - they're big corporations with names like Google, Microsoft, Facebook, Verizon and Yahoo.

Private browsing, cookie blocking, Little Snitch and similar tools are your friend. If they want your data make it very difficult / expensive for them to get it, and make sure that even if they do, it's of little or no value as a profile. THAT is your best (really"only") protection against the Big Data crooks.

Huh? Can you clarify?

if you realise that not everyone is that computer savvy then you wouldnt have finished your sentence, what a stupid stupid thing to say.

I clicked on this thread as an elderly neighbour has just been hit by this and looks like he is going to loose a lot of valuable photos, I'm pretty sure he doesnt deserve it.

They are looking for 500 dollars to decrypt is it worth the risk as his files are irreplaceable - digital photos of family etc.?

A rash of ransomware hit body shops badly about two years ago. These are small, independent businesses who have very little knowledge of IT, but need computers to do their work. (They mostly use turnkey systems designed for body shops.) Most of them paid the ransoms (typically around $300) so that they could go on with their businesses.

The way copy.com allocates storage vs dropbox is more equitable.

dropbox counts the data once for each person you share with.

6 gb in my account.

I share it with you it now counts as 6 gb against your account and 6 gb against mine.

I share it with kach it now counts as 6 gb against his account and 6 gb against your account and 6 gb against mine.

Whether physical or just a matter of accounting the original 6 gb now represents 18 gb to the 3 of us.



With copy.com

6 gb in my account.

I share it with you it now counts as 3 gb against your account and 3 gb against mine.

I share it with kach it now counts as 2 gb against his account and 2 gb against your account and 2 gb against mine.

Whether physical or just a matter of accounting the original 6 gb still represents only 6 gb to the 3 of us.



dropbox counts the full amount of shared data against each account participating in a share

copy divides the full amount of shared data amongst each account participating in a share

Your neighbor is lucky he did not have a hard drive crash. Billions more photos are lost from hard drive failures than anything else. Ransom ware is just another preventable cause of loss of data. I have multiple backups and I still get lazy and have data at risk. It is a constant chore to keep everything backed up.

FYI: the Seagate backup software sucks, I left it running for hours, all night in fact and it did not take.

Called my computer guy, he's going to set me up with something which is user friendly (for idiots like me).

I poked around and the Seagate backup plus "Slim" USB unit stopped loading at six percent, no display for this, you have to stop it (was unresponsive) and click then around.

I'm in the IT Security field and we get hit with at least 10 incidents of this each month. The best thing to do is have an offline backup process. I plug my external drive in to the PC only when i know I have additional files to back-up. I also use BackBlaze as my cloud based back-up provider. This is my just in case plan that my external drive doesn't work, burns up, or gets chucked across the room in frustration.

The only thing I do is back up my external drive, never any OS files or any temp downloaded internet files. If i get infected with anything I do not want that to take over my external drive.

I must have my multiple credit cards stored on over a 100 sites. Seriously. Not. One. Problem.

Its been a few years since one of my cards was stolen and I had to have a replacement sent. I also check my online banking/credit cards/etc. from airports, hotels, train stations, etc. Never had an issue.

Livin' life on the edge :)

Glad it's working out okay for you but I actually think that IS living life on the edge a bit. If you know anyone that's ever had an identity theft experience (I do) it isn't the least bit funny or a joking matter. It can turn life into a VERY inconvenient hell where the burden of proof is on you to prove it (you're "guilty until proven innocent" always) for everything and is very expensive both in terms of time and money - and you can have new problems pop up for months / years after you think it's all fixed and has finally been buried.

Just be careful is my advice. A little bit of paranoia goes a long way.

UPDATE:

I got the Seagate software to work, the default is "continuous", I set it to "snapshot" and all is good.

It would have taken me a week of on again, off again saving to CD's to get similar results. This way was just a few hours, not a bad deal if I can access it when I need to.

Still have to figure that part out.

Windows has a pretty good file back up built in. Look into File History. I've used it for years and never has an issue retrieving a previous version of a file.

Even if your own data is already encrypted the malware if it gets in can encrypt it again. Twice baked potato!

Anyway, best of luck. It's bad stuff to get caught up in.

If your mac gets infected by ransom ware, and you have a time machine backup on an external drive, can you Restore from the last unencrypted snapshot, or does the ransom ware encrypt the time machine external drive too?

You have to assume ransomware or any other malicious stuff is going to affect every mounted drive.

Or was the question will it affect the back up drive when you bring it online for a restore?

Ideally you would wipe the infected drive before a restore.

AH HA... Some good news! I still have a client Laptop in storage that's infected. I'll give this a go.

2 hours, tops, and all of the existing viruses will be re-coded around this decryption tool is my guess.

Not to mention that I've found most "anti-virus" software installs just as much crap as it takes off.

The decryption is not the tough part.

The key is the killer.

Article say s they found a cache of keys so anyone locked with the known crop is happy.

People who get hit with the next wave using unknown keys won't be happy.

I have a Synology Disk Station at home connected to the router. I back up to the Disk Station thinking that if my PC get locked, I'll be able to get my data off the Disk Station. Is my Disk Station at risk of being locked at the same time as my PC? PC is windows 7 and the Disk Station is Linux.

If the Linux share is always mounted under Windows I would be cautious.

Put another way, assume it's vulnerable.

Guessing you would wipe your mac first - boot your mac from CD / USB stick with the latest OS (Assuming you made a bootable USB stick if your mac does not have a CD drive - if not, you should while you have a functioning mac). You'd go to the supplied HD tools and wipe the drive thoroughly, and reinstall the OS on an clean drive.

Only then connect the good backup drive and restore from time machine.... I keep an offsite time machine backup at a family member's house (and vice versa) in case of a fire...not just hackers.... Every couple months we rotate the drives (cheap, as mentioned before). Can't afford to lose all my kids pictures, banking history, etc....

In terms of security of your info though, it's kinda moot now that pretty much everyone's employer/bank/insurance co/shopping destination has been hacked and most people's social are "out there". Your best bet outside of safe computing practices is to lock/freeze your credit, reduce your # of credit cars to make tracking easier, and regularly monitor your credit history - also sign up with IRS for a fraud prevention Pin.. Sad consequence of everything being online now...

Unless I missed something, I don't believe there have been any successful ransomware attacks on Macs reported...

Is there a USB cable with a built in switch? I have an external hard drive for backing up only... but it's always connected. Short of plugging/unplugging the cable, is there a way to make sure the drive is disconnected and safe from infection?

If your backup kicks off at the same time all the time you can roll a script to mount the drive before the designated time then unmount it when finished.

Time the average amount of time a back up takes then set the unmount timer for longer.

You and your personal responsibility.
This is 2015, no one takes responsibility for their actions any more, it's always someone else's fault!!!

In the movie The Magnificent Seven, which BTW was the best movie EVAR, Steve McQueens's character said the following:

I've only had one credit card stolen, by an employee at mid america or whatever that company is called now, but it was a PITA to get straightened out.
And that purchase was made over the phone, not via 'puter.



da da .... da da da da.......... best theme song evar too.

http://forums.pelicanparts.com/uploa...1429207695.jpg