Secunia CSI7
Advisories
Research
Forums
Create Profile
Our Commitment
PSI
PSI API
CSI
OSI
xSI
Vulnerabilities
Programs
Open Discussions
My Threads
Create Thread
Statistics
About

Forum Thread: Cryptollocker - for what it's worth

You are currently viewing a forum thread in the Secunia Community Forum. Please note that opinions expressed here are not of Secunia but solely reflect those of the user who wrote it.

This thread was submitted in the following forum:
Open Discussions

This thread has been marked as resolved.
taffy078 Cryptollocker - for what it's worth
Contributor 21st Nov, 2013 18:03
Ranking: 408
Posts: 1,335
User Since: 26th Feb, 2009
System Score: 100%
Location: UK
This was mentioned in a thread a few weeks ago - blasted ransomware.

Now there's been a major development - the National Crime Agemcy has issued a new alert:

http://www.nationalcrimeagency.gov.uk/

The virus is likely to present as an email which will give the impression that it has been sent from a bank or some other financial institution. The email will contain attachments that may look like invoice details or suspicious transaction notifications.
‘Cryptolocker’ works by encrypting the user’s files on the infected machine and the local network it is attached to. Once encrypted, the computer will display a splash screen with a count- down timer and a demand for payment for the decryption key.



--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003

Post "RE: Cryptollocker - for what it's worth" has been selected as an answer.
mogs RE: Cryptollocker - for what it's worth
Expert Contributor 22nd Nov, 2013 21:06
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
Last edited on 22nd Nov, 2013 21:07
November 22nd, 2013, 14:39 GMT · By Eduard Kovacs
Decrypting Files Encrypted by CryptoLocker Now Costs 0.5 Bitcoins

The cybercriminals behind the CryptoLocker ransomware have lowered the price of decryption to 0.5 Bitcoins. That doesn’t mean they want less money, but with the recent increase in the price of Bitcoins, they had to adapt the amount they were asking for.

Researchers from F-Secure noticed the change in a variant of CryptoLocker that was making the rounds on November 20. Initially, the cybercriminals were asking for 2 Bitcoins to have the files decrypted.

Victims who refuse to pay the ransom in 72 hours can still get their files back by accessing the Decryption Service provided by the cybercriminals. However, it costs much more than it does if the payment is made within 72 hours.

Authorities in the United Kingdom reported that millions of people have already received the emails that distribute CryptoLocker.

In the US, at least one organization, the Swansea Police Department, has agreed to pay the ransom in order to recover its files.

Earlier this month, researchers from Bitdefender reverse engineered the domain generation algorithm used by CryptoLocker and sinkholed several domains. Between October 27 and November 1, a total of over 12,000 computers were infected, most of which from the US.

“Cryptolocker servers are changed very often – it is rare that a command and control server remains online for more than a week. During the monitored period, command and control servers were located in Russia, Germany, Kazakhstan and the Ukraine – but this is simply an indication of the controllers’ predilection for constant ‘server-hopping’,” researchers noted.

Bitdefender has released a small tool called Bitdefender Anti-CryptoLocker that’s designed to protect computers against CryptoLocker infections. You can download Bitdefender Anti-CryptoLocker from Softpedia.

Many antivirus solutions should be able to block CryptoLocker before it can encrypt files. However, experts say that the best way to protect yourself against the threat is to make sure you don’t click on suspicious links, and make regular backups of your most important files.

http://news.softpedia.com/news/Decrypting-Files-En...

--
Was this reply relevant?
+0
-0
mogs RE: Cryptollocker - for what it's worth
Expert Contributor 23rd Nov, 2013 13:17
Score: 2265
Posts: 6,266
User Since: 22nd Apr 2009
System Score: 100%
Location: UK
CryptoLocker gang casts tentacles into botnet crime world
By Ellen Messmer | Network World US | 22 November 13

The cyber-gang running the CryptoLocker extortion racket is sharing a big cut of any payments they squeeze out of their victims with criminal botnet owners working closely with them, says Symantec, which has been monitoring this underworld activity online.

The CryptoLocker gang, believed to be mainly Russian-speaking, created the malware that makes use of strong encryption to lock up the victim's electronic files until the victim pays a ransom, which typically starts at least $150 to get the key to unlock their scrambled files. The gang itself is paying criminal botnet owners operating vast command-and-control systems of compromised computers to distribute CryptoLocker as a dangerous attachment in spam, says Liam O'Murchu, manager of security response operations at Symantec. In addition to spam distribution, which relies on the victim opening the malware-laden attachment to spread CryptoLocker, the gang is willing to pay a botnet owner as much as 75% of any extortion money they can get from victims if the botnet owner directly drops CryptoLocker onto a compromised machine it already controls.

Doing that basically scores a direct hit for CryptoLocker but can be counted as a loss of a compromised computer for botnet owners, hence the willingness to share such a high percentage of the monetary gain netted from any victim, O'Murchu says. "They're making a lot of money," and victims are expected to pay in Bitcoin or MoneyPak.

More to read at :-
http://www.pcadvisor.co.uk/news/security/3490723/c...



--
Was this reply relevant?
+0
-0
taffy078 RE: Cryptolocker - for what it's worth
Contributor 25th Nov, 2013 09:06
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
There's a very interesting (imho!) take here:

http://techtalk.pcpitstop.com/2013/11/15/cryptoloc...

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Maurice Joyce RE: Cryptollocker - for what it's worth
Handling Contributor 25th Nov, 2013 09:56
Score: 11718
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
All the details a home users requires on this issue is here.

http://www.bleepingcomputer.com/virus-removal/cryp...

Having read the article just install & set up CryptoPrevent & forget about it. CryptoPrevent is totally free but there is an option to pay $15 for full automation of updates & email alerts.

Direct link to CryptoPrevent is here which tells you how this programme works:
http://www.foolishit.com/vb6-projects/cryptopreven...

Headline grabbing magazines/comic articles are pure hype(scare ware)&, as normal, give no practical user advice or help.

--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+8
-0
taffy078 RE: Cryptollocker - for what it's worth
Contributor 27th Nov, 2013 08:38
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
Last edited on 27th Nov, 2013 08:38
Thank you Maurice.

By the way it was the National Crime Agency that started the ball rolling this time - perhaps you should forward them your links?

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Maurice Joyce RE: Cryptollocker - for what it's worth
Handling Contributor 27th Nov, 2013 11:05
Score: 11718
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Not exactly sure what you mean.

This strain of Ramsomware was discovered in September 2013. It started to "bite" UK users in late October. The NCA rightly issued a general alert to UK users on 15th November which is two months after discovery.

http://www.nationalcrimeagency.gov.uk/news/256-ale...

The NCA do offer good general cyber advice here http://www.nationalcrimeagency.gov.uk/crime-threat...

but are not involved in the "nitty gritty" fixes for individual or corporate users. The NCA remit is here

http://www.nationalcrimeagency.gov.uk/about-us/wha... which they appear to be following in relation to this crime.

Hope this helps.







--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+0
-0
taffy078 RE: Cryptollocker - for what it's worth
Contributor 28th Nov, 2013 13:40
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
simply making the point, Maurice, that I got my heads-up not from a magazine but from a major employer in this area which was pointing people to the NCA alert.

The NCA alert is excellent but I thought that they could do with adding your links to their general advice.

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0
Maurice Joyce RE: Cryptollocker - for what it's worth
Handling Contributor 28th Nov, 2013 14:42
Score: 11718
Posts: 8,956
User Since: 4th Jan 2009
System Score: N/A
Location: UK
Good point but as stated they are not really interested in that sort of information.

If you want better "heads up" on security matters I recommend Brian Krebs. He not only warns users of this sort of thing but is actively involved in getting to the facts & allows questions on all his information.

Link here:

http://krebsonsecurity.com/

This problem is here with some user comments at the bottom:

http://krebsonsecurity.com/2013/11/how-to-avoid-cr...


--
Maurice

Windows 7 SP1 64 Bit OS
HP Intel Pentium i7
IE 11 for Windows 7 SP1
16GB RAM
Was this reply relevant?
+2
-0
taffy078 RE: Cryptollocker - for what it's worth
Contributor 28th Nov, 2013 17:52
Score: 408
Posts: 1,335
User Since: 26th Feb 2009
System Score: 100%
Location: UK
thanks you, MAurice

--
taffy078, West Yorkshire, UK

Desktop: Compaq Presario (OEM) 32 bit / AMD Athlon / 2 GB RAM
XP Home - SP3/ IE8/ Norton IS - Secunia PSI v2.0.0.3003

Laptop: Win 7 / IE11 / PSI v2.0.0.3003
Was this reply relevant?
+0
-0

This thread has been marked as locked.


 Products Solutions Customers Partner Resources Company
 
 Corporate
Vulnerability Intelligence Manager (VIM)
Corporate Software Inspector (CSI)
Consumer
Personal Software Inspector (PSI)
Online Software Inspector (OSI)
 Industry
Compliance
Technology
Integration
 Customers
Testimonials
 VARS
MSSP
Technology Partners
References
 Reports
Webinars
Events
 About us
Careers
Memberships
Newsroom


 
© 2002-2014 Secunia ApS - Rued Langgaards Vej 8, 4th floor, DK-2300 Copenhagen, Denmark - +45 7020 5144
Terms & Conditions and Copyright - Privacy - Report Vulnerability