Overclock.net › Forums › Industry News › Software News › [AR] You’re Infected—If You Want To See Your Data Again, Pay Us $300 in Bitcoins
New Posts  All Forums:Forum Nav:

[AR] You’re Infected—If You Want To See Your Data Again, Pay Us $300 in Bitcoins  

post #1 of 321
Thread Starter 
RUnKq7i.jpg

http://www.infosecurity-magazine.com/view/35045/cryptolocker-the-ransomware-theres-no-coming-back-from/
http://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/
Quote:
Once it has found a server that it can reach,the server generates a unique public-private key pair and sends the public key part back to the computer.
The malware offers to trade money for the private key to unlock the encrypted files. “It pops up a pay page, giving you a limited time, typically 100 hours, to buy back the private key for your data, typically for $300,” Ducklin said. Then a warning comes that the server will destroy the key after a time specified, meaning that the files will never be able to be recovered.

That's insanely smart. Once your files are encrypted, it's impossible to unlock them without that key.

The program has no backdoors or exploits. redface.gif
Edited by frickfrock999 - 10/18/13 at 7:41am
post #2 of 321
That's harsh.

Does it actually decrypt if you pay? Or does it just take your money and run?
post #3 of 321
Thread Starter 
Quote:
Originally Posted by mott555 View Post

That's harsh.

Does it actually decrypt if you pay? Or does it just take your money and run?

Yeah, it'll decrypt if you cough up the dough.
Quote:
Several also said they had paid the ransom and received a key that worked as promised. Full backup files belonging to Nic's clients were about a week old at the time that CryptoLocker first took hold of the network. Nic advised them to comply with the demand. The ransomware operators delivered a key, and about 24 hours later, some 400 gigabytes of data was restored.
post #4 of 321
Wow. this is pretty sleezy. although if there's a payment route then finding those responsible should be possible.

eitherway, this is yet another good reason why you should always back up your data.
Langour
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.7ghz MSI p67a-gd80 MSI N580GTX Lightning @ 960mhz Mushkin Ridgeback 8gb (2 x 4gb) 
Hard DrivePowerCase
WD blue caviar 1T; Mushkin Castillo SSD 60gb Corsair 850HX Corsair 600T Special Edition 
  hide details  
Langour
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.7ghz MSI p67a-gd80 MSI N580GTX Lightning @ 960mhz Mushkin Ridgeback 8gb (2 x 4gb) 
Hard DrivePowerCase
WD blue caviar 1T; Mushkin Castillo SSD 60gb Corsair 850HX Corsair 600T Special Edition 
  hide details  
post #5 of 321
Are there not breadcrumbs to eventually follow if it's linking back to servers, especially if payments are being processed and deposited? I mean sure it's probably encrypted and all but didn't it leak that NSA can break encryption?

Oh silly me, of course they won't use that for actual good. rolleyes.gif
Green Beast
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 3930k C2 @ 4.8ghz asrock x79 extreme6 GTX 780 Corsair Vengeance 16gb (4x4gb) 
Hard DriveHard DriveCoolingCooling
WD Eco Friendly 1tb Mushkin Enhanced Chronos 240gb SSD EK Supreme HF Plexi/Copper CPU Block Black Ice GT Stealth 280 Radiator 
CoolingCoolingMonitorKeyboard
XSPC X2O DC-750 - Dual 5.25" Reservoir Monsoon Free Center Compression Fittings - Matt... QNIX QX2710 1440p PLS 27" logitech g105 
PowerCaseMouseAudio
corsair hx1050 lian li lancool pc-k62 logitech g9x asrock gamebooster 
Other
Triton Ax Pros 
  hide details  
Green Beast
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 3930k C2 @ 4.8ghz asrock x79 extreme6 GTX 780 Corsair Vengeance 16gb (4x4gb) 
Hard DriveHard DriveCoolingCooling
WD Eco Friendly 1tb Mushkin Enhanced Chronos 240gb SSD EK Supreme HF Plexi/Copper CPU Block Black Ice GT Stealth 280 Radiator 
CoolingCoolingMonitorKeyboard
XSPC X2O DC-750 - Dual 5.25" Reservoir Monsoon Free Center Compression Fittings - Matt... QNIX QX2710 1440p PLS 27" logitech g105 
PowerCaseMouseAudio
corsair hx1050 lian li lancool pc-k62 logitech g9x asrock gamebooster 
Other
Triton Ax Pros 
  hide details  
post #6 of 321
That's pretty smart, but at the same time terribly scary.
The M Rig
(15 items)
 
  
CPUMotherboardGraphicsRAM
4670k z87 mpower gtx 760 evga Patriot viper 3 8gb 
Hard DriveHard DriveOptical DriveCooling
320GB Caviar SE16 WD3200AAKS 120gb Samsung Evo SSD LITE-ON DVDRW LH-20A1S Intel stock cpu cooler 
OSMonitorMonitorKeyboard
windows 8 64bit GW2765 syncmaster ex2220 HP 5187-7583 
PowerCaseMouse
evga 750b Corsair 450d Roccat Kone + 
  hide details  
The M Rig
(15 items)
 
  
CPUMotherboardGraphicsRAM
4670k z87 mpower gtx 760 evga Patriot viper 3 8gb 
Hard DriveHard DriveOptical DriveCooling
320GB Caviar SE16 WD3200AAKS 120gb Samsung Evo SSD LITE-ON DVDRW LH-20A1S Intel stock cpu cooler 
OSMonitorMonitorKeyboard
windows 8 64bit GW2765 syncmaster ex2220 HP 5187-7583 
PowerCaseMouse
evga 750b Corsair 450d Roccat Kone + 
  hide details  
post #7 of 321
If this were me, I'd wipe my drive and spend £100 on firewalls and equipment.
post #8 of 321
So the solution is don't store things in your documents folders? Doesn't seem like this targets networked servers, NAS bays, or secondary drives which is what most people around here are using.

Am I wrong here or does this somehow intelligently scan the network for storage? If so, that's pretty dang scary. I would definitely pay if it hit my servers.
Edited by Murlocke - 10/18/13 at 7:53am
The Leviathan
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 6700k @ 4.6GHz MSI Z170A Gaming M7 12GB NVIDIA Titan X (Pascal) 32GB G.Skill Ripjaws V (DDR4 3200) 
Hard DriveHard DriveCoolingCooling
2x 1TB Samsung 850 EVO 138TB unRAID Server 3x 140mm Noctua NF-A14 Noctua NH-D15 
OSMonitorKeyboardPower
Windows 10 Pro x64 65" LG 65E6P (4K OLED) Ducky DK9008 Shine 3  Corsair AX860 
CaseMouseAudioAudio
Corsair Obsidian 750D Logitech G502 Proteus Sprectrum Denon X7200WA (Receiver) 2x Klipsch RF-7 (Front Speakers) 
AudioAudioAudioAudio
4x Klipsch RS-62 (Surround Speakers) Klipsch RC-64 (Center Speaker) 4x Klipsch CDT-5800-C II (Atmos Speakers) 2x SVS PB13-Ultra (Subwoofers) 
  hide details  
The Leviathan
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 6700k @ 4.6GHz MSI Z170A Gaming M7 12GB NVIDIA Titan X (Pascal) 32GB G.Skill Ripjaws V (DDR4 3200) 
Hard DriveHard DriveCoolingCooling
2x 1TB Samsung 850 EVO 138TB unRAID Server 3x 140mm Noctua NF-A14 Noctua NH-D15 
OSMonitorKeyboardPower
Windows 10 Pro x64 65" LG 65E6P (4K OLED) Ducky DK9008 Shine 3  Corsair AX860 
CaseMouseAudioAudio
Corsair Obsidian 750D Logitech G502 Proteus Sprectrum Denon X7200WA (Receiver) 2x Klipsch RF-7 (Front Speakers) 
AudioAudioAudioAudio
4x Klipsch RS-62 (Surround Speakers) Klipsch RC-64 (Center Speaker) 4x Klipsch CDT-5800-C II (Atmos Speakers) 2x SVS PB13-Ultra (Subwoofers) 
  hide details  
post #9 of 321
Thread Starter 
Quote:
Originally Posted by Murlocke View Post

So the solution is don't store things in your documents folders? Doesn't seem like this targets networked servers, NAS bays, or secondary drives which is what most people around here are using.

I've never understood why people use the my documents folder. I've always found it completely useless...

No, it doesn't just infect My Documents. It can jump across network drives and encrypt anything.
Plus, infection isn't dependent on being a local admin.

By the time you see that pop up, it's already encrypted everything.
post #10 of 321
Quote:
Originally Posted by Murlocke View Post

So the solution is don't store things in your documents folders? Doesn't seem like this targets networked servers, NAS bays, or secondary drives which is what most people around here are using.

Am I wrong here or does this somehow intelligently scan the network for storage? If so, that's pretty dang scary. I would definitely pay if it hit my servers.

Maybe I misunderstood but is it only encrypting one single folder on the entire computer? That seems really limiting.
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
     
CPUGraphicsRAMHard Drive
Intel Core m3-6Y30 Intel HD515 8GB 1866DDR3L Micron M600 MTFDDAV256MBF M.2, 256 GB 
CoolingOSOSMonitor
Fanless Win10 Home x64 Kubuntu 16.04 (requires Linux kernel 4.5/4.6) 13.3 inch 16:9, 1920x1080 pixel, AU Optronics A... 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
This thread is locked  
Overclock.net › Forums › Industry News › Software News › [AR] You’re Infected—If You Want To See Your Data Again, Pay Us $300 in Bitcoins