Overclock.net › Forums › Industry News › Software News › [AR] You’re Infected—If You Want To See Your Data Again, Pay Us $300 in Bitcoins
New Posts  All Forums:Forum Nav:

[AR] You’re Infected—If You Want To See Your Data Again, Pay Us $300 in Bitcoins

post #1 of 321
Thread Starter 
RUnKq7i.jpg

http://www.infosecurity-magazine.com/view/35045/cryptolocker-the-ransomware-theres-no-coming-back-from/
http://arstechnica.com/security/2013/10/youre-infected-if-you-want-to-see-your-data-again-pay-us-300-in-bitcoins/
Quote:
Once it has found a server that it can reach,the server generates a unique public-private key pair and sends the public key part back to the computer.
The malware offers to trade money for the private key to unlock the encrypted files. “It pops up a pay page, giving you a limited time, typically 100 hours, to buy back the private key for your data, typically for $300,” Ducklin said. Then a warning comes that the server will destroy the key after a time specified, meaning that the files will never be able to be recovered.

That's insanely smart. Once your files are encrypted, it's impossible to unlock them without that key.

The program has no backdoors or exploits. redface.gif
Edited by frickfrock999 - 10/18/13 at 7:41am
post #2 of 321
That's harsh.

Does it actually decrypt if you pay? Or does it just take your money and run?
post #3 of 321
Thread Starter 
Quote:
Originally Posted by mott555 View Post

That's harsh.

Does it actually decrypt if you pay? Or does it just take your money and run?

Yeah, it'll decrypt if you cough up the dough.
Quote:
Several also said they had paid the ransom and received a key that worked as promised. Full backup files belonging to Nic's clients were about a week old at the time that CryptoLocker first took hold of the network. Nic advised them to comply with the demand. The ransomware operators delivered a key, and about 24 hours later, some 400 gigabytes of data was restored.
post #4 of 321
Wow. this is pretty sleezy. although if there's a payment route then finding those responsible should be possible.

eitherway, this is yet another good reason why you should always back up your data.
Langour
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.7ghz MSI p67a-gd80 MSI N580GTX Lightning @ 960mhz Mushkin Ridgeback 8gb (2 x 4gb) 
Hard DrivePowerCase
WD blue caviar 1T; Mushkin Castillo SSD 60gb Corsair 850HX Corsair 600T Special Edition 
  hide details  
Reply
Langour
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 2500k @ 4.7ghz MSI p67a-gd80 MSI N580GTX Lightning @ 960mhz Mushkin Ridgeback 8gb (2 x 4gb) 
Hard DrivePowerCase
WD blue caviar 1T; Mushkin Castillo SSD 60gb Corsair 850HX Corsair 600T Special Edition 
  hide details  
Reply
post #5 of 321
Are there not breadcrumbs to eventually follow if it's linking back to servers, especially if payments are being processed and deposited? I mean sure it's probably encrypted and all but didn't it leak that NSA can break encryption?

Oh silly me, of course they won't use that for actual good. rolleyes.gif
Green Beast
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 3930k C2 @ 4.8ghz asrock x79 extreme6 GTX 780 Corsair Vengeance 16gb (4x4gb) 
Hard DriveHard DriveCoolingCooling
WD Eco Friendly 1tb Mushkin Enhanced Chronos 240gb SSD EK Supreme HF Plexi/Copper CPU Block Black Ice GT Stealth 280 Radiator 
CoolingCoolingMonitorKeyboard
XSPC X2O DC-750 - Dual 5.25" Reservoir Monsoon Free Center Compression Fittings - Matt... QNIX QX2710 1440p PLS 27" logitech g105 
PowerCaseMouseAudio
corsair hx1050 lian li lancool pc-k62 logitech g9x asrock gamebooster 
Other
Triton Ax Pros 
  hide details  
Reply
Green Beast
(17 items)
 
  
CPUMotherboardGraphicsRAM
i7 3930k C2 @ 4.8ghz asrock x79 extreme6 GTX 780 Corsair Vengeance 16gb (4x4gb) 
Hard DriveHard DriveCoolingCooling
WD Eco Friendly 1tb Mushkin Enhanced Chronos 240gb SSD EK Supreme HF Plexi/Copper CPU Block Black Ice GT Stealth 280 Radiator 
CoolingCoolingMonitorKeyboard
XSPC X2O DC-750 - Dual 5.25" Reservoir Monsoon Free Center Compression Fittings - Matt... QNIX QX2710 1440p PLS 27" logitech g105 
PowerCaseMouseAudio
corsair hx1050 lian li lancool pc-k62 logitech g9x asrock gamebooster 
Other
Triton Ax Pros 
  hide details  
Reply
post #6 of 321
That's pretty smart, but at the same time terribly scary.
The M Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
4670k z87 mpower gtx 760 evga Patriot viper 3 8gb 
Hard DriveHard DriveOptical DriveCooling
320GB Caviar SE16 WD3200AAKS 120gb Samsung Evo SSD LITE-ON DVDRW LH-20A1S Intel stock cpu cooler 
OSMonitorKeyboardPower
windows 8 64bit ViewSonic VA2431wm HP 5187-7583 evga 750b 
Mouse
Roccat Kone + 
  hide details  
Reply
The M Rig
(13 items)
 
  
CPUMotherboardGraphicsRAM
4670k z87 mpower gtx 760 evga Patriot viper 3 8gb 
Hard DriveHard DriveOptical DriveCooling
320GB Caviar SE16 WD3200AAKS 120gb Samsung Evo SSD LITE-ON DVDRW LH-20A1S Intel stock cpu cooler 
OSMonitorKeyboardPower
windows 8 64bit ViewSonic VA2431wm HP 5187-7583 evga 750b 
Mouse
Roccat Kone + 
  hide details  
Reply
post #7 of 321
If this were me, I'd wipe my drive and spend £100 on firewalls and equipment.
post #8 of 321
So the solution is don't store things in your documents folders? Doesn't seem like this targets networked servers, NAS bays, or secondary drives which is what most people around here are using.

Am I wrong here or does this somehow intelligently scan the network for storage? If so, that's pretty dang scary. I would definitely pay if it hit my servers.
Edited by Murlocke - 10/18/13 at 7:53am
The Leviathan
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 3770k (4.5GHz) ASUS P8Z77-V Deluxe 3GB GTX 780 Ti Superclocked 16GB G.Skill Sniper (DDR3 1866) 
Hard DriveOptical DriveCoolingCooling
2x 1TB Samsung EVO LG WH12LS39 3x 120mm Noiseblocker PL-2  Noctua NH-D14 
OSMonitorKeyboardPower
Windows 8.1 Pro x64 34" LG 34UM95 Ducky DK9008 Shine 3  Corsair AX1200 
CaseMouseMouse PadAudio
Corsair Carbide 500R Logitech G700 SteelPad S&S Solo Denon 4311CI (Receiver) 
AudioAudioAudioAudio
2x Klipsch RF-7 (Front Speakers) 4x Klipsch RS-52 (Surround Speakers) Klipsch RC-64 (Center Speaker) 2x SVS PB13-Ultra (Subwoofer) 
  hide details  
Reply
The Leviathan
(20 items)
 
  
CPUMotherboardGraphicsRAM
Intel i7 3770k (4.5GHz) ASUS P8Z77-V Deluxe 3GB GTX 780 Ti Superclocked 16GB G.Skill Sniper (DDR3 1866) 
Hard DriveOptical DriveCoolingCooling
2x 1TB Samsung EVO LG WH12LS39 3x 120mm Noiseblocker PL-2  Noctua NH-D14 
OSMonitorKeyboardPower
Windows 8.1 Pro x64 34" LG 34UM95 Ducky DK9008 Shine 3  Corsair AX1200 
CaseMouseMouse PadAudio
Corsair Carbide 500R Logitech G700 SteelPad S&S Solo Denon 4311CI (Receiver) 
AudioAudioAudioAudio
2x Klipsch RF-7 (Front Speakers) 4x Klipsch RS-52 (Surround Speakers) Klipsch RC-64 (Center Speaker) 2x SVS PB13-Ultra (Subwoofer) 
  hide details  
Reply
post #9 of 321
Thread Starter 
Quote:
Originally Posted by Murlocke View Post

So the solution is don't store things in your documents folders? Doesn't seem like this targets networked servers, NAS bays, or secondary drives which is what most people around here are using.

I've never understood why people use the my documents folder. I've always found it completely useless...

No, it doesn't just infect My Documents. It can jump across network drives and encrypt anything.
Plus, infection isn't dependent on being a local admin.

By the time you see that pop up, it's already encrypted everything.
post #10 of 321
Quote:
Originally Posted by Murlocke View Post

So the solution is don't store things in your documents folders? Doesn't seem like this targets networked servers, NAS bays, or secondary drives which is what most people around here are using.

Am I wrong here or does this somehow intelligently scan the network for storage? If so, that's pretty dang scary. I would definitely pay if it hit my servers.

Maybe I misunderstood but is it only encrypting one single folder on the entire computer? That seems really limiting.
     
CPUGraphicsRAMHard Drive
Core i3 2370M Intel HD3000M Elpida 4GB DDR3 1333 Toshiba 5400RPM 
Optical DriveOSOSOS
Generic DVDRW Kubuntu x64bit Win7 Home Premium 64bit Bodhi Linux 64bit 
Case
Acer Aspire TimelineX 4830T 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
     
CPUGraphicsRAMHard Drive
Core i3 2370M Intel HD3000M Elpida 4GB DDR3 1333 Toshiba 5400RPM 
Optical DriveOSOSOS
Generic DVDRW Kubuntu x64bit Win7 Home Premium 64bit Bodhi Linux 64bit 
Case
Acer Aspire TimelineX 4830T 
CPUMotherboardGraphicsRAM
AthlonIIX4 640 3.62GHz (250x14.5) 2.5GHz NB Asus M4A785TD-M EVO MSI GTX275 (Stock 666) 8GBs of GSkill 1600 
RAMHard DriveHard DriveHard Drive
4GBs of Adata 1333 Kingston HyperX 3k 120GB WD Caviar Black 500GB Hitachi Deskstar 1TB 
Optical DriveCoolingOSOS
LG 8X BDR (WHL08S20) Cooler Master Hyper 212+ Kubuntu x64 Windows 7 x64 
OSMonitorPowerCase
Bodhi Linux x64 Acer G215H (1920x1080) Seasonic 520 HAF912 
CPUMotherboardGraphicsRAM
N450 1.8GHz AC and 1.66GHz batt ASUS proprietary for 1001P GMA3150 (can play bluray now!?) 1GB DDR2 
Hard DriveOptical DriveOSOS
160GB LGLHDLBDRE32X Bodhi Linux Fedora LXDE 
OSOSMonitorKeyboard
Kubuntu SLAX 1280x600 + Dell 15inch Excellent! 
PowerCase
6 cells=6-12hrs and a charger 1001P MU17 Black 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Software News
Overclock.net › Forums › Industry News › Software News › [AR] You’re Infected—If You Want To See Your Data Again, Pay Us $300 in Bitcoins