Evila ransome ware

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

http://www.theregister.co.uk/2013/10/18/cryptolocker_ransmware/

Note that this malware will do its evil stuff over a network.

If you haven't already done so:
a) buy an external drive and copy all personal data to it. Then  
disconnect it, and connect it only for backing up new data.

b) If you haven't already done so, create a Windows Repair/reinstall  
disk (or USB flash drive), and keep it in a safe place.

c) Disconnect any external drives you are not using.

Sound paranoid? True. A healthy dose of paranoia never hurt anyone. ;-)

--  
Best,
Wolf K
kirkwood40.blogspot.ca

Re: Evila ransome ware

Wolf K has written on 10/21/2013 3:42 PM:
Quoted text here. Click to load it

I'd suggest using a backup program on all your data files.

Quoted text here. Click to load it

Also, make sure that you have either an up-to-date "total security"
package or separate
anti-virus and anti-malware programs, and that they are always running.


Re: Evila ransome ware

Wolf K has written on 10/21/2013 3:42 PM:
Quoted text here. Click to load it

The Internet!!

Re: Evila ransome ware

On Mon, 21 Oct 2013 16:43:12 -0400

Quoted text here. Click to load it

Mapped drives.

Re: Evila ransome ware

On 2013-10-21 5:41 PM, FromTheRafters wrote:
Quoted text here. Click to load it

Exactly. AFAIK, that includes any shared folders on any devices on home  
networks.

Truly evil.

--  
Best,
Wolf K
kirkwood40.blogspot.ca

Re: Evila ransome ware

Wolf K has written on 10/21/2013 7:51 PM:
Quoted text here. Click to load it

Are you all referring to this: "More recently, CryptoLocker has been
spreading as a secondary infection through the infamous ZeuS botnet."

Re: Evila ransome ware


Quoted text here. Click to load it


No. It means that this piece of crapware will not only encrypt files
on the local hard drive, it will also encrypt files on any files
shared from other systems, that the user has write access to.

Regards, Dave Hodgins

--  
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)

Re: Evila ransome ware

David W. Hodgins has written on 10/21/2013 10:35 PM:
Quoted text here. Click to load it

"CryptoLocker will then begin to scan all physical or mapped network
drives on your computer for files with the following extensions: *.odt,
*.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls,
*.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb,
*.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd,
*.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg,
*.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc,
*.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2,
*.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx,
*.p12, *.p7b, *.p7c. When it finds a files that matches one of these
types,it will encrypt the file using the public encryption key..."

Nasty!!

Re: Evila ransome ware

Per Juan Wei:
Quoted text here. Click to load it

No .AVI, .MPG, .M4V... and so-forth?  i.e. no media files?

Maybe too many of these type files would be so big that as to bog
CryptoLocker down?
--  
Pete Cresswell

Re: Evila ransome ware

On Tue, 22 Oct 2013 12:25:13 -0400

Quoted text here. Click to load it

I revisited that list to see if *.tib or *.mrimg were targeted. Perhaps
not included for the same reason that you suggest. Actually, it
wouldn't take much time to just corrupt them.

Site Timeline