Jump to content


Photo

New version of Cryptolocker Malware is here :(


  • Please log in to reply
13 replies to this topic

#1 michael.jenkin

michael.jenkin

    Master

  • Atomican
  • 872 posts
  • Location:Adelaide

Posted 04 June 2014 - 11:33 PM

A new flavour of Cryptolocker came out 29/5/2014. It locks down the victims files and the person in charge wants $1000 USD to give the files back.
I know that everyone here is cautious and suspicious of emails, attachments and links. Think about your friends and family whom are not so savvy.

Do yourself and them and bring them up to speed about the dangers of the internet.

Here is the latest information I have gathered http://blogs.msmvps....w-and-improved/

Something a little more formal that I wrote on the original version http://www.crn.com.a...yptolocker.aspx

Here is a link to a Cryptolocker prevention kit http://msmvps.com/bl...ention-kit.aspx

be safe out there !

Edited by michael.jenkin, 04 June 2014 - 11:35 PM.

Michael Jenkin (Mickyj) www.mickyj.com (Community website) *5 times Microsoft MVP award winner, Winner SMB150 2012, 2013 *Previously MacWorld Australia, CRN, ARN contributer *APAC Chairman GITCA (Global IT Community Association) *Managing Director - Business Technology Partners Microsoft Small Business Specialist (Back when it meant something)

#2 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,170 posts
  • Location:QLD

Posted 05 June 2014 - 10:06 AM

I assume its an executable they have to run? Not just a malicious js script embedded onto pages or something; right? Read your page; right :) Man sometimes the genious of people amazes me. I mean, encryption can be so quick and so effective. In a country where the law seems to take a back seat, thats just pure evil genious. If I had the money, I'd pay the western union staff to 'follow' my transaction, and hold the connector till I got there. Russias corrupt right? I can pay people to help me do this? :P

Edited by Master_Scythe, 05 June 2014 - 10:13 AM.

Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#3 michael.jenkin

michael.jenkin

    Master

  • Atomican
  • 872 posts
  • Location:Adelaide

Posted 05 June 2014 - 11:14 AM

I assume its an executable they have to run? Not just a malicious js script embedded onto pages or something; right?
Read your page; right :)

Man sometimes the genious of people amazes me. I mean, encryption can be so quick and so effective.
In a country where the law seems to take a back seat, thats just pure evil genious.


If I had the money, I'd pay the western union staff to 'follow' my transaction, and hold the connector till I got there.
Russias corrupt right? I can pay people to help me do this? :P


I wish I had the money to fly to the Ukraine to work out where this person was. I would have a few words for them
Michael Jenkin (Mickyj) www.mickyj.com (Community website) *5 times Microsoft MVP award winner, Winner SMB150 2012, 2013 *Previously MacWorld Australia, CRN, ARN contributer *APAC Chairman GITCA (Global IT Community Association) *Managing Director - Business Technology Partners Microsoft Small Business Specialist (Back when it meant something)

#4 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,170 posts
  • Location:QLD

Posted 05 June 2014 - 11:28 AM

Im at the point in my life where I'm ready to do random trips to wherever, before i settle. If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me"

Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#5 michael.jenkin

michael.jenkin

    Master

  • Atomican
  • 872 posts
  • Location:Adelaide

Posted 05 June 2014 - 06:04 PM

Im at the point in my life where I'm ready to do random trips to wherever, before i settle.
If you can find out for sure, I'll go say hi. lol.

I think I admire the pure boldness of the individual.
"Hi, you have my virus, money please!"
No scam, no 'fancy words', just, "you're infected, pay me"


This bit got me
"2. Can you make a discount?
Unfortunately, no."

What's unfortunate ? Is that your cost price to do the work and unlock everything? there is nothing unfortunte about it
Michael Jenkin (Mickyj) www.mickyj.com (Community website) *5 times Microsoft MVP award winner, Winner SMB150 2012, 2013 *Previously MacWorld Australia, CRN, ARN contributer *APAC Chairman GITCA (Global IT Community Association) *Managing Director - Business Technology Partners Microsoft Small Business Specialist (Back when it meant something)

#6 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,170 posts
  • Location:QLD

Posted 06 June 2014 - 10:38 AM

You might know;
Did anyone ever find out what NewFolder.exe\Nehatquanglan.exe\isi32.exe payload was?

It was that one that copied itself to every folder on your system, with the same name as that folder.
It ran from an autorun on a USB.

It spread really well, never did find a payload for it though. and all the antivirus websites just tell you where it copies to, and registry keys. Never what 'damage it might do'.


EDIT:
seems people these days have managed to track down its 'parent' virus.
http://www.microsoft...in32/Iddono.1_4

So its a DDoS botnet back door..... strange... it never did request network access though the firewall. maybe its 100% passive and just 'listens'. if it cant listen, it just... waits....

Edited by Master_Scythe, 06 June 2014 - 10:43 AM.

Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#7 michael.jenkin

michael.jenkin

    Master

  • Atomican
  • 872 posts
  • Location:Adelaide

Posted 06 June 2014 - 07:40 PM

You might know;
Did anyone ever find out what NewFolder.exe\Nehatquanglan.exe\isi32.exe payload was?

It was that one that copied itself to every folder on your system, with the same name as that folder.
It ran from an autorun on a USB.

It spread really well, never did find a payload for it though. and all the antivirus websites just tell you where it copies to, and registry keys. Never what 'damage it might do'.


EDIT:
seems people these days have managed to track down its 'parent' virus.
http://www.microsoft...in32/Iddono.1_4

So its a DDoS botnet back door..... strange... it never did request network access though the firewall. maybe its 100% passive and just 'listens'. if it cant listen, it just... waits....


:) Yeah, I recall this one. I had a few clients get this one. Cryptolocker seems to be the current nasty in the wild.

Oh give me the days of the keypress and Junkie virus :)
Michael Jenkin (Mickyj) www.mickyj.com (Community website) *5 times Microsoft MVP award winner, Winner SMB150 2012, 2013 *Previously MacWorld Australia, CRN, ARN contributer *APAC Chairman GITCA (Global IT Community Association) *Managing Director - Business Technology Partners Microsoft Small Business Specialist (Back when it meant something)

#8 happyy

happyy

    Serf

  • Lurker
  • 1 posts

Posted 07 February 2015 - 05:42 PM

If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me" ???


GuL


#9 Cybes

Cybes

    Titan

  • Atomican
  • 18,054 posts
  • Location:Where I am

Posted 07 February 2015 - 07:00 PM

If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me" ???

 

Nice necromancy there, happyy. ;)  But welcome aboard, anyway!

 

As to ^that: Ransomware is having its 15 minutes of fame, atm, with appearances in popular tv shows and as the central theme of Neal Stephenson's recent book REAMDE (yes, the title is misspelled).  It's a damn stupid idea, like all ransoms - the crim has to lead you right to his door in order to take the money.


"Reality does not care what you think." - Dr Richard Feynman
"There is no "I" in team." - "True.  I will not be found in any team."


#10 Master_Scythe

Master_Scythe

    Titan

  • Hero
  • 20,170 posts
  • Location:QLD

Posted 08 February 2015 - 10:22 AM

If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me" ???

 

Yep, for sure.

Welcome!

 

I really do like the boldness, yes.

It would be even better if it was a 'legit install' in the fine print of a EULA no one reads.


Wherever you go in life, watch out for Scythe, the tackling IT support guy.

"I don't care what race you are, not one f*cking bit, if you want to be seen as a good people, you go in there and you f*ck up the people who (unofficially) represent you in a negative light!"


#11 fliptopia

fliptopia

    Champion

  • Hero
  • 5,447 posts

Posted 04 June 2015 - 12:53 PM

 

If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me" ???

 

Nice necromancy there, happyy. ;)  But welcome aboard, anyway!

 

As to ^that: Ransomware is having its 15 minutes of fame, atm, with appearances in popular tv shows and as the central theme of Neal Stephenson's recent book REAMDE (yes, the title is misspelled).  It's a damn stupid idea, like all ransoms - the crim has to lead you right to his door in order to take the money.

 

 

They are using anonymous payment systems and forcing people to use a tor browser to keep the location of everything a secret. It seems fairly well setup... right up to the point where noone seems to get their files anymore so we just tell people they have lost them and not to pay the bastards and hope they have up to date back ups. If you don't have up to date backups then you'd be no better off if this was a hdd that crashed.



#12 Sapfirus

Sapfirus

    Serf

  • Lurker
  • 1 posts

Posted 07 February 2016 - 09:02 PM

Seems to be really effective against Cryptolocker <link made gonski>  Personally did'nt try but I was told by collegue that it was good.


Edited by Chaos.Lady, 08 February 2016 - 06:03 AM.
removed advertising link


#13 Rybags

Rybags

    Immortal

  • Super Hero
  • 35,058 posts

Posted 07 February 2016 - 09:11 PM

Sounds almost as dodgy as the virus itself to me.



#14 orcone

orcone

    Champion

  • Atomican
  • 7,615 posts

Posted 09 February 2016 - 10:37 AM

I've been using CryptoPrevent with success. It needs to be set to maximum protection though for it to be worthwhile.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users