Jump to content
michael.jenkin

New version of Cryptolocker Malware is here :(

Recommended Posts

A new flavour of Cryptolocker came out 29/5/2014. It locks down the victims files and the person in charge wants $1000 USD to give the files back.

I know that everyone here is cautious and suspicious of emails, attachments and links. Think about your friends and family whom are not so savvy.

 

Do yourself and them and bring them up to speed about the dangers of the internet.

 

Here is the latest information I have gathered http://blogs.msmvps.com/mickyj/blog/2014/0...w-and-improved/

 

Something a little more formal that I wrote on the original version http://www.crn.com.au/Feature/364753,uncra...yptolocker.aspx

 

Here is a link to a Cryptolocker prevention kit http://msmvps.com/blogs/bradley/archive/20...ention-kit.aspx

 

be safe out there !

Edited by michael.jenkin

Share this post


Link to post
Share on other sites

I assume its an executable they have to run? Not just a malicious js script embedded onto pages or something; right?

Read your page; right :)

 

Man sometimes the genious of people amazes me. I mean, encryption can be so quick and so effective.

In a country where the law seems to take a back seat, thats just pure evil genious.

 

 

If I had the money, I'd pay the western union staff to 'follow' my transaction, and hold the connector till I got there.

Russias corrupt right? I can pay people to help me do this? :P

Edited by Master_Scythe

Share this post


Link to post
Share on other sites

I assume its an executable they have to run? Not just a malicious js script embedded onto pages or something; right?

Read your page; right :)

 

Man sometimes the genious of people amazes me. I mean, encryption can be so quick and so effective.

In a country where the law seems to take a back seat, thats just pure evil genious.

 

 

If I had the money, I'd pay the western union staff to 'follow' my transaction, and hold the connector till I got there.

Russias corrupt right? I can pay people to help me do this? :P

I wish I had the money to fly to the Ukraine to work out where this person was. I would have a few words for them

Share this post


Link to post
Share on other sites

Im at the point in my life where I'm ready to do random trips to wherever, before i settle.

If you can find out for sure, I'll go say hi. lol.

 

I think I admire the pure boldness of the individual.

"Hi, you have my virus, money please!"

No scam, no 'fancy words', just, "you're infected, pay me"

Share this post


Link to post
Share on other sites

Im at the point in my life where I'm ready to do random trips to wherever, before i settle.

If you can find out for sure, I'll go say hi. lol.

 

I think I admire the pure boldness of the individual.

"Hi, you have my virus, money please!"

No scam, no 'fancy words', just, "you're infected, pay me"

This bit got me

"2. Can you make a discount?

Unfortunately, no."

 

What's unfortunate ? Is that your cost price to do the work and unlock everything? there is nothing unfortunte about it

Share this post


Link to post
Share on other sites

You might know;

Did anyone ever find out what NewFolder.exe\Nehatquanglan.exe\isi32.exe payload was?

 

It was that one that copied itself to every folder on your system, with the same name as that folder.

It ran from an autorun on a USB.

 

It spread really well, never did find a payload for it though. and all the antivirus websites just tell you where it copies to, and registry keys. Never what 'damage it might do'.

 

 

EDIT:

seems people these days have managed to track down its 'parent' virus.

http://www.microsoft.com/security/portal/t...in32/Iddono.1_4

 

So its a DDoS botnet back door..... strange... it never did request network access though the firewall. maybe its 100% passive and just 'listens'. if it cant listen, it just... waits....

Edited by Master_Scythe

Share this post


Link to post
Share on other sites

You might know;

Did anyone ever find out what NewFolder.exe\Nehatquanglan.exe\isi32.exe payload was?

 

It was that one that copied itself to every folder on your system, with the same name as that folder.

It ran from an autorun on a USB.

 

It spread really well, never did find a payload for it though. and all the antivirus websites just tell you where it copies to, and registry keys. Never what 'damage it might do'.

 

 

EDIT:

seems people these days have managed to track down its 'parent' virus.

http://www.microsoft.com/security/portal/t...in32/Iddono.1_4

 

So its a DDoS botnet back door..... strange... it never did request network access though the firewall. maybe its 100% passive and just 'listens'. if it cant listen, it just... waits....

:) Yeah, I recall this one. I had a few clients get this one. Cryptolocker seems to be the current nasty in the wild.

 

Oh give me the days of the keypress and Junkie virus :)

Share this post


Link to post
Share on other sites

If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me" ???

Share this post


Link to post
Share on other sites

If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me" ???

 

Nice necromancy there, happyy. ;) But welcome aboard, anyway!

 

As to ^that: Ransomware is having its 15 minutes of fame, atm, with appearances in popular tv shows and as the central theme of Neal Stephenson's recent book REAMDE (yes, the title is misspelled). It's a damn stupid idea, like all ransoms - the crim has to lead you right to his door in order to take the money.

Share this post


Link to post
Share on other sites

If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me" ???

 

Yep, for sure.

Welcome!

 

I really do like the boldness, yes.

It would be even better if it was a 'legit install' in the fine print of a EULA no one reads.

  • Like 1

Share this post


Link to post
Share on other sites

 

If you can find out for sure, I'll go say hi. lol. I think I admire the pure boldness of the individual. "Hi, you have my virus, money please!" No scam, no 'fancy words', just, "you're infected, pay me" ???

 

Nice necromancy there, happyy. ;) But welcome aboard, anyway!

 

As to ^that: Ransomware is having its 15 minutes of fame, atm, with appearances in popular tv shows and as the central theme of Neal Stephenson's recent book REAMDE (yes, the title is misspelled). It's a damn stupid idea, like all ransoms - the crim has to lead you right to his door in order to take the money.

 

 

They are using anonymous payment systems and forcing people to use a tor browser to keep the location of everything a secret. It seems fairly well setup... right up to the point where noone seems to get their files anymore so we just tell people they have lost them and not to pay the bastards and hope they have up to date back ups. If you don't have up to date backups then you'd be no better off if this was a hdd that crashed.

Share this post


Link to post
Share on other sites

Seems to be really effective against Cryptolocker <link made gonski> Personally did'nt try but I was told by collegue that it was good.

Edited by Chaos.Lady
removed advertising link

Share this post


Link to post
Share on other sites

I've been using CryptoPrevent with success. It needs to be set to maximum protection though for it to be worthwhile.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×