Announcement

Collapse
No announcement yet.

Warm up those backup drives - Dangerous New Malware Variant

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    Warm up those backup drives - Dangerous New Malware Variant

    Hey guys, I know I haven't been around much lately, but thought I'd keep you all in mind when this has come across at work. There's a nasty new malware/ransomware variant out which actually encrypts your documents as well as your network shares with 256bit AES encryption. This strain is called CryptoLocker

    Once your files have been encrypted, the only way to decrypt them lies with the key held by the attacker (pay $300 to them to support who-knows-what) or by restoring files from a backup following cleaning your system.

    http://blog.emsisoft.com/2013/09/10/...mware-variant/

    This is a pretty dangerous thing to hear about for anyone in the IT world, since it truly will make the weakest tech-savvy employee or family member of a group the most compromising. Particularly troubling in the network share instance, because it could be caused by any number of users and bring an entire business environment to a standstill. Also, people tend to store files on their computer's desktops/documents folders and those are not always backed up by businesses. Also, if you only have a single backup system you could potentially back up the encrypted files if you are not looking.

    Of course this one was released on this past September 11th. I don't doubt someone was just trying to be mischievous...

    Your thoughts?
    [SIGPIC][/SIGPIC]

    #2
    That's fine... all I have on my computer is porn and pictures I've stolen from the internet.

    Comment


      #3
      the key is is to find the ars holes that did this program and get them to dl somthing that shuts there cooling system down on there rig and melts there computer down ...Match and point

      Comment


        #4
        That's why my Windows Home Server now turns out to be an invaluable tool. I have nightly backups that I can use for a bare metal restore of the entire drive, losing no more than a day of work - a pittance when you are talking about full backups.

        Just boot to a Restore CD created by WHS, then point it to the image on the server. After 2-3 hours, the drive is now fully restored. I initially blanched at the $600 I paid for it, but its paid off having it working almost every year since I bought it. It now holds 4TB of data, and I have a 1TB backup of the individual users data as a redundancy external drive via eSATA enclosure.

        Malware ??? Pshhhh, come at me, bro ....
        Oh if a man tried to take his time on Earth and prove before he died what one man's life could be worth, well I wonder what would happen to this world ? - Harry Chapin

        Comment


          #5
          I have all my important files backed up over two hard drives and cloud storage. So bring it little hacker! I'll just reinstall my OS.

          Comment


            #6
            That's a pretty nasty creation. I hadn't heard of this one, but apparently it's not totally new. An earlier version demanded $100 and now it's $300. I'm happy that I'm not doing IT support work anymore. I've had to deal with the fake AV malware and that was enough of a pain. From reading, paying the ransom actually works, for now. Future copycats probably won't be as nice.
            --Slaughter

            Comment


              #7
              It's called 'ransomware' and has been around for a while, but has become much more prevalent in the last 6-12 months. That's why data backups in a filesystem your PC does not have direct control over all the time is so important.

              Comment


                #8
                Originally posted by Slaughter View Post
                Future copycats probably won't be as nice.
                These guys are thugs, but they want money. If they ever fail to decrypt the hostage drive, everybody will stop paying.

                Paying the ransom here is the same as paying terrorists to release hostages. It rewards bad people for being bad. I'd rather encourage good backups, but most consumer backup systems are connected as a visible drive. They are just as likely to be held for ransom. Since this ransomware only affects specific file types, perhaps backups can avoid the problem by using compression (changes the file type).

                Comment


                  #9
                  Originally posted by Qicmee View Post
                  These guys are thugs, but they want money. If they ever fail to decrypt the hostage drive, everybody will stop paying.

                  Paying the ransom here is the same as paying terrorists to release hostages. It rewards bad people for being bad. I'd rather encourage good backups, but most consumer backup systems are connected as a visible drive. They are just as likely to be held for ransom. Since this ransomware only affects specific file types, perhaps backups can avoid the problem by using compression (changes the file type).
                  Except they have to pay before the "chance" to decrypt the drive. Network shares are not limited to your PC, so the affects of just one machine can spread like a wildfire. Granted there was ransomware before, but this actually holds your data for ransom so you can't recover it (without backups). I've worked on some systems where everything is just hidden, but I can always select all files and unhinde them. Think of all of the grandmothers out there who just don't understand what they are doing. Computer illiterate people who do not have backups. People who have *Single* backups or backups that are performed automatically when there are changes to files (such as using company services such as Carbonite). Say goodbye to your data in those cases, because now you have encrypted backups!

                  Versioning is important
                  [SIGPIC][/SIGPIC]

                  Comment


                    #10
                    Yea... one thing I am safe from. I have nothing needed to back up.

                    Comment


                      #11
                      I know enough from 30+ years of programming and PC support to half way be able to protect my data. But this kind of malware/ransomware puts poor Joe & Jane Average totally in the crapper. The programming concept is ingenious. People will be hard pressed to find anyone who can really help them. Without the second key, well, it's a crapshoot.
                      --Slaughter

                      Comment

                      Cain's Lair Forums Statistics

                      Collapse

                      Topics: 26,182   Posts: 269,814   Members: 6,176   Active Members: 2
                      Welcome to our newest member, 28Farrell8.

                      Today's Birthdays

                      Collapse

                      There are no members with birthdays today.

                      Top Active Users

                      Collapse

                      There are no top active users.

                      More Posts

                      Collapse

                      • Reply to 6 years
                        by Apache Warrior
                        6 Mar 2024, 08:29 AM
                      • Reply to 6 years
                        by Sirex
                        I think there is like a magical time span when bikes become worth a fortune.

                        Yeah thought its now or never haha
                        Just hit 2.5K miles...
                        5 Mar 2024, 04:37 PM
                      • Reply to Hey Guys...It's BrundleFly
                        by Sirex
                        Hey Brundle nice to see your post I remember you very well hows thing with you.

                        Not a busy place here these days but its still up and occasionally...
                        5 Mar 2024, 04:34 PM
                      • Reply to Hell Let Loose
                        by Sirex
                        Hey nice to see you

                        Its not a busy place, least not as busy as it once was but you still get the odd message posted every few weeks...
                        5 Mar 2024, 04:31 PM
                      • Reply to I had Open Heart Surgery!!
                        by Sirex
                        Wow its amazing how well the body can cope with things it deams normal.

                        Hope your recovering well and back to full steam.

                        OH...
                        5 Mar 2024, 04:28 PM
                      Working...
                      X