Welcome, Guest. Please login or register.

Author Topic: Ransomware virus.  (Read 2733 times)

0 Members and 1 Guest are viewing this topic.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8232
    • www.lscg.net
Ransomware virus.
« on: November 22, 2013, 08:27:56 AM »
The following is from my ISP;

All CVACS clients,

We've started running into a perticularly ugly Ransomware virus.  This virus propogates as a ZIP file attachment to a seemingly innocuous e-mail appearing to have been sent by a legitimate company, or is uploaded to a computer already recruited to a botnet by a previous Trojan infection.  The purpose of this virus is to ecrypt "personal" files on your local machine and to mapped drives.  It only encrypts data files with certain extensions, including Microsoft Office, OpenDocument, other documents, pictures, and AutoCAD files.  After it's finished encrypting your files, it displays a message informing the user that files have been encrypted and demands a payment of $300.  The payment must be made within 72 or 100 hours, or the key for the encryption is deleted from their server, and there's no hope of recovering your files.  This is real, and removing the program doesn't restore your ability to view your files.  The only way to decrypt the files is to pay them, and some infected users claim that they pay the attackers but their files were not decrypted.

I'd like to strongly encourage our clients to perform backups.  There are a couple of recommendations we'd like to make:

Take a full image backup of your system.  This will ensure that if your system is infected, you can restore your PC to the point where the backup was made.  A good program to use is RedoBackup. This program is free. You just download it to your computer, burn it to a disk, and boot your PC with it.  You just backup your PC to an external drive or jump drive.  You can even set it up to boot from the drive you intend to back it up to.  If you'd like our help, please give us a call or shoot us an e-mail to @@@@@@.com.  We'll just need to know how much space you're using on your hard drive, and we'll be able to tell you what size drive you'll need, and can assist you in purchasing or even performing the backups for you.  We don't want cost to be a factor, so we'll provide our services at $25/PC plus the cost of a jump drive or external hard drive, depending on the size of your data.

If you'd like a more automatic solution, we offer an off-site backup solution that will backup your PC right over the internet and will provide you with the kind of protection you need to ensure your files are protected.  This is a subscription service where you'd be charged based on the amount of information you're backing up.  Backups start at $5/month.

Additional information can be obtained from the following locations:

    Wikipedia
    RedoBackup
    CryptoLocker Scan Tool
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online Keighlar

  • Moderator
  • Location: New Hampshire
  • Posts: 1625
Re: Ransomware virus.
« Reply #1 on: November 22, 2013, 08:36:23 AM »
Kim Komando recommended this site yesterday to prevent Cryptolocker infection:
http://www.foolishit.com/vb6-projects/cryptoprevent/

It's supposed to prevent infection if it's installed prior to catching it, but I don't know about it's success rate. I haven't installed it yet because it seems that most of these infections are being spread through spam mail from delivery services like UPS, DHL and FedEx which require you to open an attachment.  It's been a LONG time since I've been that stupid.  :015:
“You know you’re in love when you can’t fall asleep because reality is finally better than your dreams.”
Dr Seuss

Offline JeffE

  • Technician
  • Posts: 51
Re: Ransomware virus.
« Reply #2 on: November 22, 2013, 08:37:37 AM »

Online hbiss

  • Administrator
  • Location: Westchester County, NY
  • Posts: 3341
Re: Ransomware virus.
« Reply #3 on: November 22, 2013, 12:31:33 PM »
It used to be that hackers created viruses and trojans as a ego thing but the criminals have taken over. They started with key loggers to steal your information and have become much more sophisticated graduating to ransomware. Ransomeware was useless without an untraceable method of payment and only became profitable with the advent of shady financial institutions like Money Pak. I've been critical of Money Pak ever since I learned about ransomware virises.

Quote
Our mission is to be the leading provider of financial services to the large community of Americans underserved by traditional providers.

Green Dot Corporation is a leading provider of retail-based financial services for America's underserved community. Founded in 1999, the company offers consumers a comprehensive portfolio of financial products and services through thousands of leading retailer locations nationwide including Walmart, Walgreens, CVS/pharmacy, Rite Aid, Kmart, Kroger, Ralphs, Fred Meyer, Smiths and Radio Shack.

Green Dot’s products include Green Dot MasterCard-® and Visa-® branded prepaid debit cards and the Green Dot MoneyPak® - a consumer to business “C2B” cash processing gateway that provides a convenient and efficient way for consumers to load cash to prepaid cards, use cash to make purchases and pay bills, and add cash to a variety of accounts. With the MoneyPak distributed in over 50,000 locations across 49 states, Green Dot has built the largest domestic cash-acceptance network of its kind.

Green Dot is headquartered in the greater Los Angeles area.

With the government watching every one of our bank and card transactions I just can't believe that they would allow an operation like Money Pak to transfer cash in and out of the Country without requiring any kind of a paper trail. If ransom payments were traceable ransomeware criminals would be shut down.

So in addition to blaming the criminals you can blame our government for not doing something about shady financial institutions that facilitate this and other criminal activity. Our mission is to be the leading provider of financial services to the large community of Americans underserved by traditional providers. There's a reason these kinds of people can't or won't deal with regular banks.

-Hal
I gotta get out of this business...

COMSYSTEC- Phone Systems | paging systems | background music systems | foreground music systems | retail music | restaurant music

Offline tonyburkhart

  • Moderator
  • Location: Reynoldsburg Ohio USA
  • Posts: 1026
    • www.teamburkhart.com
Re: Ransomware virus.
« Reply #4 on: November 23, 2013, 10:57:11 PM »
agree with Hal on Money Pak - it's a no win situation for any legitimate operation

re: latest ransom-ware/malware

This stuff is nasty. it is as bad as they say and it's propogating fast. That being said, it's users habits that are the worst for infections... not open doors or targeted attacks. Unfortunately this one is extremely well thought out and without that encryption key, there is no way to recover your data.
Thanks,
Tony Burkhart
Team Burkhart
www.teamburkhart.com