not mine. Its an employee, I work IT and am tasked to fix it, basically get his info back at any cost. . Am I correct to understand that I cannot buy a coin with CC because of so many scams/cancelled transactions?Have been searching the local exchange thing. any other choices?
Goodluck fixing this
If he had been on carbonite or had a single system restore point on his computer I could get his data back. At this point, super easy to get rid of the virus but every file is encrypted. Meaning none of them are able to open, even once the virus is gone. So basically I have to go on faith and pay them to give me a code. Awesome I know.
New Ransomware CryptoWall Comes With Nasty Twist
There is a new ransomware strain called CryptoWall hitting organizations. Late April, the cyber criminals who developed the CryptoDefense ransomware released a new variant called CryptoWall. This strain is for the most part the same as CryptoDefense except another brand name, different filenames for the ransom instructions, and a whole new attack vector.
IT security pundits speculated that either the criminals released a new version because CryptoDefense was being blocked by endpoint protection software, or that they sold their source code to another cyber mafia. The bad news is that the earlier vulnerability of CryptoDefense has been fixed and you can no longer yourself decrypt files that are encrypted by CryptoWall.
This puppy comes with a nasty twist though, it no longer requires a user to open an infected attachment, but uses a fresh vulnerability in Java. Malicious advertisements on domains belonging to Disney, Facebook, The Guardian newspaper and many others are leading people to sites that are CryptoWall infected and encrypt their drives. There is a massive attack reported by Cisco, and they have a heatmap with the countries primarily targeted. The US is, predictably, the most affected, with the UK coming in second. Map at the KnowBe4 Blog:
http://blog.knowbe4.com/bid/388403/New-Ransomware-CryptoWall-Comes-With-A-Twist Since Cisco began blocking the attacks on April 24, its researchers said they had blocked requests to over 90 infected web domains for more than 17 percent of its cloud-security customer base. Mind you, Cisco's customer base for their cloud web security is really large, so 17% is big numbers.
In the mean time, back at the ranch, ransomware grand-daddy CryptoLocker has continued to improve the quality of its spear-phishing attacks with fake fax announcement messages that start to look very real. They also improved their marketing, as the latest version provides a new feature which is a button that gives you the chance to "Decrypt 1 file for FREE" and is fully functional. Oh Joy.
Yes, the CryptoLocker network was taken over by the Feds last week, but there are three competing gangs, and cyber criminals more than anyone build their systems to be robust, redundant and fault-tolerant because they know from the get-go they will be shut down sooner rather than later. They do not go away, they get mad and come back with an even more resilient malware version.
It's a very good idea to step your end-users through effective Kevin Mitnick Security Awareness Training. You can get a free quote to find out how much this would be for your organization. You'll be pleasantly surprised how affordable this is, and this month it comes with an innovative crypto-ransom offer you will like:
http://info.knowbe4.com/we-will-pay-your-crypto-ransom If your network gets hit with this, look at time stamps and owner(s) of the decrypt_instructions files that were loaded to the (mapped) drives. That's how you can identify which workstation it originally came from and (re-)train the user. Reformat/reimage their PC (a.k.a. "nuke from orbit") and restore all the directories that have those encrypted files. Do a restore from a backup prior to the date you see listed on the file creations.
In case you do not have recent backups, pay the ransom and hope for the best. Surprisingly these criminals do their best to decrypt your files, it's their "reputation" after all! But do not waste a crisis like this and use it to your advantage. Strengthen your policies and IT Best Practices. Keep your systems patched and your users on their toes with security top of mind!