Bitcoin Forum
June 14, 2024, 04:16:34 AM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: CryptoLock - wow they really are making some money  (Read 8869 times)
Dabs
Legendary
*
Offline Offline

Activity: 3416
Merit: 1912


The Concierge of Crypto


View Profile
November 11, 2013, 02:55:19 AM
 #21

The most important lesson: Don't click random exes or pictures or whatever from random people you don't know. And even if you know them, make sure to use some sort of sandbox or virtual machine or some isolated environment to test or view whatever it is that you do download.

mb300sd
Legendary
*
Offline Offline

Activity: 1260
Merit: 1000

Drunk Posts


View Profile WWW
November 11, 2013, 05:12:56 AM
 #22

I get a few hundred of these emails a day (own server with catch-all). its so painfully obvious that their fake... Hopefully anyone paying learns not to open random emails, financial cost is the only thing that motivates some people to learn anything.

1D7FJWRzeKa4SLmTznd3JpeNU13L1ErEco
EnderHf
Member
**
Offline Offline

Activity: 60
Merit: 10


View Profile
November 11, 2013, 05:46:29 AM
 #23

Well damn that guy is makin bank though it would suck if someone stole my files and locked them
GenTarkin
Legendary
*
Offline Offline

Activity: 2450
Merit: 1002


View Profile
November 11, 2013, 05:51:01 AM
 #24

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)

GenTarkin's MOD Kncminer Titan custom firmware! v1.0.4! -- !!NO LONGER AVAILABLE!!
Donations: bitcoin- 1Px71mWNQNKW19xuARqrmnbcem1dXqJ3At || litecoin- LYXrLis3ik6TRn8tdvzAyJ264DRvwYVeEw
crazy_rabbit
Legendary
*
Offline Offline

Activity: 1204
Merit: 1001


RUM AND CARROTS: A PIRATE LIFE FOR ME


View Profile
November 11, 2013, 09:09:41 AM
 #25

Hmmm... makes me want to buy one of these:

Aegis Padlock External Harddrive, Real time 256 bit AES encryption, hardware

http://www.staples.com/office/supplies/StaplesProductDisplay?storeId=10001&partNumber=SS2073376&catalogIdentifier=2&langId=-1&ddkey=http:StaplesZipCodeAdd

that looks like a pretty dangerous place to store ones files.

more or less retired.
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
November 11, 2013, 02:34:25 PM
 #26

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)
VSS?
How?

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
kokojie
Legendary
*
Offline Offline

Activity: 1806
Merit: 1003



View Profile
November 11, 2013, 03:21:07 PM
 #27

so what is the work-around to fix this, so that the victims are not forced to pay into this scam and then treating bitcoin as a criminal preferred coin. if we as a community help out the victims by solving their woes they wont need to pay into it and think of bitcoin as a bad thing.

secondly this address that the funds get paid into could simply be a mtgox, bitstamp, btc-e deposit address. because once its in an exchange the funds just get split up for other users who are withdrawing.

we don't want criminals tainting the coins, i definitely don't want to withdraw my coins from an exchange and realise they are linked to the deposits of this scammer using the same exchange.

yes, there's a very simple work-around/solution:
1. don't open suspicious email attachment
2. back up your shit if they are worth paying a ransom for.

btc: 15sFnThw58hiGHYXyUAasgfauifTEB1ZF6
redwraith
Full Member
***
Offline Offline

Activity: 188
Merit: 102



View Profile
November 11, 2013, 03:35:19 PM
 #28

Quote
so what is the work-around to fix this, so that the victims are not forced to pay into this scam and then treating bitcoin as a criminal preferred coin. if we as a community help out the victims by solving their woes they wont need to pay into it and think of bitcoin as a bad thing.

Some dimwit on the bleepingcomputer.com forums has already insinuated this connection:

Quote
"Don't suppose CL [cryptolocker] was created by the creators of Bitcoin??"
  AND

Quote
"And let's not forget that Bitcoin is referred to as a 'cryptocurrency'."

Guild by name association I guess... Give me a break.

Another random internet tough guy with no knowledge of what bitcoin is or how it came into being, spreading FUD.
GenTarkin
Legendary
*
Offline Offline

Activity: 2450
Merit: 1002


View Profile
November 11, 2013, 03:45:43 PM
 #29

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)
VSS?
How?

VSS - volume shadow copy - aka previous version , available on all windows xp and higher. But turned off by default on many win 8 installs =(
MS castrated VSS in win 8

GenTarkin's MOD Kncminer Titan custom firmware! v1.0.4! -- !!NO LONGER AVAILABLE!!
Donations: bitcoin- 1Px71mWNQNKW19xuARqrmnbcem1dXqJ3At || litecoin- LYXrLis3ik6TRn8tdvzAyJ264DRvwYVeEw
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
November 11, 2013, 03:47:42 PM
Last edit: November 11, 2013, 04:36:07 PM by LaudaM
 #30

VSS - volume shadow copy - aka previous version , available on all windows xp and higher. But turned off by default on many win 8 installs =(
MS castrated VSS in win 8
I've heard only about the name. I'll try it.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
GenTarkin
Legendary
*
Offline Offline

Activity: 2450
Merit: 1002


View Profile
November 11, 2013, 03:53:36 PM
 #31

yeah, in vista & 7 ... doing a system restore before the infection happened will hopefully get windows rolling again =) ... this uses VSS snapshots to roll files back to that point in time. If that fails, Im gathering .. removing the infection itself, then use VSS(previous versions) to restore encrypted files. Previous versions is accessed via right click on folders in explorer.

But, what would suck is if part of cryptolocker is if it deleted all VSS snapshots, then you would be outta luck. But from what other people have reported, it doesnt do that. Perhaps cryptolocker 2.0? would...lol

GenTarkin's MOD Kncminer Titan custom firmware! v1.0.4! -- !!NO LONGER AVAILABLE!!
Donations: bitcoin- 1Px71mWNQNKW19xuARqrmnbcem1dXqJ3At || litecoin- LYXrLis3ik6TRn8tdvzAyJ264DRvwYVeEw
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
November 11, 2013, 04:36:42 PM
 #32

yeah, in vista & 7 ... doing a system restore before the infection happened will hopefully get windows rolling again =) ... this uses VSS snapshots to roll files back to that point in time. If that fails, Im gathering .. removing the infection itself, then use VSS(previous versions) to restore encrypted files. Previous versions is accessed via right click on folders in explorer.

But, what would suck is if part of cryptolocker is if it deleted all VSS snapshots, then you would be outta luck. But from what other people have reported, it doesnt do that. Perhaps cryptolocker 2.0? would...lol
Just backup the VSS somewhere (if possible).

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
November 11, 2013, 04:37:19 PM
 #33

It is funny:
there is a thread about mainstream adoption of bitcoin
and then there is the thread.

It is clear that the mainstream have no hope to adopt bitcoin, since they are even UNABLE to avoid such idiot virus and are UNABLE to properly backup their data. And they should adopt bitcoin? Ahahah nice joke

Backing up your data to a directory that CryptoLock looks for, even if on an external drive, will result in that directory getting encrypted too.

http://www.foolishit.com/vb6-projects/cryptoprevent/

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
November 11, 2013, 06:06:25 PM
 #34

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

Unless CL knows about that disk.
C. Bergmann
Hero Member
*****
Offline Offline

Activity: 803
Merit: 500



View Profile
November 11, 2013, 06:41:40 PM
 #35

some ideas what we learn from it
- everyone should be educated in computer security. We are in the 21th century. This should be school's lesson. If people learn this, they are ready to adopt bitcoin
- we need some kind of self regulatory Bitcoin-police, high-profile blockchain-forensics. Great work to make the adress of this bastards public! This adress should be tagged in the blockchain-explorer and watched like the fbi-adress. Then the hacker will live in fear he will be catched whenever he tries to spend the coins. Maybe some time miners could be asked: "Do you want to transfer the thief's coins?" - or something like this.


▄▄████▄▄
▄████████████▄
▄▄█████▀▀    ▀▀█████▄▄
▄█████▀▀            ▀▀█████▄
▄███▀       ▄████▄       ▀███▄
███      ▄██████████▄      ███
███    ▄██████████████▄    ███
███    ████████████████    ███
███    ████████████████    ███
███    ████████████████    ███
███    ▀██████████████▀    ███
███      ▀██████████▀      ███
▀███▄       ▀████▀       ▄███▀
▀█████▄▄            ▄▄█████▀
▀▀█████▄▄    ▄▄█████▀▀
▀████████████▀
▀▀████▀▀
Gabro███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
███
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
WHITEPAPER
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
TOKEN SALES
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
Gabi
Legendary
*
Offline Offline

Activity: 1148
Merit: 1008


If you want to walk on water, get out of the boat


View Profile
November 11, 2013, 06:44:30 PM
 #36

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

Unless CL knows about that disk.
If it is physically disconnected from the computer, good luck infecting it.

dserrano5
Legendary
*
Offline Offline

Activity: 1974
Merit: 1029



View Profile
November 11, 2013, 06:46:55 PM
 #37

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

Unless CL knows about that disk.
If it is physically disconnected from the computer, good luck infecting it.

I just gave some emphasis to the critical part in your post Smiley.
birkomester
Full Member
***
Offline Offline

Activity: 336
Merit: 100


View Profile
November 11, 2013, 06:56:36 PM
 #38

I hate this ransomware
mprep
Global Moderator
Legendary
*
Offline Offline

Activity: 3766
Merit: 2610


In a world of peaches, don't ask for apple sauce


View Profile WWW
November 11, 2013, 07:11:27 PM
 #39

I wonder how does the virus deal with transactions? If it unlocks on send of the coins then after getting the encryption key, you can double-spend the transaction.

Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
November 11, 2013, 08:54:51 PM
 #40

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

Unless CL knows about that disk.
If it is physically disconnected from the computer, good luck infecting it.
Well I've pointed out what the issue here is. Some people do regular backups so disconnecting it each time is not worth the trouble and slowly damages the USB.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!