CryptoLock - wow they really are making some money

[Dabs]

The most important lesson: Don't click random exes or pictures or whatever from random people you don't know. And even if you know them, make sure to use some sort of sandbox or virtual machine or some isolated environment to test or view whatever it is that you do download.

[mb300sd]

I get a few hundred of these emails a day (own server with catch-all). its so painfully obvious that their fake... Hopefully anyone paying learns not to open random emails, financial cost is the only thing that motivates some people to learn anything.

[EnderHf]

Well damn that guy is makin bank though it would suck if someone stole my files and locked them

[GenTarkin]

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)

[crazy_rabbit]

Hmmm... makes me want to buy one of these:

Aegis Padlock External Harddrive, Real time 256 bit AES encryption, hardware

http://www.staples.com/office/supplies/StaplesProductDisplay?storeId=10001&partNumber=SS2073376&catalogIdentifier=2&langId=-1&ddkey=http:StaplesZipCodeAdd

that looks like a pretty dangerous place to store ones files.

[Lauda]

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)

VSS?
How?

[kokojie]

so what is the work-around to fix this, so that the victims are not forced to pay into this scam and then treating bitcoin as a criminal preferred coin. if we as a community help out the victims by solving their woes they wont need to pay into it and think of bitcoin as a bad thing.

secondly this address that the funds get paid into could simply be a mtgox, bitstamp, btc-e deposit address. because once its in an exchange the funds just get split up for other users who are withdrawing.

we don't want criminals tainting the coins, i definitely don't want to withdraw my coins from an exchange and realise they are linked to the deposits of this scammer using the same exchange.

yes, there's a very simple work-around/solution:
1. don't open suspicious email attachment
2. back up your shit if they are worth paying a ransom for.

[redwraith]

so what is the work-around to fix this, so that the victims are not forced to pay into this scam and then treating bitcoin as a criminal preferred coin. if we as a community help out the victims by solving their woes they wont need to pay into it and think of bitcoin as a bad thing.

Some dimwit on the bleepingcomputer.com forums has already insinuated this connection:

"Don't suppose CL [cryptolocker] was created by the creators of Bitcoin??"

  AND

"And let's not forget that Bitcoin is referred to as a 'cryptocurrency'."

Guild by name association I guess... Give me a break.

Another random internet tough guy with no knowledge of what bitcoin is or how it came into being, spreading FUD.

[GenTarkin]

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)

VSS?
How?

VSS - volume shadow copy - aka previous version , available on all windows xp and higher. But turned off by default on many win 8 installs =(
MS castrated VSS in win 8

[Lauda]

VSS - volume shadow copy - aka previous version , available on all windows xp and higher. But turned off by default on many win 8 installs =(
MS castrated VSS in win 8

I've heard only about the name. I'll try it.

[GenTarkin]

yeah, in vista & 7 ... doing a system restore before the infection happened will hopefully get windows rolling again =) ... this uses VSS snapshots to roll files back to that point in time. If that fails, Im gathering .. removing the infection itself, then use VSS(previous versions) to restore encrypted files. Previous versions is accessed via right click on folders in explorer.

But, what would suck is if part of cryptolocker is if it deleted all VSS snapshots, then you would be outta luck. But from what other people have reported, it doesnt do that. Perhaps cryptolocker 2.0? would...lol

[Lauda]

yeah, in vista & 7 ... doing a system restore before the infection happened will hopefully get windows rolling again =) ... this uses VSS snapshots to roll files back to that point in time. If that fails, Im gathering .. removing the infection itself, then use VSS(previous versions) to restore encrypted files. Previous versions is accessed via right click on folders in explorer.

But, what would suck is if part of cryptolocker is if it deleted all VSS snapshots, then you would be outta luck. But from what other people have reported, it doesnt do that. Perhaps cryptolocker 2.0? would...lol

Just backup the VSS somewhere (if possible).

[Gabi]

It is funny:
there is a thread about mainstream adoption of bitcoin
and then there is the thread.

It is clear that the mainstream have no hope to adopt bitcoin, since they are even UNABLE to avoid such idiot virus and are UNABLE to properly backup their data. And they should adopt bitcoin? Ahahah nice joke

Backing up your data to a directory that CryptoLock looks for, even if on an external drive, will result in that directory getting encrypted too.

http://www.foolishit.com/vb6-projects/cryptoprevent/

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

[dserrano5]

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

Unless CL knows about that disk.

[C. Bergmann]

some ideas what we learn from it
- everyone should be educated in computer security. We are in the 21th century. This should be school's lesson. If people learn this, they are ready to adopt bitcoin
- we need some kind of self regulatory Bitcoin-police, high-profile blockchain-forensics. Great work to make the adress of this bastards public! This adress should be tagged in the blockchain-explorer and watched like the fbi-adress. Then the hacker will live in fear he will be catched whenever he tries to spend the coins. Maybe some time miners could be asked: "Do you want to transfer the thief's coins?" - or something like this.

[Gabi]

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

Unless CL knows about that disk.

If it is physically disconnected from the computer, good luck infecting it.

[dserrano5]

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

Unless CL knows about that disk.

If it is physically disconnected from the computer, good luck infecting it.

I just gave some emphasis to the critical part in your post .

[birkomester]

I hate this ransomware

[mprep]

I wonder how does the virus deal with transactions? If it unlocks on send of the coins then after getting the encryption key, you can double-spend the transaction.

[Lauda]

A proper backup is done by using an external drive wich is not kept connected to the computer. Connect, backup, disconnect. Then if the computer is fucked, you have a backup.

Unless CL knows about that disk.

If it is physically disconnected from the computer, good luck infecting it.

Well I've pointed out what the issue here is. Some people do regular backups so disconnecting it each time is not worth the trouble and slowly damages the USB.