(It's a safe link) I'm going to try out the "Local Software Restriction Policies under the Security Settings heading". If I find out anything useful I'll report in
For those who don't know, this virus will encrypt your files, then demand a ransom ($100 to $300) to get a key to de-encrypt them. They give you 96 hours or the files will remain encrypted permanently. No current virus protection program appears able to block it.
Without going to extremes there are a few ways to avoid infection in the first place:
1_ don't open zip files in emails from unknown senders.
2_ make sure you keep your Java platform updated.
3_ watch out for video drivers updates notifications
Also if you have back ups you can get your files back. A disk image should do the trick.
Only if your backup disk is not connected to your PC otherwise it will be encrypted too....
Backups should always be external and only connected during back up or retrieval. If you're infected then I don't think it can be cleaned. The only alternative would be to a bare metal restore with a blank drive.
I emailed them last night and this was their reply:
The FixMeStick will remove the Cryptolocker virus off your computer if in the case you do accidentally get it. However, if the virus encrypts your files the FixMeStick (or anyone) will not be able to decrypt your files without the key from the author of Cryptlocker. Which means you would have to pay them. I strongly suggest to keep back-ups of your files regularly and also have system restore points. That way if you do get the virus then the FixMeStick will remove it and you will have either a copy of your files or be able to go back to a restore point before you got the virus and still have them.
This is one particularly nasty virus..
I emailed them last night and this was their reply:
The FixMeStick will remove the Cryptolocker virus off your computer if in the case you do accidentally get it. However, if the virus encrypts your files the FixMeStick (or anyone) will not be able to decrypt your files without the key from the author of Cryptlocker. Which means you would have to pay them. I strongly suggest to keep back-ups of your files regularly and also have system restore points. That way if you do get the virus then the FixMeStick will remove it and you will have either a copy of your files or be able to go back to a restore point before you got the virus and still have them.
This is one particularly nasty virus..
If there is a cleansing agent for this nasty, there should also be some sort of vaccine.. or not?
Once half of your files are gone, it's already too late.
If there is a cleansing agent for this nasty, there should also be some sort of vaccine.. or not?
This malware (it's not a virus) is similar to file encryption programs that people use to ensure privacy of their files. Since the latest version uses strong encryption you need to know the original key to decrypt the data. If the bad guys didn't leave that key lying around on your computer then you're almost certainly out of luck.
The only chances for a "vaccine" are attacking potential weaknesses in the malware. Perhaps the key it uses is predictable, or perhaps the NSA knows how to break RSA encryption and will tell us
Decrypting of encrypted data on a digital storage device relies on being able to read it back un-encrypted.
This places some limitations on how you can scramble the file. eg it will be a standard byte with a start and stop bit (or two) even if these are also encrypted.
The simple method of encryption is to generate a key using one of the key generating algorithms and adding it algebraicly to the unencrypted data stream.
These keys will normally have a finite length so that when the sequence gets to a given point it reverts to the start.
The secret is to know the point on the key that is the start point for the encryption.
This can be found from a plain copy of a file that has been encrypted
If you know the algorithm, decryption without the key involves feeding the key stream to the encrypted data in a set of registers and add them together again.
Step the key forward one bit at a time to the file and when the key is in sync the output will be your decrypted file.
One way we used to sync the two streams was to look for a sequence of 15 start stop bits in the correct place. This also works if the file is double encrypted.
Big Brother has all the gear to decrypt encrypted files so don't think encrypting data on your HDD will save you if you get caught with something you should not have!
Start and stop bits are only used on serial data during transmission. They are not stored in data files.
I think you'll find that modern day encryption and cryptanalysis techniques have moved on a little from what you're describing. You won't be breaking a system that uses a unique 2048 bit RSA key pair each time with a plain text attack or a brute force key search.
Start and stop bits are only used on serial data during transmission. They are not stored in data files.
I think you'll find that modern day encryption and cryptanalysis techniques have moved on a little from what you're describing. You won't be breaking a system that uses a unique 2048 bit RSA key pair each time with a plain text attack or a brute force key search.
Cheers,
Rick.
Yes I would be surprised if they had not. However I did not want to get too far into encryption. The point I was trying to make is that a code that is electronically generated must follow some rule and the key to decryption without a key is to know exactly what has been encoded. A data stream on a HDD does not use start and stop bits on each byte but it does use markers to know where the the data starts and stops.
Yes I would be surprised if they had not. However I did not want to get too far into encryption. The point I was trying to make is that a code that is electronically generated must follow some rule and the key to decryption without a key is to know exactly what has been encoded. A data stream on a HDD does not use start and stop bits on each byte but it does use markers to know where the the data starts and stops.
Barry
It is true that there are a variety of headers and trailers at the physical disk and the filesystem level which you could consider analogous to start and stop bits but they are irrelevant here. CryptoLocker encrypts at the file level and it's not hard to tell what has been encrypted.
A lady at a lab said her work friend got it,he apparently had a bad habit off opening everything,and screen went black,said it was federal police,and pay up.
As has been previously mentioned,avoid opening any unknown emails etc.I delete a lot of messages,on the spot,always when I never know the sender.
Good to see IIS putting these threads up,I do not go on other forums of a computer nature
The .exe attachment you get on emails is actually just a small trojan downloader which will download Cryptolocker and drop the destructive payload.
I want to sniff out where the trojan downloads cryptolocker and create a DNS loopback on our server.
EDIT: Nevermind, turns out DNS sink-holing attempts have failed. The downloader has a domain generating algorithm which creates and finds 1000 new locations (everyday) to download cryptolocker from. What a nightmare.
Last edited by killswitch; 06-11-2013 at 01:05 AM.
Without going to extremes there are a few ways to avoid infection in the first place:
1_ don't open zip files in emails from unknown senders.
2_ make sure you keep your Java platform updated.
3_ watch out for video drivers updates notifications
Also if you have back ups you can get your files back. A disk image should do the trick.
And always right click on any links and check what the address *really* is before opening them.
It is times like this I am glad I'm not running windows though. All other arguments aside, Windows is getting too problematic for any of my critical workflows, we are transitioning to OSX and Linux at work now as well. The security may in theory be as good in Windows as in anything else, but the insane amount of malware/viruses etc. that target the Windows platform make it not viable for us any more. The attached image is the percentage of Operating Systems infected last month, with Windows accounting for 99.93% of infected computers.
