ICEINSPACE
|
Moon Phase
CURRENT MOON
Waxing Crescent 11%
|
|
06-11-2013, 04:39 PM
|
|
Make it so! - Capt.Picard
|
|
Join Date: Jan 2012
Location: Melbourne
Posts: 1,982
|
|
|
Very good to be aware of this dangerous threat.
Working in IT support I am making sure all computers have the latest version of Java. Also trying to see how we can help prevent it!
|
09-11-2013, 07:23 PM
|
 |
Registered User
|
|
Join Date: Feb 2013
Location: Western Sydney, NSW
Posts: 537
|
|
|
I refuse to install Java on any of our machines, the security holes just never end.
We sent out a memo to all staff to be extra careful. Crypto will infect mapped network drives meaning file servers are at high risk. As far as i know it cant touch shadow storage which is good.
|
10-11-2013, 01:53 AM
|
 |
Registered User
|
|
Join Date: Dec 2008
Location: Jamestown, USA
Posts: 7
|
|
Quote:
|
I refuse to install Java on any of our machines, the security holes just never end.
|
If you use Firefox, there is an add-on called NoScript, that allows you to choose which Java scripts to run. Very effective for allowing only trusted domain scripts to run.
Jim
|
21-12-2013, 04:54 PM
|
 |
Registered User
|
|
Join Date: Sep 2006
Location: Sydney
Posts: 1,847
|
|
|
Still more, just if you like to read it
Hi,
Another news article, nothing brand new. I notice too Malwarebytes, for one, is saying their product will block it.
http://www.abc.net.au/news/2013-12-2...omware/5170422
Cheers
|
07-09-2016, 07:32 PM
|
 |
Registered User
|
|
Join Date: Feb 2005
Location: Launceston Tasmania
Posts: 9,021
|
|
|
Some info on cryptolocker, at least the variant I had to deal with at work.
Ours was not a virus, there was however a trojan component that installs and attempts to continue it's dirty work.
The cryptolocker "virus" in our case was exectuted as a script and had nothing to do with zipped files or email attachments.
In our case, one if the office staff clicked on a link to an Australia Post delivery site.
The staffer was expecting some parcels but didn't stop to think of how AP happened to know this particular email address.
Ironically, on the wall beside the desk was a half page note in which I explained the dangers of cryptolocker and how best to avoid it.
The decryption is not as simple as comparing identical files and generating a key, earlier variations of cryptolocker could be decrypted with some success but successive iterations have proven to be uncrackable at least to the general computing community.
I used the comparison method and it did successfully recover the encrypted version of the file I compared but the recovered key wouldn't decrypt any other files.
Some bright spark (who's name I can't recall) wrote a nice analysis explaining where the flaws were in the cryptolocker code and encryption process, giving the authors of cryptolocker expert advice on where to tighten up their code and make it virtually uncrackable.
Having an up to date anti virus and anti spyware and the latest browser updates won't necessarily help either.
In our case the AV recognised the cryptolocker code and stopped the resident installation of the virus but failed to prevent the scripted code from locking thousands of files. The resident component is basically there to delete your data should you elect not to pay the ramsom demand. The cryptolocker process went on for over 2 hours, and encrypted shared network resorces, the staffer blindly continued working on the PC despite the fact that the Anti-virus was going absolutely crazy.
Our antivirus definitions were up to date, as was Java and the browser in use. The Anti-Virus engine was not, there had been no notification that the AV engine needed update.
Whether that would have stopped the cryptolocker is debatable. Sometimes encrypted data can be recovered by utilising the windows shadow volume but in our case the cryptolocker irretrievably deleted the shadow volume.
In the final analysis we lost nothing of importance despite the cryptolocker having almost 3 hours to do it's dirty work. The reason was that we had good backups.
The same week, one of our customers with a large Australia wide network was clobbered, once again all AV's, operating systems etc were up to date, again good backups saved the day.
Many of the previously mentioned precautionary measures won't offer the slightest protection agains the cryptolocker, at least based on our experience.
In our case the following steps would have prevented the infection.
1. As peter said, check email links or web links by hovering over the link and identifying the destination, that is the single most effective preventative measure. If the link looks dodgy don't click on it. Think before you blindly click. Question the source of the email or link.
2. Make sure you have backups of your important data (i.e. anything you can't afford to lose) and that the backup destination is not available as a shared resource. Data such as accounting, invoicing etc should have multiple backups, don't rely on just one source as that source could fail. In our case accounting files were backed up each day on individual memory sticks, a weekly backup taken off site and our other backups had no network shares.
3. If your AV detects anything abnormal, disconnect from your network and power off immediately before taking any further measures. Had our staffer simply turned off the PC at the first AV warning the damage would have been minimal.
4. If you need to share network files make those shares read only where possible, cryptolocker can't encrypt a file that it has no write access to.
5. You could set up your browser to execute scripts only with permission, but given the nature of current web design the browsing experience would be tedious.
Last edited by acropolite; 07-09-2016 at 07:59 PM.
|
25-09-2016, 03:11 PM
|
|
Registered User
|
|
Join Date: Aug 2008
Location: perth
Posts: 599
|
|
That's all bull dust from authorities. I mean if someone asks for money to be paid to, they must know where that money goes and to who. Just watch if this happens to big firm or famous person how quickly that moron will be found and prosecuted regardless which country he comes from.
Like this one for example:
http://www.msn.com/en-au/news/world/...id=mailsignout
|
25-09-2016, 06:47 PM
|
 |
Lost in Space ....
|
|
Join Date: May 2010
Location: Auckland, NZ
Posts: 4,949
|
|
Quote:
Originally Posted by bobson
That's all bull dust from authorities. I mean if someone asks for money to be paid to, they must know where that money goes and to who. Just watch if this happens to big firm or famous person how quickly that moron will be found and prosecuted regardless which country he comes from.
Like this one for example:
http://www.msn.com/en-au/news/world/...id=mailsignout |
The trouble is once money goes out of the country into hackers control your local law has no power and the hacker isn't going to listen anyway.
|
25-09-2016, 07:21 PM
|
|
Registered User
|
|
Join Date: Feb 2005
Location: Launceston Tasmania
Posts: 9,021
|
|
|
FWIW The currency demanded is Bitcoin, like most scams they are often running for only a couple of days so they can be long gone before they're traced.
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +10. The time is now 08:44 AM.
|
|
