Now that's a nasty email

[Tandum (Robin)]

Just a heads up on an email that seems to doing the rounds. It pretends to be a speeding violation from the police and looks very official but if you open the attachment, it encrypts the majority of your data files.

They then demand about $600 for the decryption key.

I've seen three machines since Xmas that have been encrypted with a fourth showing up on Saturday. This 4th box is the only guy who has his machine doing backups, I had to reinstall all the others and didn't recover anything. I'm hoping it hasn't encrypted his backup files.

It seems to be a copycat of the cryptolocker virus that was around a year or so ago, but the encrypter they've written isn't the best so the decrypter don't work properly.

Please think before opening, how did they get my email address

[csb (Craig)]

Thanks for the security alert. Gee, they pray on what can motivate a person to open their emails.

My biggest concern with scammers on the Net is for my dear old Mum. She uses the internet regularly especially to pay bills. But over last few years her cognition has decreased and I feel she could easily fall for some of the stunts.

At the moment anything even a little suss Mum asks us to have a look. We have spotted some and deleted them. So I'll let her know of this to help remind her to stay vigilant.

[Waxing_Gibbous (Peter)]

The police aren't going to e-mail you a traffic violation. I know this for a fact!!!

Waxing "you'll never take me alive copper" Gibbous

[PeterEde (Peter)]

If it comes from an address I don't know it gets the file 13 treatment

[Renato1 (Renato)]

Any idea whether such emails are getting past antivirus scanners, or if the people were just slack and didn't have one installed?
Regards,
Renato

[RickS (Rick)]

Quote:

Originally Posted by Renato1

Any idea whether such emails are getting past antivirus scanners, or if the people were just slack and didn't have one installed?
Regards,
Renato

Anti-virus scanners look for viruses, but not necessarily other forms of malware.

Robin: is the attachment just a .exe file or something more exotic?

[Tandum (Robin)]

I haven't seen the email yet Rick. The others thought deleting the email might fix it, yeah right, that horse has well and truly bolted. This guy tomorrow might still have it, I told him to turn it off and leave it off. It does scan all drives so usb disks and camera cards for sure and probably mounted network drives. It has an extension driven hit list so doc xls jpg etc etc, data files. It appears to encrypt the first 2 meg of each file, probably to make it faster. If this guys backup is in tack, I'll have before and after files to look at. Should be able to extract the key from them, maybe

[RickS (Rick)]

Quote:

Originally Posted by Tandum

Should be able to extract the key from them, maybe

Only if you're the NSA or the authors of the malware were incompetent

[Tandum (Robin)]

Quote:

Originally Posted by RickS

Only if you're the NSA or the authors of the malware were incompetent

Your prolly right and I got better things to do than sit in front of computers.
There's a resprayed Gibson in the bat cave needing a cut and polish and I still haven't finished fiddling with the Cop Bike

[ZeroID (Brent)]

CryptoLocker is the culprit, It uses a 256 bit key to encrypt your files. Leaves the apps alone so you think all is well then when it is done encrypting it pops up and tells you to send money. It's all too late by then. Either pay or wipe and start again. You will not get back your files, end of story.
I've had a few instances at work and done the hard yards but there is no fix for it once encrypted. Files should be backed up to an off line drive.

[Aussie_Dave]

Quote:

Originally Posted by Tandum

how did they get my email address

Every time personal info is submitted online, it can be obtained. It doesn't matter how great your security is.

One popular social network site is well known for passing on user info (mainly email addresses), especially if you click on the ads and use the apps. But I'm sure they all do it in some way or form.

[ZeroID (Brent)]

They can also just 'harvest' your email address from anyone who includes you on a distribution list and doesn't use the BCC (Blind Copy) option. ie all the addresses of those receiving the email is visible to all.
I do a regular Friday Funnies email at work and I BCC the list so nobody knows who else is receiving it.
Just good practice generally speaking unless it's 'conference' type of email and you are asking for replies\comments in the group.