CryptoLock - wow they really are making some money - page 2.

GenTarkin

legendary

Activity: 2450

Merit: 1002

Quote from: Lauda on November 11, 2013, 09:34:25 AM

Quote from: GenTarkin on November 11, 2013, 12:51:01 AM

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)

VSS?
How?

VSS - volume shadow copy - aka previous version , available on all windows xp and higher. But turned off by default on many win 8 installs =(
MS castrated VSS in win 8

redwraith

full member

Activity: 188

Merit: 102

Quote

so what is the work-around to fix this, so that the victims are not forced to pay into this scam and then treating bitcoin as a criminal preferred coin. if we as a community help out the victims by solving their woes they wont need to pay into it and think of bitcoin as a bad thing.

Some dimwit on the bleepingcomputer.com forums has already insinuated this connection:

Quote

"Don't suppose CL [cryptolocker] was created by the creators of Bitcoin??"

AND

Quote

"And let's not forget that Bitcoin is referred to as a 'cryptocurrency'."

Guild by name association I guess... Give me a break.

Another random internet tough guy with no knowledge of what bitcoin is or how it came into being, spreading FUD.

kokojie

legendary

Activity: 1806

Merit: 1003

Quote from: franky1 on November 09, 2013, 04:23:49 AM

so what is the work-around to fix this, so that the victims are not forced to pay into this scam and then treating bitcoin as a criminal preferred coin. if we as a community help out the victims by solving their woes they wont need to pay into it and think of bitcoin as a bad thing.

secondly this address that the funds get paid into could simply be a mtgox, bitstamp, btc-e deposit address. because once its in an exchange the funds just get split up for other users who are withdrawing.

we don't want criminals tainting the coins, i definitely don't want to withdraw my coins from an exchange and realise they are linked to the deposits of this scammer using the same exchange.

yes, there's a very simple work-around/solution:
1. don't open suspicious email attachment
2. back up your shit if they are worth paying a ransom for.

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: GenTarkin on November 11, 2013, 12:51:01 AM

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)

VSS?
How?

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Quote from: AndrewWilliams on November 10, 2013, 02:08:23 PM

Hmmm... makes me want to buy one of these:

Aegis Padlock External Harddrive, Real time 256 bit AES encryption, hardware

http://www.staples.com/office/supplies/StaplesProductDisplay?storeId=10001&partNumber=SS2073376&catalogIdentifier=2&langId=-1&ddkey=http:StaplesZipCodeAdd

that looks like a pretty dangerous place to store ones files.

GenTarkin

legendary

Activity: 2450

Merit: 1002

CryptoLock virus afaik, only encrypts files it has access to(including network shared write acces files). One way to restore access to your files is, recovering your files via VSS snapshots(also including shared network files on server). Cryptolock cannot encrypt those.
I love VSS =)

EnderHf

member

Activity: 60

Merit: 10

Well damn that guy is makin bank though it would suck if someone stole my files and locked them

mb300sd

legendary

Activity: 1260

Merit: 1000

Drunk Posts

I get a few hundred of these emails a day (own server with catch-all). its so painfully obvious that their fake... Hopefully anyone paying learns not to open random emails, financial cost is the only thing that motivates some people to learn anything.

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

The most important lesson: Don't click random exes or pictures or whatever from random people you don't know. And even if you know them, make sure to use some sort of sandbox or virtual machine or some isolated environment to test or view whatever it is that you do download.

superduh

hero member

Activity: 602

Merit: 500

solution necessary asap
1) everyone should start backing things up
2) block the virus ASAP - have email hosts scan attachments
3) ugh

AndrewWilliams

full member

Activity: 182

Merit: 100

Fourth richest fictional character

Hmmm... makes me want to buy one of these:

Aegis Padlock External Harddrive, Real time 256 bit AES encryption, hardware

http://www.staples.com/office/supplies/StaplesProductDisplay?storeId=10001&partNumber=SS2073376&catalogIdentifier=2&langId=-1&ddkey=http:StaplesZipCodeAdd

Lauda

legendary

Activity: 2674

Merit: 2965

Terminated.

Quote from: mel2000 on November 09, 2013, 05:35:12 PM

Quote from: Gabi on November 09, 2013, 06:44:19 AM

It is funny:
there is a thread about mainstream adoption of bitcoin
and then there is the thread.

It is clear that the mainstream have no hope to adopt bitcoin, since they are even UNABLE to avoid such idiot virus and are UNABLE to properly backup their data. And they should adopt bitcoin? Ahahah nice joke

Backing up your data to a directory that CryptoLock looks for, even if on an external drive, will result in that directory getting encrypted too.

http://www.foolishit.com/vb6-projects/cryptoprevent/

What's this about exactly?

Rupture

full member

Activity: 182

Merit: 100

Damn 4600? Must be working well

Dabs

legendary

Activity: 3416

Merit: 1912

The Concierge of Crypto

Does the virus encrypt the whole drive? Or does it just move everything into an archive? Does it securely delete and overwrite the original files? If not, maybe you can undelete them.

mel2000

member

Activity: 79

Merit: 10

Quote from: Gabi on November 09, 2013, 06:44:19 AM

It is funny:
there is a thread about mainstream adoption of bitcoin
and then there is the thread.

It is clear that the mainstream have no hope to adopt bitcoin, since they are even UNABLE to avoid such idiot virus and are UNABLE to properly backup their data. And they should adopt bitcoin? Ahahah nice joke

Backing up your data to a directory that CryptoLock looks for, even if on an external drive, will result in that directory getting encrypted too.

http://www.foolishit.com/vb6-projects/cryptoprevent/

crazy_rabbit

legendary

Activity: 1204

Merit: 1002

RUM AND CARROTS: A PIRATE LIFE FOR ME

Thats terrible. Someone needs to find these people and shut them down. This is terrible PR for bitcoin in general.

DeeSome

sr. member

Activity: 378

Merit: 250

Reading further into that article I linked above, I've revised my thoughts on how it could affect bitcoin, I would not be at all surprised if there was some official agency behind Crypto Locker.

http://krebsonsecurity.com/2013/11/cryptolocker-crew-ratchets-up-the-ransom/

"the service, which is currently hosted at one of several addresses on the Tor anonymity network."

Think about it, get enough people talking about this virus and a Govt. agency can associate bitcoins and Tor with criminal activity and give themselves more leverage to insist on "back doors" being built into the Tor network, even making use of it illegal.

DeeSome

sr. member

Activity: 378

Merit: 250

Doesn't seem all that bad for bitcoin, if anything it will bring bitcoin to the attention of more people.

http://krebsonsecurity.com/2013/11/cryptolocker-crew-ratchets-up-the-ransom/

“We put up survey and asked how many [victims] had paid the ransom with Bitcoins, and almost no one said they did, Abrams said. “Most paid with MoneyPak. The people who did pay with Bitcoins said they found the process for getting them was so cumbersome that it took them a week to figure it out.”

Gabi

legendary

Activity: 1148

Merit: 1008

If you want to walk on water, get out of the boat

It is funny:
there is a thread about mainstream adoption of bitcoin
and then there is the thread.

It is clear that the mainstream have no hope to adopt bitcoin, since they are even UNABLE to avoid such idiot virus and are UNABLE to properly backup their data. And they should adopt bitcoin? Ahahah nice joke

D357@RG

newbie

Activity: 27

Merit: 0

Quote from: trout on November 09, 2013, 04:08:52 AM

those many-to-many tx's look like blockchain.info's new mixer.

Yes and no. I'm 50/50 - to me it looks like all these small amounts, roughly similar value, being bundled together. For a mixer, they wouldn't all be such uniform size amounts at mixer entry layer, I wouldn't think.

Prior to this, we've had one other CryptoLock victim come to us for assistance. This was a couple of months back and, at the time, the software demanded an odd number (~3.2BTC). From this, we had thought it was aiming for USD300.

Looking at the transactions related to the ransom address, it seems CrytpLock has switched and now aims to collect a round 2BTC. Quite a lot of money really and certainly a marked increase over a three month period.

Topic: CryptoLock - wow they really are making some money - page 2. (Read 8927 times)