Posted by ReneeK_MI on 11/15/13 4:08pm
Msg #492949

Cryptolocker extortion virus - like, for real

My daughter's employer was shut down today with this, and their data is being held for 'ransom', 78 hours to pay $420 to have it de-crypted.

http://www.snopes.com/computer/virus/cryptolocker.asp (yep, it's for real - well, plus so is my daughter)

I use Webroot, and checked their forum - they're claiming they can keep the data from being encrypted (if you have Webroot), but they can NOT de-crypt it after the fact.

Reply by Luckydog on 11/15/13 5:35pm
Msg #492964

Yes, you have to pay the ransom... on the good side, I heard they do send you the code and keep their end of the bargain up. Used to be $250.00 a month or so back. Moral of the story, do not open up strange emails and links. Better backing up your photos and documents, and just getting a new PC for that price....but because it is a business, could be a whole other issue.

Reply by MikeC/TX on 11/15/13 7:41pm
Msg #492989

Cryptolocker is a very real threat, and unless you work for the NSA it's virtually impossible to decrypt the files.

"My daughter's employer was shut down today with this, and their data is being held for 'ransom', 78 hours to pay $420 to have it de-crypted."

Somebody there clicked on a link in an email. When I worked a corporate job, we had several instances of malware being inadvertently injected into our network because someone on the network was being careless with their email. This stuff doesn't just suddenly come into your computer- it's like a vampire, you actually have to invite it in...

Reply by notarydi/CA on 11/15/13 7:44pm
Msg #492990

heard about this....

a couple of weeks ago on a radio talk show......said even the NSA can't de-crypt it....said you might as well buy a whole new computer......

Reply by ReneeK_MI on 11/16/13 4:06am
Msg #493015

don't need to click any link to be infected

From the information given, all you have to do is just open the e-mail (fake UPS & FedEx e-mails used frequently), OR end up on an infected page (no clicking of anything required - they called it a "drive-by").

Reply by MikeC/TX on 11/17/13 7:19pm
Msg #493118

Re: don

"From the information given, all you have to do is just open the e-mail"

If this were true, email would no longer be used. Just opening an email will not cause code to execute - that's why these UPS and FedEx messages have attachments they want you to open. Opening the attachment could cause nasty things to happen but just reading the email won't. You actually need to do SOMETHING to launch the malicious code.

Here's one of the ways it happens. Windows default behavior is to hide known file extensions, and a lot of people don't know they can turn that behavior off. Why would you want to see file extensions? Because the bad guys might send an attachment with a name like "invoice.pdf.scr" - but if the file extensions are hidden, all you will see when you download it is "invoice.pdf". The REAL extension (.scr) means it's a script file which will execute as soon as you try to open what you think is just a PDF. Voila - your computer is now compromised.

To turn off this "feature", from Control Panel go to Folder Options. On the "View" tab, look for the option that says "Hide extensions of known file types" and make sure it is not checked. And now that you can see the actual file extensions, NEVER open an SCR file you receive in an email...

"OR end up on an infected page (no clicking of anything required - they called it a "drive-by""

That's very true, and it's not only the result of careless web surfing; sometimes the bad guys can infect a legitimate site with malicious "drive-by" code. There are a few possible lines of defense against that: a firewall like ZoneAlarm (free) which will prevent programs from installing software or contacting their Mother Ship without your permission; an antivirus program that is updated on a regular basis and can catch malicious code on the way in; or a browser such as Firefox or Chrome that can be configured to block your access to known malicious sites.

Reply by JanetK_CA on 11/18/13 2:46am
Msg #493127

Re: don

"To turn off this "feature", from Control Panel go to Folder Options..."

On which version of Windows does this work? I have Windows 7 and didn't see a "Folder Options" from the Control Panel. Any suggestions? Sounds like a great idea. Thanks for the tip!

Reply by MikeC/TX on 11/18/13 6:46pm
Msg #493197

Re: don

"On which version of Windows does this work? I have Windows 7 and didn't see a "Folder Options" from the Control Panel. Any suggestions?"

It works on all versions of Windows, but it may not be in the Control Panel on all of them. There's a search box at the top of the Control Panel window - just type in the folder, and it will zero it in for you.

Reply by LadyCA on 11/15/13 10:49pm
Msg #493008

Renee I had once this darn Webroot and it was so bad that I couldn't take it out of my computer unless I did a full restore on it .My opinion, the worst ever antivirus that they ever came up with.Hope no one else buy it cause is bad once is downloaded into your computer.

Reply by ReneeK_MI on 11/16/13 4:13am
Msg #493016

Gosh, sorry your experience wasn't what it should've been. I have Webroot on 5 computers and my phone (just over a year now) and couldn't be happier.

Reply by Cape/FL on 11/16/13 9:19am
Msg #493024

If anyone is interested, I just had a chat with my anti-virus team. Vipre Antivirus can detect and block crypto locker. However, once you have it they cannot repair the damage. Suggest everyone contact their provider and check. Stop it before it gets in.