Well that was unexpected...
I booted my PC and upon entering the Windows desktop I was greeted with a background image accompanied by a pop-up window telling me that all my files were now encrypted and if I wanted to get them back I had 24 hrs to send 300 dollars in bitcoins to a certain server in exchange for an unlocking key.
If the timer runs out without payment recieved or any tampering with the software is detected, the unlock key would be deleted from their server and my files are lost forever.
Files encrypted include documents and photo's, so without a back-up all your Personal stuff is gone. Luckily I have all my stuff on a different computer, so a clean followed by a format C was not such a big deal, but this form of malware can be rather disastrous!
There is no way to decrypt your files though, just to get rid of the infection itself. So without a proper back-up you are screwed.
Be warned!
I probably got it because the missus clicked an add or opened an email she was not supposed to.
Wow....that really stinks.
Yikes.
Yowza! Did you have up-to-date antivirus software running on your PC when it happened? That really sucks...
Quote from: Grim.Reaper on March 08, 2014, 11:43:07 AM
Wow....that really stinks.
Quote from: Nefaro on March 08, 2014, 11:44:07 AM
Yikes.
+1 to what they said.
Sorry to hear that,
Yskonyn. I'm glad nothing truly important/critical was lost, but it's still a shitty deal.
Quote from: FarAway Sooner on March 08, 2014, 12:49:20 PM
Yowza! Did you have up-to-date antivirus software running on your PC when it happened? That really sucks...
Yes, I would think/hope a good anti-virus software would prevent this. Am I naive to think this?
Move to tech talk.
What AV were you using?
Yikes indeed.
This is why I don't ever use computers or the Internet.
Thanks guys,
Yes I was running ESET NOD 32 version 7. A good anti-virus software, but this particular thing was a Malware. Something a virus scanner doesn't usually protect you from.
From what I gather on the web, Malwarebytes Anti-Malware is about the only mainstream program that can get rid of the infection.
But nothing can de-crypt the files that were affected. So unless you can restore a backup, you're screwed.
As for preventing;
Awareness is the best defense; if you get a weird email, check, double check and look at details in there. There are always weird things in those mails that eventhough they seem to come from a legit sender like Paypal, certain parts of the mail do not add up; addresses, familiar (from your addressbook) contacts referenced, weird looking URLs in embedded links. Stuff like that.
There is a tool to lock certain windows parts from being accessed and therefore supposed to prevent Cryptolock from being able to get installed. But those tools are pretty shady themselves...
Maybe it's a good time to point out the PC Mag survey:
(https://www.grogheads.com/forums/proxy.php?request=http%3A%2F%2Fwww7.pcmag.com%2Fmedia%2Fimages%2F403919-best-security-suites-2013-10.jpg%3Fthumb%3Dy&hash=063cffe33cea0d0ebdb9f6eb32d320ae0356ec8b)
http://www.pcmag.com/article2/0,2817,2369749,00.asp (http://www.pcmag.com/article2/0,2817,2369749,00.asp)
Today.com (http://www.today.com/money/nasty-new-malware-locks-your-files-forever-unless-you-pay-8C11511655) has an article about CryptoLocker and so does Wikipedia (http://www.today.com/money/nasty-new-malware-locks-your-files-forever-unless-you-pay-8C11511655).
If worse comes to worse, couldn't you just format your hard drive and get rid of it (and everything else!)?
.
I wasn't aware that CryptoLocker affected the System BIOS. If it does it's nasty indeed.
That's just plain evil. This kind of thing should be an international offense with a harsh punishment. Really there is big business to be made in tracking and capturing these kinds of malicious software criminals.
This is the same act as if someone physically entered your house while you and your family were away and then proceeded to change the locks and board the windows. You could only re-enter your house provided that you payed some extortion over to the thief. I'm kind of outraged by this.
Anyway sorry to hear this happened to you Yskonyn and I hope that you did not lose anything important even though you had a backup.
well stories like these make me go setup my backup
I have Norton 360 its a pain sometimes but I am glad to see that it is rated highly and I am using their backup software now
Thanks for the warning
Con
I dont think Cryptolocker nests into the BIOS. At least I do not read anything about that, do you have a link with more info on this, eyebiter?
My system is up an running again after a format. Luckily nothing was destroyed which could not be replaced.
.
.
I used to have this awesome gaming motherboard with 2 bioses. If one failed you would flip a connection to the backup. MSI IIRC.
I have a Dropbox account where everything stored within the Dropbox directory is automatically backed up online. Another arrow in your quiver of defense.
I think Bitcoin is very scary. How else can one be extorted from anywhere in the world with impunity? Why it is so in vogue these days?
From wiki:
"A 2012 case study report by the European Central Bank noted that Bitcoin shares some, but not all, characteristics of Ponzi schemes and concluded that "it [is not] easy to assess whether or not the Bitcoin system actually works like a pyramid or Ponzi scheme."[134]"
"According to Mark T. Williams of Boston University, bitcoin is over 7 times as volatile as gold and over 8 times as volatile as the S&P 500"
Bitcoin at best seems to be a risky investment, at worst a untraceable way to rip anyone off in the world.
I would never go anywhere near a bitcoin. At least fiat currencies issued by countries are backed by the desire of that country to appear stable.
Quote from: Swatter on March 09, 2014, 04:01:13 PM
I have a Dropbox account where everything stored within the Dropbox directory is automatically backed up online. Another arrow in your quiver of defense.
The page Eyebiter linked says that your Dropbox folders might still get infected if you have the online folders mapped as network drives.