CryptoLocker Ransomware

Joe C · Nov 7, 2013

This is a very nasty one, if you get hit with this encryption type of ransomware your screwed from getting any data back
https://www.us-cert.gov/ncas/alerts/TA13-309A
CryptoLocker ransomware â€“ see how it works, learn about prevention, cleanup and recovery | Naked Security

carnageX · Nov 7, 2013

Yep, quite a few of those. I remember a couple years back the first big one hit with like 2048-bit encryption lol.

Joe C · Nov 7, 2013

I remember a while back when some of the ransomware first came out that the warning did state your files are locked, but they really were not and you could clean up the system with combofix or one of those programs and everything went back to normal. This is supposed to be a new one that actually does encrypt your personal files with RSA 2048 encryption, the key is on the criminals server and without it....your personal stuff is useless

carnageX · Nov 7, 2013

Joe C said:
I remember a while back when some of the ransomware first came out that the warning did state your files are locked, but they really were not and you could clean up the system with combofix or one of those programs and everything went back to normal. This is supposed to be a new one that actually does encrypt your personal files with RSA 2048 encryption, the key is on the criminals server and without it....your personal stuff is useless

Yeah, that's the one I heard about. Not a new idea at all though because like I said, I heard of this a couple years ago; probably just a new strain going around.

luke127 · Nov 14, 2013

Problem is with encryption the data then becomes very hard to recover. I myself use a 768 bit encryption key on my hard drive and even then it's hard so imagine would 2048 would be like....

carnageX · Nov 14, 2013

luke127 said:
Problem is with encryption the data then becomes very hard to recover. I myself use a 768 bit encryption key on my hard drive and even then it's hard so imagine would 2048 would be like....

That's the whole point of the malware... It becomes impossible to crack, and the only way to recover the data is with the encryption key.

Lexluethar · Nov 15, 2013

Do we know if combofix will fix this new one?

Yevrag35 · Nov 15, 2013

Lexluethar said:
Do we know if combofix will fix this new one?

From what I've seen, it's not too difficult to remove. The real problem is that it *actually* encrypts your data, which no anti-virus can undo.

luke127 · Nov 16, 2013

I mean you could always attempt to get the key from where ever it's stored using some rather unorthodox methods.....

carnageX · Nov 16, 2013

luke127 said:
I mean you could always attempt to get the key from where ever it's stored using some rather unorthodox methods.....

The key is stored on the person's computer that infected you in the first place. The only way they give it to you is if you pay the ransom (even then, there's been reports of them not giving you the key).

CryptoLocker Ransomware

Joe C

Golden Master

carnageX

Private Joker,

Joe C

Golden Master

carnageX

Private Joker,

luke127

The Ghost

carnageX

Private Joker,

Lexluethar

Fully Optimized

Yevrag35

Pushing Daisies on Saturn

luke127

The Ghost

carnageX

Private Joker,

Similar threads