cryptovirus?

[iParanormalx]

Just wondering if anyone has either been hit or know someone who has - one of my buddies is in IT for a hospital and one of their systems got it and held the data for ransom. Without the Key you can't unlock the data until you pay up... Kinda a gruesome terrorist-like approach to virtual warfare imo but luckily he had a full backup the previous night so most data was restored without significant compromise.

Luckily this isn't a post saying that I've been hit and need help!

 

[carnageX]

Topic on it here: http://www.techist.com/forums/f155/cryptolocker-ransomware-268716/

Apparently a few people where I work got hit; but had backups of everything so all was well.

 

[Joe C]

I concur....having a backups are the best solution. The only other option you have to get your data is to pay the crooks, and the longer you wait....the more they ask for

 

[carnageX]

I concur....having a backups are the best solution. The only other option you have to get your data is to pay the crooks, and the longer you wait....the more they ask for

The whole deal with Cryptolocker was you have a timeframe to pay: something like 48 hours, otherwise they delete the key off their server and you can't decrypt your data. I haven't heard of them doing a "longer you wait the more you have to pay" scheme I guess.

 

[Joe C]

My bad.... it called CryptoWall, which is a variant of CryptoLocker

When you are first infected with CryptoWall it will scan your computer for data files and "encrypt" them using RSA encryption so they are no longer able to be opened. Once the infection has encrypted the files on your computer drives it will open a Notepad window that contains instructions on how to access the CryptoWall Decryption Service where you can pay a ransom to purchase a decryption program. The ransom cost starts at $500 USD and after 5 days goes up to $750 with the cost increasing again after another 24 hours to a maximum ransom of $1,500 USD. This ransom must be paid in Bitcoins and sent to a Bitcoin address that changes per infected user.

CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

 

[carnageX]

My bad.... it called CryptoWall, which is a variant of CryptoLocker

CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Ah, ok. Didn't know that was how CryptoWall operated.

 

[kmackinley]

I have seen this on a large business network, a user opened a malicious email and got infected. It will spread to mapped drives so it spread to their server and encrypted their sales program's database files. Luckily we had shadow copies and full backups to restore or they would have been in deep.

 

[iParanormalx]

I have seen this on a large business network, a user opened a malicious email and got infected. It will spread to mapped drives so it spread to their server and encrypted their sales program's database files. Luckily we had shadow copies and full backups to restore or they would have been in deep.

Damn! Shadowcopy ftw!

Heres my thing - with all the technology and history logs on bank accounts its surprising to me that they can be paid by electronically transferred money and not be easily traced.

 

[carnageX]

Damn! Shadowcopy ftw!

Heres my thing - with all the technology and history logs on bank accounts its surprising to me that they can be paid by electronically transferred money and not be easily traced.

It's because they're using BitCoin. More places are supporting BitCoin as well.

I wish I woulda got in on BitCoin when it was just starting and you could get like 10 BTC for a couple bucks... would be able to pay a lot of bills now .