ALERT: New Virus Demands Ransom For Your Data

I first ran across an encryption/extortion virus in a malware class at Denver Free University in 1983! Back then, viruses were spread by contaminated 5 1/4" diskettes.

A few years ago, while staying in a hotel, I asked IT person what software restored the computer upon EVER reboot. He told me Deep Freeze.
http://www.faronics.com/products/deep-freeze/standard/

I seem to recall that user files were untouched, but no windows changes were permanent. Not sure if this would defeat CryptoLocker.

Another idea I have is to always boot from a live Linux CD and then save files to Hard Drive. Again, not sure of effect on Crypto

Near the end of your article You have a site that says:
For information about the program, see this page.

I clicked it and a site came up called error 500. It didn't make sense, so I stopped it. I tried again and a site started loading that said waiting for www.foolish*t .com to load. I shut it down. Has your article been compromised?

EDITOR'S NOTE: Nothing wrong... the website is FoolishIT.com (as in Foolish IT). The site is busy and a bit slow right now, but if you try again, it should work.

Bob, the anti-malware industry is going about it backwards.

It has been said the best defense is a good offense. Many of these viruses phone home to enable their attack. Instead of building bigger and bigger walls of defensive antivirus (which are ALWAYS going to be less than 100% effective), why not put a software on EVERY computer that will follow that signal back to the malware's server and lock IT up?

Take the fight to them! Nobody would risk trying to infect my computer if the result would be a total shutdown of theirs.

EDITOR'S NOTE: The problem is that most malware is distributed via compromised computers and websites. And those belong to ordinary folks who have no idea what's going on.

This happened to me with the FBI logo and asking for money. It locked up the computer and I couldn't do anything. I was able to boot up to safe mode. I was then able to restore the computer to a later date and that cured the problem.

Will it infect external hard drives,too?

EDITOR'S NOTE: Yes, it can. Well, at least it can AFFECT them (by encrypting files). That's why I make an image of my hard drive, store it on an external drive, and then occasionally transfer that image to Dick Cheney's Bunker.

Bob ... Thanks so much, for the info, regarding "protection" against this heinous virus or whatever this cyber crime is.

I trust you and your recommendations, so I have already downloaded the CryptoPrevent. I was amazed as to how little the download was ... Reminds me, of the old Assembly Code and for me, that made it a "done deal." I even purchased the Premium version, so I wouldn't have to worry about "updates", plus, I can use my Product Code on ALL Home PCs!!! You just can't beat that. :)

My Hubby is pretty good about NOT clicking on everything or responding to everything, without checking it out with me ... But, I have other family members, that will use his computer and they are not as trust worthy. :)

Bob Price:
CrytoPrevent isn't a program. Well, it is a program, but what it does is to lock the folder where CrytoLocker usually executes by changing the rights of that folder. After CrytoPrevent sets the folder rights, it's done and drops out of memory.
Other legitimate programs may blocked by CrytoPrevent, and indeed if a new CrytoLocker variant changes it's executable folder, it will *not* be blocked.
As Bob says, CrytoPrevent is a general defense against a very specific malware. Your first line of defense is your own behavior, second is an updated AV program.
-bb

Thats why I keep a Macrium Reflect image of my hard drive on a USB stick. I can always wipe my hard drive and reinstall my windows operating system.

I think in a couple of comments there is a confusion between the garden variety ransomware which simply locks up the computer, and CryptoLocker which is a far more dangerous and tenacious attack. I have had a couple of FBI-type virus attacks which I managed to cope with on my own, though I subsequently found that several websites such as bleepingcomputer.com offered very hand little programs which could free the computer and let one deal with the attack easily. Scary, but easy to defeat (and basically, I'm a novice). But once CryptoLocker has done its dirty work, the only defence seems to be to have a full image backup of your drive on an outside medium so you can wipe the encrypted drive and reinstall.
Fortunately the whole help community seems to be making a concerted effort to point us to the defence we need, including lots of free stuff, so anyone who listens has little to fear.

I wonder if a person got infected how they would go if they ran a Ubuntu Live CD. Would they then be able to access their files then copy them to another location where they are safe. If so they could then format and reinstall or if they have an Operating system image they could reimage.

EDITOR'S NOTE: Sure, you might be able to copy the files, but they would still be encrypted and useless.

Yes, thanks for your usual exceedingly helpful articles Bob :)

Joe: "This happened to me with the FBI logo and asking for money. It locked up the computer and I couldn't do anything. I was able to boot up to safe mode. I was then able to restore the computer to a later date and that cured the problem".

Did you mean you restored your computer to an earlier date?

This sounds very much like a variant of the FBI ransomware that has been going around for some time.

EDITOR'S NOTE: ...which is why I mentioned that at the beginning of the article. :-)

I gave up windows some time ago and use only linux distributions. I have had no problems so far but wonder whether linux is really "immune"

Hello Bob,

Thanks as usual for your informative emails.

I have just downloaded and installed CryptoPrevent.

If it is this simple to lock certain areas from executing rouge code, why does Microsoft not do so as standard? i.e. Why does it take a free program form an enthusiast to do Microsoft's job for them?

I tried to use LastPass's form fill on this comment form, but it did not seem to work. I will have to investigate whether that is to do with CryptoPrevent or something else.

Thanks again for the newsletters,

Ken Ormson

Comment from one of my very expert adult sons.

One point he should make more clearly is that backups must be 'offline', for instance on unplugged USB drives or on write once disks, because this pest will encrypt any data on drives which are online.

A very interesting article - thanks Bob.
It would a real ouch if it came to pass. A question for you, I use a Seagate continuous back up drive. It backs up every changed file as it changes (including the OS), so would it back up an encrypted file as a change or a new file, do you know. If the name of the file is also encrypted would the Seagate program think it's a new file and act accordingly. It seems to me it may be a case where one has to carry out a manual back up as well and then disconnect it from the computer.

EDITOR'S NOTE: I don't know if the filenames are encrypted. But if your backup program keeps multiple versions, you should still be able to recover. I make an image backup weekly, with daily incrementals. I keep the backups for four weeks, deleting the oldest each week. And a copy of my image is stored offsite, as well.

Just for your information, this ALERT was on Television, on every Major TV Station, ONE MONTH ago!!! I forwarded the Information to all of my Friends!

EDITOR'S NOTE: Yes, cryptolocker has been in the news, but Powerlocker is just emerging. Also, it wasn't until recently that most of the major antivirus programs had detection capability.

I was looking through your site about dsl hacks. Kind of got a little insight, as I am sure my dsl is being hacked as I type. but I have encountered the ransomware nonsense I have/had a worm on my P.c. that was posted as a remote ransomware on the ic3.gov site a dll.host running under the default RD in documents, but have noticed I keep getting hit by Android.Trojan.Koler.A. As I feel this might be the same attacker I can't say for a fact other then he would love nothing more then to see me in prison, A: So I'm not a reliable source to the feds if they ever get their crab together and bust him B: just cause he's an evil puke who has done this to people before. Well the Trojan I thought I'd mention. And well I'll be back. like the site.

Hi again Bob,
Thanks again for a superb article. I have downloaded it (CryptoPrevent) to my computer.

A while ago, a friends computer was 'locked out' with this type of program, and on research I found a program called "Hit-man Pro" - Is it possible for you to research this and maybe post your expert advise as to is suitability/usability as well?

Cheers again. Recommend your newsletters to all my friends and in fact with posts like this one, I send the WHOLE e-mail to them, I also use the B.c.c - to protect their addresses from being harvested by 'bots'.

Thanks again. Des