ALERT: New Virus Demands Ransom For Your Data - Comments Page 1

Back in September we did get hit by the Cryptolocker program. It locked the files you mentioned plus pdf files. Fortunately, we caught it before it spread throughout the entire network. The only other point I will mention is that it is actually downloaded sometime prior to when it locks your files. It has to have time to run and encrypt your files. Lock for suspicious hard drive activity also.

"Even more sinister, Powerlocker can also detect whether it is being run in a virtual machine or “sandbox,” an isolated area of memory from which applications cannot alter user data. This enables Powerlocker to thwart security researchers attempting to safely study the malware."
Does this mean that if Powerlocker detects that I'm using Sandboxie, it won't try to activate? And if it does activate, will Sandboxie protect me?

EDITOR'S NOTE: The information I've found on this is not clear. My presumption is that it will not activate in those environments, so as to prevent analysis of its behavior. I don't believe it can penetrate a sandbox or virtual machine, and infect the host computer.

Dear Bob
Thanks for this - I was about to suggest you cover it - I had heard of CryptoLocker from Major Geeks. For what it's worth, I have installed CryptoPrevent (on W7 Ultimate)in addition to Antivirus (Eset) and Malwarebytes, and so far it does not sem to have interfered with anything or caused any problems, in fact it is unnoticeable; and nor has my machine been savaged. Of course, I cannot tell whether that is because it is any good, but.....

This happened to me while on an adult site. I'm using Avast Free and it blocked it. Here in Canada instead of the FBI,the RCMP comes up.

Installed CryptoPrevent, restarted per instructions, and then opened Task Manager. Checked every tab and cannot find it running. Does it run full time or just lurk in the background?

P.S. What about an article on how to set up a sandbox ? I have always avoided doing so, fearing that it might confuse my back-ups but that surely is ignorance ? Do you find them useful ?

EDITOR's NOTE: See http://askbobrankin.com/can_a_sandbox_improve_security.html :-)

Thank You!....

Thank You just doesn't seem enough to to express my appreciation for your diligence, knowledge/understanding of the things that are occurring in this computer world of ours,
but this is all that I can say; Thank You Bob! I will follow you recommendations and protect my computer from this new-potential threat. As the saying goes, "An once of prevention is better than a pound of cure." You have enabled me to be proactive versus reactive, and for that I Thank You!, and I am most grateful.

I first ran across an encryption/extortion virus in a malware class at Denver Free University in 1983! Back then, viruses were spread by contaminated 5 1/4" diskettes.

A few years ago, while staying in a hotel, I asked IT person what software restored the computer upon EVER reboot. He told me Deep Freeze.
http://www.faronics.com/products/deep-freeze/standard/

I seem to recall that user files were untouched, but no windows changes were permanent. Not sure if this would defeat CryptoLocker.

Another idea I have is to always boot from a live Linux CD and then save files to Hard Drive. Again, not sure of effect on Crypto

Near the end of your article You have a site that says:
For information about the program, see this page.

I clicked it and a site came up called error 500. It didn't make sense, so I stopped it. I tried again and a site started loading that said waiting for www.foolish*t .com to load. I shut it down. Has your article been compromised?

EDITOR'S NOTE: Nothing wrong... the website is FoolishIT.com (as in Foolish IT). The site is busy and a bit slow right now, but if you try again, it should work.

Bob, the anti-malware industry is going about it backwards.

It has been said the best defense is a good offense. Many of these viruses phone home to enable their attack. Instead of building bigger and bigger walls of defensive antivirus (which are ALWAYS going to be less than 100% effective), why not put a software on EVERY computer that will follow that signal back to the malware's server and lock IT up?

Take the fight to them! Nobody would risk trying to infect my computer if the result would be a total shutdown of theirs.

EDITOR'S NOTE: The problem is that most malware is distributed via compromised computers and websites. And those belong to ordinary folks who have no idea what's going on.

This happened to me with the FBI logo and asking for money. It locked up the computer and I couldn't do anything. I was able to boot up to safe mode. I was then able to restore the computer to a later date and that cured the problem.

Will it infect external hard drives,too?

EDITOR'S NOTE: Yes, it can. Well, at least it can AFFECT them (by encrypting files). That's why I make an image of my hard drive, store it on an external drive, and then occasionally transfer that image to Dick Cheney's Bunker.

Bob ... Thanks so much, for the info, regarding "protection" against this heinous virus or whatever this cyber crime is.

I trust you and your recommendations, so I have already downloaded the CryptoPrevent. I was amazed as to how little the download was ... Reminds me, of the old Assembly Code and for me, that made it a "done deal." I even purchased the Premium version, so I wouldn't have to worry about "updates", plus, I can use my Product Code on ALL Home PCs!!! You just can't beat that. :)

My Hubby is pretty good about NOT clicking on everything or responding to everything, without checking it out with me ... But, I have other family members, that will use his computer and they are not as trust worthy. :)

Bob Price:
CrytoPrevent isn't a program. Well, it is a program, but what it does is to lock the folder where CrytoLocker usually executes by changing the rights of that folder. After CrytoPrevent sets the folder rights, it's done and drops out of memory.
Other legitimate programs may blocked by CrytoPrevent, and indeed if a new CrytoLocker variant changes it's executable folder, it will *not* be blocked.
As Bob says, CrytoPrevent is a general defense against a very specific malware. Your first line of defense is your own behavior, second is an updated AV program.
-bb

Thats why I keep a Macrium Reflect image of my hard drive on a USB stick. I can always wipe my hard drive and reinstall my windows operating system.

I think in a couple of comments there is a confusion between the garden variety ransomware which simply locks up the computer, and CryptoLocker which is a far more dangerous and tenacious attack. I have had a couple of FBI-type virus attacks which I managed to cope with on my own, though I subsequently found that several websites such as bleepingcomputer.com offered very hand little programs which could free the computer and let one deal with the attack easily. Scary, but easy to defeat (and basically, I'm a novice). But once CryptoLocker has done its dirty work, the only defence seems to be to have a full image backup of your drive on an outside medium so you can wipe the encrypted drive and reinstall.
Fortunately the whole help community seems to be making a concerted effort to point us to the defence we need, including lots of free stuff, so anyone who listens has little to fear.

I wonder if a person got infected how they would go if they ran a Ubuntu Live CD. Would they then be able to access their files then copy them to another location where they are safe. If so they could then format and reinstall or if they have an Operating system image they could reimage.

EDITOR'S NOTE: Sure, you might be able to copy the files, but they would still be encrypted and useless.

Yes, thanks for your usual exceedingly helpful articles Bob :)

Joe: "This happened to me with the FBI logo and asking for money. It locked up the computer and I couldn't do anything. I was able to boot up to safe mode. I was then able to restore the computer to a later date and that cured the problem".

Did you mean you restored your computer to an earlier date?

This sounds very much like a variant of the FBI ransomware that has been going around for some time.

EDITOR'S NOTE: ...which is why I mentioned that at the beginning of the article. :-)