|
So some genius/rear end in a top hat leaked the original "gib money or no more photos" code, and now scriptkiddies all over the planet (might be exxagerated) are trying to cash in once again. Awesome. Of course my company doesnt believe in backups of local harddrives because "we have firewall and some guy on tv said thats good". Now i have the first of what i guess could turn out as a series of notebooks that managed to get infected with a Cryptolocker clone and the super funny thing this time is, guys are using their own encryption algorythms. So the savior-page that went live last year (which let you upload one file to analyze the algorythm and produce a decryption key) is no longer of use since it doesnt recognize the files frmo the newest infection as proper Cryptolocker encryption and tells you to shove it. For those who never heard of Cryptolocker, it was a big thing last year. Ransomware. It doesnt simply kill off your files, it encrypts them and then tells you to pay money to have them accessible again. Smart move basically, you dont kidnap someone and send their relatives pictures of the corpse expecting them to pay. You send them a finger first. Or an ear. Or a popup demanding 100 bucks for a decryption key. Any of you goons stumbled over this recently?
|
#
¿
Nov 12, 2014 16:04
|
|
|
|
| # ¿ May 18, 2024 00:11 |
|
|
Yup, thats the one i mentioned that doesnt work for the infection i have here... tells me that the encryption is not cryptolocker, since its a clone most likely.
|
|
#
¿
Nov 12, 2014 16:42
|
|
|
EkardNT posted:Look on the bright side: your company now believes in backups. Not a chance. We dont even believe in shadowcopies anymore  quote:Yup, we've picked up a few clients who got hit by this as well.
|
|
#
¿
Nov 12, 2014 17:45
|
|
|
Mutar posted:Do you have a source for this? Trying to get more ammo for my "Holy poo poo just get crashplan to back up these workstations" conversation. Not my original source, i cant remember where i found that during my 6-hour session of gathering information... But i think you cant go wrong with this: http://www.cnbc.com/id/101195861?goback=.gde_3959309_member_5807100619516825603#! Especially quote:"Anytime you see an underground business that is doing well, you will always see more people copying it," Also, my client got his from a legit cmpanies legit mailserver - someone hacked into their exchange and simply had the server attach the faked files. Genius basically. Im left with the cleanup. EDIT: Think it was this thread on the norton boards: http://community.norton.com/comment/5978771#comment-5978771 Especially the comments of "Quads" (ignore animu avatar) Yolomon Wayne fucked around with this message at 11:01 on Nov 13, 2014 |
|
#
¿
Nov 13, 2014 10:55
|
|
|
Thanks Ants posted:Not running as local admin, and not allowing applications to execute from inside the user profile I thought covered most bases? If you're supporting customers who want local admin for everyone and no restrictions then I guess you're hosed. Just to chip in again, our users are no admins and cant even cha<nge their desktop background color, but this thing manages to gently caress up their harddisks. Just got another notebook with another variant, this time 2048bit encryption. Lol.
|
|
#
¿
Dec 3, 2014 14:38
|
|
|
|
| # ¿ May 18, 2024 00:11 |
|
|
skooma512 posted:This is why Linux guys love to talk mad poo poo about Windows. I love what it lets me do, I don't have anything else, but it's so trusting and you can hosed up so bad even without admin rights. It's too late to redo it because of all the legacy stuff. I hear this a lot, and my usual reply is that if i had to chose wchich platform to design a virus for, id naturally chose the one with the most potential victims. Im sure you could get some poo poo like this going on macs or even linux, but why bother with the handful of those if theres billions of windows out there to target?
|
|
#
¿
Dec 4, 2014 13:54
|
|