crypto defence ransom ware
this is a nasty one......
got a computer to fix with this on it
not looking good at the moment
f
有段者
| Look Here -> |
ouch thats a nasty piece of work
dont say linux if i wanted it id install it
Jeez, I would say the average Joe would be stonkered by that. Guess the only other alternative would be to wash your hard drive and start again.
Provided there is a separate secure backup which has been regulary maintained.
hmmmm looks to be the case, if it was infected after the 1st April so the only vulnerability was removed with the latest versionOriginally Posted by Landytrack
f
Last edited by freakee1; 09-04-14 at 12:28 PM.
有段者
interested to know does it only lock up the main drive or does it attack files on all drives
dont say linux if i wanted it id install it
Tiny (08-04-14)
maybe hook the drive up as a slave on a pc you dont care about
then try to backup the important stuff only
then wipe it
https://www.facebook.com/philquad68
I was looking at a customers infected PC start of the week, put a bit of time in to cleaning up but got nowhere. It uses windows own file encryption which stores the encryption key on the hdd, that fact is posted all over security blogs; however no one shows how to decrypt the files!
If you run cipher.exe it shows none of the files are encrypted, that's because the headers have all been modified (open a few files in a hex editor and look at the first ~3 rows), if you manually remove this garbage at the start of the file they still can't be decrypted with cipher. I ran out of ideas and took an image of the hdd, wiped, re-installed and put the image aside incase someone cracks it.
johnhoward (19-04-14)
One question, was the customer running any anti virus software ?
CryptoDefense spreads via .zip files sent as email attachments.
Therefore, always, always be wary of unexpected email attachments and spam.
BTW:
Ransomware even can modify the master boot record and/or partition table (which prevents the operating system from booting at all until it is repaired).
Last edited by jwoegerbauer; 08-04-14 at 07:23 PM.
According to the F-Secure antivirus software manufacturer, the CryptoDefense is not to overcome.
The data get coded with a 256-bit-long AES and a 2048-bit RSA key. Who does not know the key, has no chance to see its data ever again. It would take like a quadrillion years to decrypt.
FYI:
In the USA even police, whose computer became infected, had to pay for unlocking.
Last edited by jwoegerbauer; 08-04-14 at 08:41 PM.
All drives it can find. And, unfortunately, if your backup drives are connected physically or via the local network to the PC that gets infected with CryptoDefense, your backups may also be encrypted as well.
Last edited by jwoegerbauer; 08-04-14 at 08:43 PM.
advast free, malwarebytes pro, avg 2014....
looks like it was included in an update package on the 28th March
As most have reported - it has encrypted the files, sent the key off to the server and self destroyed itself
I'm currently on the PC and it is working, and all anti.... stuff hasn't reported a thing, so I am assuming you allow windows to make the changes to infect your own computer
f
有段者
Trend Micro Worry Free Business Security Advanced.
Including network drives! if shadow copies are enabled this is a quick recovery and probably has newer data than 'last nights backup'.
Landytrack (09-04-14)
Why go to all the bother of Ransom Ware when you can create an app that does nothing and sell it on Google Play.
Tiny (09-04-14)
Thanks for the info.
Posting Permissions
Reply With Quote
Bookmarks