Go Back   Computer Forums > General Computing > Cyber Safety and Computer Security
Click Here to Login
Join Computer forums Today


Reply
 
Thread Tools Search this Thread Display Modes
 
Old 03-30-2014, 02:02 PM   #11
In Runtime
 
Join Date: Feb 2013
Location: UK
Posts: 156
Default Re: Cryptolocker

Quote:
Originally Posted by strollin View Post
Removing the virus itself is fairly trivial but it's doubtful anyone will be able to crack the encryption method they use to encrypt your data so unless you pay the ransom the data is as good as GONE. That's why it's important to have a good backup.
Exactly the point I was making, removal is trivial (doesn't get you very far) and protection is a constant race as it is recoded to avoid AV signature detection. I think it's been fairly well stated here people should have backups!
__________________

_michaelm is offline   Reply With Quote
Old 03-30-2014, 11:04 PM   #12
Baseband Member
 
tmc8295's Avatar
 
Join Date: Apr 2013
Location: United States
Posts: 51
Default Re: Cryptolocker

It's funny. I always hear about people taking about data side of this virus however I've removed this virus off of 8 computers now easily and the data was completely fine. Files worked fine and all were accessible. Anybody actually have their data locked? Or just going by what the virus says? Because we all know how honest viruses can be! :P

Sent from my SCH-I605 using Computer Forums mobile app
__________________

tmc8295 is offline   Reply With Quote
Old 03-31-2014, 09:09 AM   #13
Fully Optimized
 
jmacavali's Avatar
 
Join Date: Jun 2009
Posts: 4,867
Default Re: Cryptolocker

There are several different versions. But this virus really does lock your files. No other virus has actually been able to do that effectively before. So it's unlikely you were removing the actual Cryptolocker virus and more likely it was one of the other viruses like this one.
__________________
****************************************
Don't take life too seriously -- no one gets out alive. Plus, who wants to arrive to the hereafter in pristine condition wearing a suit and tie?
I want to slide in sideways, worn out, used up, hair a mess, clothes tattered, & screaming, "Whooo! What a ride!"
****************************************
jmacavali is offline   Reply With Quote
Old 03-31-2014, 09:43 AM   #14
Baseband Member
 
tmc8295's Avatar
 
Join Date: Apr 2013
Location: United States
Posts: 51
Default Re: Cryptolocker

No it was definitely the crypto locker. I'm the senior technician at a big local store and there was an outbreak of them coming in when crypto first emerged, computer and many things locked out, including many files. But running a virus removal through a PE environment and then rebooting into safe mode and running virus scans through two other programs as well. Afterwards everything was working, there some corrupted files but nothing near worrying about in comparison to the ransom money

Sent from my SCH-I605 using Computer Forums mobile app
tmc8295 is offline   Reply With Quote
Old 03-31-2014, 01:53 PM   #15
In Runtime
 
Join Date: Feb 2013
Location: UK
Posts: 156
Default Re: Cryptolocker

Quote:
Originally Posted by tmc8295 View Post
No it was definitely the crypto locker. I'm the senior technician at a big local store and there was an outbreak of them coming in when crypto first emerged, computer and many things locked out, including many files. But running a virus removal through a PE environment and then rebooting into safe mode and running virus scans through two other programs as well. Afterwards everything was working, there some corrupted files but nothing near worrying about in comparison to the ransom money

Sent from my SCH-I605 using Computer Forums mobile app
If you had locked files and then those steps you mention made things came back, then I can categorically assure you that it wasn't the variant of cryptolocker being discussed here that encrypted them. None of the samples I've seen in the past 6 months have exhibited this behaviour.

You could have had a cryptolocker infection, but the machine must not have been connected to the internet when when it got installed (hence never performed the encryption) as the decryption key is never on your computer so any AV would not be able to do anything about it. Cryptolocker achieves this by using asymmetric cryptography rather than more traditional full-disk encryption tools which use symmetric ciphers such as AES.
__________________

_michaelm is offline   Reply With Quote
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off



All times are GMT -5. The time now is 05:09 PM.


Powered by vBulletin® Version 3.8.8 Beta 4
Copyright ©2000 - 2017, vBulletin Solutions, Inc.
Search Engine Friendly URLs by vBSEO 3.6.0