October 2013 Archives

October 24, 2013

Upvoted: CryptoLocker Recap: A new guide to the bleepingest virus of 2013.

As the previous post, "Proper Care & Feeding of your CryptoLocker Infection: A rundown on what we know," has hit the 500 comment mark and the 15,000 character limit on self-posts, I'm going to break down the collected information into individual comments so I have a potential 10000 characters for each topic. There is a cleaner FAQ-style article about CryptoLocker on BleepingComputer.

Special thanks to the following users who contributed to this post:

  • /u/zfs_balla
  • /u/soulscore
  • /u/Spinal33
  • /u/Maybe_Forged
  • Fabian Wosar of Emsisoft
  • Grinler of Bleepingcomputer for his Software Restriction Policy which has been adapted for new variants
  • Anonymous Carbonite rep for clarification on Carbonite's mass reversion feature.
  • Anyone else that's sent me a message that I haven't yet included in the post.

I will be keeping a tl;dr recap of what we know in this post, updating it as new developments arise.

tl;dr: CryptoLocker encrypts a set of file masks on a local PC and any mapped network drives with 2048-bit RSA encryption, which is uncrackable for quite a while yet. WinXP through Win8 are vulnerable, and infection isn't dependent on being a local admin or having UAC on or off. MalwareBytes Pro and Avast stop the virus from running. Sysadmins in a domain should create this Software Restriction Policy which has very little downside (you need both rules). The timer it presents is real and you cannot pay them once it expires. You can pay them with a GreenDot MoneyPak or 2 Bitcoins, attempt to restore a previous version using ShadowExplorer, go to a backup (including versioning-based cloud backups), or be SOL.

EDIT: I will be updating individual comments through the evening to flesh out areas I had to leave bare due to character limitations or lack of info when they were originally written.

EDIT 2: There are reports and screenshots regarding a variant that sits in AppData/Local instead of Roaming. This is a huge development and I would really appreciate a message with a link to a sample of this variant if it does indeed exist. A current link to the known variant that sits in Roaming would also be appreciated.

10/24/13 EDIT: Please upvote How You Can Help for visibility. If you can contribute in any of those fashions it will help all of us a lot.

submitted by bluesoul to sysadmin
[link] [294 comments]

via reddit: the front page of the internet

October 23, 2013

Upvoted: Using CryptoLocker's powers for good over the scam callers from "Windows"

So reading this great /r/talesfromtechsupport story, I wondered; instead of a zip full or porn and a zip full of viruses, just put one virus in there: CryptoLocker.

Once they run it (and they will) you have successfully damaged them but you have also, potentially, destroyed all the data they have harvested about other victims.

Going to try and find the time to create an XP virtual machine with just this on the desktop (maybe some fake family pics to make it look more legit). If anyone else does, and gets a call, would be brilliant to hear!

submitted by bigolslabomeat to sysadmin
[link] [comment]

via reddit: the front page of the internet

October 17, 2013

Upvoted: The Stanley Parable, the remake of my 2011 Half Life 2 mod, is now available on Steam! /r/gaming helped popularize the original game, I owe you guys a lot :)

Upvoted: The achievements are the only way to describe this game (The Stanley Parable)

October 15, 2013

Upvoted: Finally got hit by Cryptolocker

I feel so special now, having to restore 1 TB of backups.
Is there any real way to prevent it from hitting things hard, other than switching from Windows? Seems like if you have things with shared permissions it's near impossible to minimize impact.

submitted by outer_isolation to sysadmin
[link] [136 comments]

via reddit: the front page of the internet

October 14, 2013

Upvoted: Using pushover with AWS CloudWatch and SNS

October 9, 2013

Upvoted: Birthdays ain't what they used to be