CryptoWall – CryptoLock – Ransom-Ware

Home Forums News CryptoWall – CryptoLock – Ransom-Ware

Viewing 15 posts - 1 through 15 (of 24 total)
  • Author
    Posts
  • #19344 Reply
    Art Munson
    Keymaster

    I had been vaguely aware of ransom-ware over the years but the the latest incarnations are particularly nasty. One of the newest is Cryptowall. You can get it from links, attachments, clicking on ads, even a trusted web site can be infected (via drive-by downloads). Cryptowall will make copies of all of your files, encrypt them and then delete the originals. It will do so for any computers on your network and any mapped drives, even if they are in the cloud (keep in mind that if you had the virus it takes awhile to encrypt the files. You could be backing up encrypted files to your cloud without knowing it!). You will then get a notice on your computer to pay a ransom (usually $500) by Bitcoin for the decryption keys. You will also get a countdown timer to “pay by” or else they will destroy the keys and you will not be able to recover your files. Windows PCs are the major target but all computers are vulnerable.

    The best backup is to ensure you have a clean system, back up to an external drive and REMOVE the drive from your system. Another option would be a backup service (I use Acronis) that uses versioning in the cloud. That way you could go back to a previous version if an encrypted file was backed up. I do both.

    You should know that many ransom-ware viruses have been defeated with programs developed to recover your files. Cryptowall (and the newer variants) has not been broken due to the complexity of the encryption. Anti-Virus programs can remove the virus but they also remove any ability of ever recovering the encrypted files if a solution is eventually found!

    I have installed CryptoPrevent which enforces a list of file extensions from being encrypted. I also installed the Premium version of Malwarebytes (it runs in real time) to prevent getting the virus in the first place. I’m also running Kaspersky Internet Security.

    To read more go to:
    http://www.bleepingcomputer.com ->General Topics ->News
    http://www.pcworld.com/article/2688992/malvertising-campaign-delivers-digitally-signed-cryptowall-ransomware.html
    Go to these from your browser.

    Needless to say we are staying away from clicking on any links in e-mails, attachments or ads.

    Scary stuff!

    #19347 Reply
    Art Munson
    Keymaster

    Bump

    #19356 Reply
    MichaelL
    Participant

    Scary stuff. It’s a wonder that authorities can’t follow the money trail to the criminals behind the ransom-ware.

    All of my drives are cloned. I keep multiple back-ups of everything, on multiple hard-drives. I keep a set of drives in a safe deposit box, at the bank.

    Thanks for posting.

    #19358 Reply
    Art Munson
    Keymaster

    “It’s a wonder that authorities can’t follow the money trail to criminals.”

    Hard to trace with Bitcoin. Also CryptoWall’s ransom payment servers are located on TOR, which allows the malware developers to stay hidden from the authorities.

    #19363 Reply
    MichaelL
    Participant

    It’s sad that intelligent people use their talent this way, rather than do something honest and productive.

    #19379 Reply
    Kubed
    Participant

    super-scary stuff!My main pc where i produce music is not connected to the internet,i have 2 anti-virus softwares on it and 2 external hd for back-ups (also never connected these HDs to the internet).
    Still,i use flash discs to get stuff from one pc to another so,i wouldn’t say i’m completely safe from such things.
    Having multiple clone back-ups is the best way to keep you calm in case Cryptowall finds you!

    #19390 Reply
    Michael Nickolas
    Participant

    Not to get too far off topic but like Kubed, my studio computer is not and never has been connected to the internet. But this is getting harder and harder as time goes by. I know of at least one program that will only update via an internet connection. And did you guys see the announcement from Cakewalk? SONAR introduced a membership plan. There’s a “Command Center” and you get 12 months of custom content downloads, new features, updates and fixes. An internet connection may not be required, but probably recommended.

    #19393 Reply
    MichaelL
    Participant

    So, Kubed and Michael….you use another computer to upload cues?

    #19395 Reply
    Michael Nickolas
    Participant

    Yep. I have a home office in addition to my studio. I do all my uploading from there. Actually, I have a copy of Sound Forge on the office computer and I’ve been doing my edits there lately. No critical listening involved as I’m working off of my final two track mixes.

    #19396 Reply
    Art Munson
    Keymaster

    Yeah, I should really think about disconnecting my studio from the net. This morning I read on bleepingcomputers.com about a composer/engineer who had gotten hit with CyrptoWall and all of his wav files were encrypted. His only backup was another drive that was connected to his computer. Of course those were encrypted too!

    #19397 Reply
    Kubed
    Participant

    @MichaelL: yes,i upload from another computer.I decided to keep my “studio” pc as clean from bugs/viruses etc as i can.But still,i wouldn’t rely just on that,i have 2 clone back-ups and thinking of having a 3rd one soon.Your idea of having a back-up in a safe,outside the house is very good btw.

    @Art: ouch!!!that’s a sad story.I don’t want to experience such thing,a real nightmare!
    A downside of an offline pc is what M.Nicholas said;some of the softwares demand online registration/updates.And the offline registrations are sometimes a bit of a headache.

    #19398 Reply
    Michael Nickolas
    Participant

    My computer not being connected to the internet is actually a throwback to the old days of computer recording. The theory was it saved resources and processing power. No sense having the computer running internet software and tasks in the background. Back then there was a good chance of audio dropouts and etc. Better to run only essential background tasks. Probably doesn’t matter now but I can’t help keeping as clean a system as possible.

    #19399 Reply
    MichaelL
    Participant

    Michael, Kubed and Art, are you all on PC’s?

    #19401 Reply
    Kubed
    Participant

    I am

    #19402 Reply
    Art Munson
    Keymaster

    I am also.

Viewing 15 posts - 1 through 15 (of 24 total)
Reply To: CryptoWall – CryptoLock – Ransom-Ware
Your information:





X

Forgot Password?

Join Us