CryptoWall – CryptoLock – Ransom-Ware

[Art Munson]

I had been vaguely aware of ransom-ware over the years but the the latest incarnations are particularly nasty. One of the newest is Cryptowall. You can get it from links, attachments, clicking on ads, even a trusted web site can be infected (via drive-by downloads). Cryptowall will make copies of all of your files, encrypt them and then delete the originals. It will do so for any computers on your network and any mapped drives, even if they are in the cloud (keep in mind that if you had the virus it takes awhile to encrypt the files. You could be backing up encrypted files to your cloud without knowing it!). You will then get a notice on your computer to pay a ransom (usually $500) by Bitcoin for the decryption keys. You will also get a countdown timer to “pay by” or else they will destroy the keys and you will not be able to recover your files. Windows PCs are the major target but all computers are vulnerable.

The best backup is to ensure you have a clean system, back up to an external drive and REMOVE the drive from your system. Another option would be a backup service (I use Acronis) that uses versioning in the cloud. That way you could go back to a previous version if an encrypted file was backed up. I do both.

You should know that many ransom-ware viruses have been defeated with programs developed to recover your files. Cryptowall (and the newer variants) has not been broken due to the complexity of the encryption. Anti-Virus programs can remove the virus but they also remove any ability of ever recovering the encrypted files if a solution is eventually found!

I have installed CryptoPrevent which enforces a list of file extensions from being encrypted. I also installed the Premium version of Malwarebytes (it runs in real time) to prevent getting the virus in the first place. I’m also running Kaspersky Internet Security.

To read more go to:
http://www.bleepingcomputer.com ->General Topics ->News
http://www.pcworld.com/article/2688992/malvertising-campaign-delivers-digitally-signed-cryptowall-ransomware.html
Go to these from your browser.

Needless to say we are staying away from clicking on any links in e-mails, attachments or ads.

Scary stuff!

[Art Munson]

Bump

[MichaelL]

Scary stuff. It’s a wonder that authorities can’t follow the money trail to the criminals behind the ransom-ware.

All of my drives are cloned. I keep multiple back-ups of everything, on multiple hard-drives. I keep a set of drives in a safe deposit box, at the bank.

Thanks for posting.

[Art Munson]

“It’s a wonder that authorities can’t follow the money trail to criminals.”

Hard to trace with Bitcoin. Also CryptoWall’s ransom payment servers are located on TOR, which allows the malware developers to stay hidden from the authorities.

[MichaelL]

It’s sad that intelligent people use their talent this way, rather than do something honest and productive.

[Kubed]

super-scary stuff!My main pc where i produce music is not connected to the internet,i have 2 anti-virus softwares on it and 2 external hd for back-ups (also never connected these HDs to the internet).
Still,i use flash discs to get stuff from one pc to another so,i wouldn’t say i’m completely safe from such things.
Having multiple clone back-ups is the best way to keep you calm in case Cryptowall finds you!

[Michael Nickolas]

Not to get too far off topic but like Kubed, my studio computer is not and never has been connected to the internet. But this is getting harder and harder as time goes by. I know of at least one program that will only update via an internet connection. And did you guys see the announcement from Cakewalk? SONAR introduced a membership plan. There’s a “Command Center” and you get 12 months of custom content downloads, new features, updates and fixes. An internet connection may not be required, but probably recommended.

[MichaelL]

So, Kubed and Michael….you use another computer to upload cues?

[Michael Nickolas]

Yep. I have a home office in addition to my studio. I do all my uploading from there. Actually, I have a copy of Sound Forge on the office computer and I’ve been doing my edits there lately. No critical listening involved as I’m working off of my final two track mixes.

[Art Munson]

Yeah, I should really think about disconnecting my studio from the net. This morning I read on bleepingcomputers.com about a composer/engineer who had gotten hit with CyrptoWall and all of his wav files were encrypted. His only backup was another drive that was connected to his computer. Of course those were encrypted too!

[Kubed]

@MichaelL: yes,i upload from another computer.I decided to keep my “studio” pc as clean from bugs/viruses etc as i can.But still,i wouldn’t rely just on that,i have 2 clone back-ups and thinking of having a 3rd one soon.Your idea of having a back-up in a safe,outside the house is very good btw.

@Art: ouch!!!that’s a sad story.I don’t want to experience such thing,a real nightmare!
A downside of an offline pc is what M.Nicholas said;some of the softwares demand online registration/updates.And the offline registrations are sometimes a bit of a headache.

[Michael Nickolas]

My computer not being connected to the internet is actually a throwback to the old days of computer recording. The theory was it saved resources and processing power. No sense having the computer running internet software and tasks in the background. Back then there was a good chance of audio dropouts and etc. Better to run only essential background tasks. Probably doesn’t matter now but I can’t help keeping as clean a system as possible.

[MichaelL]

Michael, Kubed and Art, are you all on PC’s?

[Kubed]

I am

[Art Munson]

I am also.

[Author]

Posts