Off topic- Friendly Tech PSA about new-ish computer virus

"JeffFurbs" (jefffurbs)
09/17/2014 at 10:22 • Filed to: None

Hey guys

I work IT for a school district and yesterday we noticed that one of our share drives got real messed up. It turns out all the documents that staff have posted here have become encrypted. Now this is not a new thing, as some of you may be familiar with cryptolocker, but this variant seems to be attacking share drives connected to computers. Also because of it's new-ness, it only seems like a few anti-virus providers have named it in recent patches. In my research I can tell you that Microsoft Security Essentials/Forefront Endpoint Protection have not really named it yet. Cryptolocker was also cracked from what I remember, so if you are hit with that now you can decrypt your documents without having to pay anyone to do so. However, Cryptowall is new and fresh and has not been cracked. Just like Cryptolocker, Cryptowall run's silently until it's done encrypting your data then lets you know what has already happened. By then you are already on your way to having a bad day. Below is a few tips for you, but there is much more detailed information on prevention and recovery on the interwebs. I decided to keep it short. Just remember, just like riding a motorcycle, everyone on the internet wants to harm you, so always be careful what you click

Anyways, What to look out for!

-Suspicious Flash or other 3rd party plugin updates

-Emails containing attachments that you didn't expect to recieve

-Suspicious looking websites

And the list I'm sure goes on but that's what I know of from my reading thus far

How to protect yourself:

-Stay up to date on your windows update's

-Stay up to date on Antivirus Updates

-Have a malware removal tool handy (my personal favorite is malwarebytes)

-Use removable media to do back ups

That should be stuff you already hear, but there is a reason for it. We are fortunate enough to have backups that run constantly and recovered probably 90% of the encrypted data. However, if you are a home user not doing back ups, all those sweet cat and car pictures are now gone. That's it. Go forth and be smart

-Jeff

DISCUSSION (17)

JGrabowMSt > JeffFurbs
09/17/2014 at 10:25

Crypto virus. It's been out for a few months. There is a tool to repair it. In a few minutes, if you want to shoot me an email, I can see if I can get it to you.

spanfucker retire bitch > JeffFurbs
09/17/2014 at 10:26

Even CryptoLocker went after network drives. Literally anything the infected computer had write-access to would be encrypted.

spanfucker retire bitch > JGrabowMSt
09/17/2014 at 10:28

Cryptolocker was split wide open between its command and control server being taken offline, its botnet sinkholed and its private RSA keys cracked and discovered, it's no longer a threat.

But now there's derivative Ransomware out there and they don't use the same private RSA keys. The tools that are out there currently are worthless against anything that isn't specifically Cryptolocker.

JGrabowMSt > spanfucker retire bitch
09/17/2014 at 10:30

9 times out of 10, the ransomware crap is all fluff and very easy to remove.

In every case since March that have come into my shop, I've had 1 total loss.

MonkeePuzzle > JeffFurbs
09/17/2014 at 10:32

I know all about this stuff, and if you want to fix it just download this program I made

http://www.notavirus.com/runthiswithout…

seriously though, the number of times I have to help family or friends with virii or malware issues because they ran some dumb download without thinking, drives me nuts, like a steering wheel in me crotch

JeffFurbs > MonkeePuzzle
09/17/2014 at 10:34

Hahahaha don't forget the disclaimer to run that program as administrator

Ugh I hear ya. I almost took my mom's admin rights away. She got a computer and 2 weeks later had toolbars

spanfucker retire bitch > JGrabowMSt
09/17/2014 at 10:35

Well those aren't really doing anything then. There are still legitimate derivatives of CryptoLocker that aren't fluff, and there isn't currently no software that can get rid of them because their private RSA keys haven't been discovered yet.

treesmakewater > JeffFurbs
09/17/2014 at 10:40

my psychology professor got this over the weekend. The result was not having homework this week XD

JGrabowMSt > spanfucker retire bitch
09/17/2014 at 10:41

Yeah, that was my one total loss. The really shitty part is that it was one of my friends' parents.

Luckily, we've talked a good portion of our clients into very regular backup schemes that have worked out so far pretty well.

Stapleface-Now Hyphenated! > JeffFurbs
09/17/2014 at 10:44

I'm not even in IT and I hate dealing with this shit because I'm way more computer savvy than most of the people I know. My MIL has a computer with Windows 8 (first off, it sucks), and she has so much shit wrong with that thing I don't even know where to begin. When she opens IE she has about 10 windows that automatically open. I'd need to borrow that computer for a week just to clean it up. I want to just take the computer away from her and load windows 7 on it.,

spanfucker retire bitch > JGrabowMSt
09/17/2014 at 10:48

What I hate so much about some of these Ransomware infections is that they affect all connected drives, including network drives. So like half my NAS would end up encrypted if I ever fell to infection.

Luckily I have most of my stuff backed up, but there's a lot of movies and TV shows that I have that I just don't have the room to have yet another backup of them. Even the Crashplan software gives me an error and just stops working after it reaches a few TB, haha.

JGrabowMSt > spanfucker retire bitch
09/17/2014 at 10:52

Yeah, if it happened on my desktop, shit would be flying all over the place. I keep most of my data backed up on external drives that sit disconnected on a shelf. At least the really important stuff.

Even my movie collection is generally "off the grid" for just these reasons. I'm not spending all that time twice.

JeffFurbs > Stapleface-Now Hyphenated!
09/17/2014 at 11:15

Well IE is your first problem...haha kidding. Windows 8 (albeit my own preference) is actually not bad once you get used to it. Win 8.1 made a lot more improvements. I use 8 at work even though i fix windows 7 machines all day and have had no issues with it. But again that's just my preference.

Good luck, i know those issues well. Shoot me a message if you get stuck, I may be able to point you in certain directions

JeffFurbs > JGrabowMSt
09/17/2014 at 11:18

I appreciate it. Unfortunately the version of crypto virus we got just now was not one that is really fixable yet from the research i've done (which has been many hours now). The original cryptolocker was cracked and tools could repair it, but thankfully we have backups we can revert to and be out of the woods.

JeffFurbs > spanfucker retire bitch
09/17/2014 at 11:45

Ah yes you are right. We lucked out with our users that got cryptolocker, their network drives were encrypted, but these particular users weren't connected to share drives. Our user yesterday was connected to a share and that's how it jumped

Denver Is Stuck In The 90s > JeffFurbs
09/17/2014 at 16:10

Haha Windows

Kinja'd!!!

JeffFurbs > Denver Is Stuck In The 90s
09/18/2014 at 07:05

Hahaha...now now let's not start that. I'm a Win 8/OS X/iOS user. I'm basically a weirdo. I should learn linux though some day.

Mac's are a lot of fun and in the 6 years I've had a Macbook, it only worried me once. But I enjoy troubleshooting, so my job fixing windows computers is perfect