Cryptolocker 4.0

Time to watch your backs (and downloads!) once more:

2 Likes

Oooohhh Nasty!.. the ability to remain undetected whilst encrypting files and then allowing these to be copied into backups … that’s going to make disaster recovery a darn site harder :frowning:

Had an awful couple of times with this with a couple of clients.

The first time it came about I told my manager that it’s pretty much impossible to reverse and he didn’t believe me. Didn’t take him long to work out he couldn’t just ‘fix it’ lol

Yeah seen this in action twice now and fortunately we’ve been able to recover everything from backup for the customer.
The only sure (ish) way of defeating this is to put in a software restriction policy white list (not the usual black list). Unfortunately, it has to be done just right and is a bit of a pain to set up with some (allowed) programs that use multiple EXEs. Oh, and make sure your users are not admins on their machines :smile: .

What about cloud storage? If I save most of my important files on the cloud (dropbox, box), pretty sure there’s a way to get older data back.

Also, all my local data are on a NAS drive, so I should be safe :smiley:

It depends if you have live access. if you do, then the backup is at risk. Basically, it uses your logged in credentials to access and encrypt files - this includes networked drives.

That’s true, but I access my data using multiple devices daily. So if my PC is infected, accessing the same data on the NAS from (non-infected) Macbook or mobile apps should detect the encrypting immediately.

End of the day, it’s always wise to have off-line back-up, and previous version of the file if possible.

Cloud can be encrypted too - http://krebsonsecurity.com/2016/01/ransomware-a-threat-to-cloud-services-too/

Cyrptolocker info - http://nabzsoftware.com/types-of-threats/cryptolocker