porno türk porno rokettube
Results 1 to 17 of 17

Thread: OT - New ransomware scam that is nasty

  1. #1
    Ext User(XR8 Sprintless) Guest

    OT - New ransomware scam that is nasty

    There's a new ransomware scam that is very nasty called Cryptolocker. It
    encrypts your files and you HAVE to pay to get them unencrypted, there
    is no cure currently and probably unlikely to be one given the nature of
    this one. It has only been in the wild for a few days and I have already
    had a few emails with it attached sent to my honeypot address. The most
    important thing is to ensure you have backups of your files and are
    vigilant. It appears to trigger from emails with a Zip file attachment
    at the moment. That could change.

    http://blog.emsisoft.com/2013/09/10/...mware-variant/

    The variants are asking for between US$100 to $300 currently.

  2. #2
    Ext User(XR8 Sprintless) Guest

    Re: OT - New ransomware scam that is nasty

    On 11/10/2013 11:29 AM, Jeßus wrote:
    > On Fri, 11 Oct 2013 11:03:27 +1000, XR8 Sprintless
    > <xr8_sprint@hotmail.com> wrote:
    >
    > Your credibility is worthless... how many times have you said you
    > weren't coming back to this group?
    >

    Your's is not much good either. That being said this is a warning as
    this is a new and very nasty version of this program. I personally don't
    give a stuff what YOU think of me as you attacked me without provocation
    and have no right to judge anyone else.



  3. #3
    Ext User(Jeßus) Guest

    Re: OT - New ransomware scam that is nasty

    On Fri, 11 Oct 2013 11:03:27 +1000, XR8 Sprintless
    <xr8_sprint@hotmail.com> wrote:

    Your credibility is worthless... how many times have you said you
    weren't coming back to this group?

  4. #4
    Ext User(XR8 Sprintless) Guest

    Re: OT - New ransomware scam that is nasty

    On 11/10/2013 11:27 AM, Blue Heeler wrote:
    > XR8 Sprintless wrote:
    >
    >> There's a new ransomware scam that is very nasty called Cryptolocker.
    >> It encrypts your files and you HAVE to pay to get them unencrypted,
    >> there is no cure currently and probably unlikely to be one given the
    >> nature of this one. It has only been in the wild for a few days and I
    >> have already had a few emails with it attached sent to my honeypot
    >> address. The most important thing is to ensure you have backups of
    >> your files and are vigilant. It appears to trigger from emails with a
    >> Zip file attachment at the moment. That could change.
    >>
    >>

    > http://blog.emsisoft.com/2013/09/10/...mware-variant/
    >>
    >> The variants are asking for between US$100 to $300 currently.

    >
    > 1/. It's been around for years and is nothing new. A Bank on the Gold
    > Coast got very publicly done earlier this year.
    >
    > 2/. I thought that we were all amoral, reprehensible, reprobates and
    > you wanted nothing more to do with us.
    >
    >
    >
    > Having said that. Welcome back, moderate voices with (usually)
    > something sensible to say are both needed and welcome in my view.
    >


    Blue, this is a new and much nastier version of the same thing. Only
    been in the wild about 6 days and already it is hitting very hard. It
    has a number of points of infection such as email, RDP vulnerabilities,
    and drive by web page infections. It also transmits network wide so it
    has an added level of complexity to the previous version.

    The previous versions you could get a tool to decrypt the files in most
    cases however this version is extreme in that it uses a combination of
    RSA and AES on each file and sends the key back to a central server for
    each file. Without those keys it is impossible to recover from if you do
    not have offline backup. It also now encrypts what it sends back to the
    server which it did not do in the past, hence the previous versions were
    able to be scoped out to some degree.

    I'm only popping in with this warning as I consider that no-one should
    be scammed like this.
    If it saves one person from losing their data it's worth copping shit
    from those who throw it.

    1. The bank one was a different version.
    2. I never said everyone was amoral, reprehensible, or reprobates.
    3. Remember to have offline backup of your data... That's what this is
    about :-)


  5. #5
    Ext User(Blue Heeler) Guest

    Re: OT - New ransomware scam that is nasty

    XR8 Sprintless wrote:

    > There's a new ransomware scam that is very nasty called Cryptolocker.
    > It encrypts your files and you HAVE to pay to get them unencrypted,
    > there is no cure currently and probably unlikely to be one given the
    > nature of this one. It has only been in the wild for a few days and I
    > have already had a few emails with it attached sent to my honeypot
    > address. The most important thing is to ensure you have backups of
    > your files and are vigilant. It appears to trigger from emails with a
    > Zip file attachment at the moment. That could change.
    >
    >

    http://blog.emsisoft.com/2013/09/10/...mware-variant/
    >
    > The variants are asking for between US$100 to $300 currently.


    1/. It's been around for years and is nothing new. A Bank on the Gold
    Coast got very publicly done earlier this year.

    2/. I thought that we were all amoral, reprehensible, reprobates and
    you wanted nothing more to do with us.



    Having said that. Welcome back, moderate voices with (usually)
    something sensible to say are both needed and welcome in my view.

  6. #6
    Ext User(D Walford) Guest

    Re: OT - New ransomware scam that is nasty

    On 11/10/2013 12:03 PM, XR8 Sprintless wrote:
    > There's a new ransomware scam that is very nasty called Cryptolocker. It
    > encrypts your files and you HAVE to pay to get them unencrypted, there
    > is no cure currently and probably unlikely to be one given the nature of
    > this one. It has only been in the wild for a few days and I have already
    > had a few emails with it attached sent to my honeypot address. The most
    > important thing is to ensure you have backups of your files and are
    > vigilant. It appears to trigger from emails with a Zip file attachment
    > at the moment. That could change.
    >
    > http://blog.emsisoft.com/2013/09/10/...mware-variant/
    >
    > The variants are asking for between US$100 to $300 currently.



    Thanks for the warning.

    --
    Daryl

  7. #7
    Ext User(Xeno Lith) Guest

    Re: OT - New ransomware scam that is nasty

    On 11/10/13 12:27 PM, Blue Heeler wrote:
    > XR8 Sprintless wrote:
    >
    >> There's a new ransomware scam that is very nasty called Cryptolocker.
    >> It encrypts your files and you HAVE to pay to get them unencrypted,
    >> there is no cure currently and probably unlikely to be one given the
    >> nature of this one. It has only been in the wild for a few days and I
    >> have already had a few emails with it attached sent to my honeypot
    >> address. The most important thing is to ensure you have backups of
    >> your files and are vigilant. It appears to trigger from emails with a
    >> Zip file attachment at the moment. That could change.
    >>
    >>

    > http://blog.emsisoft.com/2013/09/10/...mware-variant/
    >>
    >> The variants are asking for between US$100 to $300 currently.

    >
    > 1/. It's been around for years and is nothing new. A Bank on the Gold
    > Coast got very publicly done earlier this year.
    >
    > 2/. I thought that we were all amoral, reprehensible, reprobates and
    > you wanted nothing more to do with us.
    >

    You and your fellow sock puppets surely are!
    >
    >
    > Having said that. Welcome back, moderate voices with (usually)
    > something sensible to say are both needed and welcome in my view.
    >

    Hopefully to drown out the shit you foist onto this group!

    --

    Xeno

  8. #8
    Ext User(Xeno Lith) Guest

    Re: OT - New ransomware scam that is nasty

    On 11/10/13 12:33 PM, XR8 Sprintless wrote:
    > On 11/10/2013 11:29 AM, Jeßus wrote:
    >> On Fri, 11 Oct 2013 11:03:27 +1000, XR8 Sprintless
    >> <xr8_sprint@hotmail.com> wrote:
    >>
    >> Your credibility is worthless... how many times have you said you
    >> weren't coming back to this group?
    >>

    > Your's is not much good either. That being said this is a warning as
    > this is a new and very nasty version of this program. I personally don't
    > give a stuff what YOU think of me as you attacked me without provocation
    > and have no right to judge anyone else.
    >
    >

    Attacking without provocation? That's standard operating procedure here,
    isn't it? Certainly Noddy and his sock puppets make it seem like that!

    --

    Xeno

  9. #9
    Ext User(Albm&ctd) Guest

    Re: OT - New ransomware scam that is nasty

    In article <l37n7r$nr6$2@dont-email.me>, xenolith@optusnet.com.au says...
    > On 11/10/13 12:33 PM, XR8 Sprintless wrote:
    > > On 11/10/2013 11:29 AM, Jeßus wrote:
    > >> On Fri, 11 Oct 2013 11:03:27 +1000, XR8 Sprintless
    > >> <xr8_sprint@hotmail.com> wrote:
    > >>
    > >> Your credibility is worthless... how many times have you said you
    > >> weren't coming back to this group?
    > >>

    > > Your's is not much good either. That being said this is a warning as
    > > this is a new and very nasty version of this program. I personally don't
    > > give a stuff what YOU think of me as you attacked me without provocation
    > > and have no right to judge anyone else.
    > >
    > >

    > Attacking without provocation? That's standard operating procedure here,
    > isn't it? Certainly Noddy and his sock puppets make it seem like that!
    >
    >

    Oh yooo, it's part of the fun.

    Al
    --
    I don't take sides.
    It's more fun to insult everyone.

  10. #10
    Ext User(Albm&ctd) Guest

    Re: OT - New ransomware scam that is nasty

    In article <52575fca$0$2895$c3e8da3$76491128@news.astraweb.co m>,
    dwalford@internode.on.net says...
    > On 11/10/2013 12:03 PM, XR8 Sprintless wrote:
    > > There's a new ransomware scam that is very nasty called Cryptolocker. It
    > > encrypts your files and you HAVE to pay to get them unencrypted, there
    > > is no cure currently and probably unlikely to be one given the nature of
    > > this one. It has only been in the wild for a few days and I have already
    > > had a few emails with it attached sent to my honeypot address. The most
    > > important thing is to ensure you have backups of your files and are
    > > vigilant. It appears to trigger from emails with a Zip file attachment
    > > at the moment. That could change.
    > >
    > > http://blog.emsisoft.com/2013/09/10/...mware-variant/
    > >
    > > The variants are asking for between US$100 to $300 currently.

    >
    >
    > Thanks for the warning.
    >

    Don't go near water, you could drown.

    Al
    --
    I don't take sides.
    It's more fun to insult everyone.

  11. #11
    Ext User(Albm&ctd) Guest

    Re: OT - New ransomware scam that is nasty

    In article <l37lcq$9g$1@speranza.aioe.org>, xr8_sprint@hotmail.com says...
    > On 11/10/2013 11:27 AM, Blue Heeler wrote:
    > > XR8 Sprintless wrote:
    > >
    > >> There's a new ransomware scam that is very nasty called Cryptolocker.
    > >> It encrypts your files and you HAVE to pay to get them unencrypted,
    > >> there is no cure currently and probably unlikely to be one given the
    > >> nature of this one. It has only been in the wild for a few days and I
    > >> have already had a few emails with it attached sent to my honeypot
    > >> address. The most important thing is to ensure you have backups of
    > >> your files and are vigilant. It appears to trigger from emails with a
    > >> Zip file attachment at the moment. That could change.
    > >>
    > >>

    > > http://blog.emsisoft.com/2013/09/10/...mware-variant/
    > >>
    > >> The variants are asking for between US$100 to $300 currently.

    > >
    > > 1/. It's been around for years and is nothing new. A Bank on the Gold
    > > Coast got very publicly done earlier this year.
    > >
    > > 2/. I thought that we were all amoral, reprehensible, reprobates and
    > > you wanted nothing more to do with us.
    > >
    > >
    > >
    > > Having said that. Welcome back, moderate voices with (usually)
    > > something sensible to say are both needed and welcome in my view.
    > >

    >
    > Blue, this is a new and much nastier version of the same thing. Only
    > been in the wild about 6 days and already it is hitting very hard. It
    > has a number of points of infection such as email, RDP vulnerabilities,
    > and drive by web page infections. It also transmits network wide so it
    > has an added level of complexity to the previous version.
    >
    > The previous versions you could get a tool to decrypt the files in most
    > cases however this version is extreme in that it uses a combination of
    > RSA and AES on each file and sends the key back to a central server for
    > each file. Without those keys it is impossible to recover from if you do
    > not have offline backup. It also now encrypts what it sends back to the
    > server which it did not do in the past, hence the previous versions were
    > able to be scoped out to some degree.
    >
    > I'm only popping in with this warning as I consider that no-one should
    > be scammed like this.
    > If it saves one person from losing their data it's worth copping shit
    > from those who throw it.
    >
    > 1. The bank one was a different version.
    > 2. I never said everyone was amoral, reprehensible, or reprobates.
    > 3. Remember to have offline backup of your data... That's what this is
    > about :-)
    >

    It certainly would apply to dumb users that have an email program open a zip or
    other compressed file automatically by clicking on it. These people probably eat
    silica gel and ...
    Silica gel eaters get what they deserve :)

    Al
    --
    I don't take sides.
    It's more fun to insult everyone.

  12. #12
    Ext User(D Walford) Guest

    Re: OT - New ransomware scam that is nasty

    On 11/10/2013 5:11 PM, Albm&ctd wrote:
    > In article <52575fca$0$2895$c3e8da3$76491128@news.astraweb.co m>,
    > dwalford@internode.on.net says...
    >> On 11/10/2013 12:03 PM, XR8 Sprintless wrote:
    >>> There's a new ransomware scam that is very nasty called Cryptolocker. It
    >>> encrypts your files and you HAVE to pay to get them unencrypted, there
    >>> is no cure currently and probably unlikely to be one given the nature of
    >>> this one. It has only been in the wild for a few days and I have already
    >>> had a few emails with it attached sent to my honeypot address. The most
    >>> important thing is to ensure you have backups of your files and are
    >>> vigilant. It appears to trigger from emails with a Zip file attachment
    >>> at the moment. That could change.
    >>>
    >>> http://blog.emsisoft.com/2013/09/10/...mware-variant/
    >>>
    >>> The variants are asking for between US$100 to $300 currently.

    >>
    >>
    >> Thanks for the warning.
    >>

    > Don't go near water, you could drown.
    >

    Thanks Al, you are so kind:-)


    --
    Daryl

  13. #13
    Ext User(Albm&ctd) Guest

    Re: OT - New ransomware scam that is nasty

    In article <5257b020$0$29873$c3e8da3$5496439d@news.astraweb.c om>,
    dwalford@internode.on.net says...
    > On 11/10/2013 5:11 PM, Albm&ctd wrote:
    > > In article <52575fca$0$2895$c3e8da3$76491128@news.astraweb.co m>,
    > > dwalford@internode.on.net says...
    > >> On 11/10/2013 12:03 PM, XR8 Sprintless wrote:
    > >>> There's a new ransomware scam that is very nasty called Cryptolocker. It
    > >>> encrypts your files and you HAVE to pay to get them unencrypted, there
    > >>> is no cure currently and probably unlikely to be one given the nature of
    > >>> this one. It has only been in the wild for a few days and I have already
    > >>> had a few emails with it attached sent to my honeypot address. The most
    > >>> important thing is to ensure you have backups of your files and are
    > >>> vigilant. It appears to trigger from emails with a Zip file attachment
    > >>> at the moment. That could change.
    > >>>
    > >>> http://blog.emsisoft.com/2013/09/10/...mware-variant/
    > >>>
    > >>> The variants are asking for between US$100 to $300 currently.
    > >>
    > >>
    > >> Thanks for the warning.
    > >>

    > > Don't go near water, you could drown.
    > >

    > Thanks Al, you are so kind:-)
    >
    >
    >

    That's me, quiet kind and gentle... bit like drowning.

    Al
    --
    I don't take sides.
    It's more fun to insult everyone.

  14. #14
    Ext User(Paul Saccani) Guest

    Re: OT - New ransomware scam that is nasty

    On Fri, 11 Oct 2013 11:48:14 +1000, XR8 Sprintless
    <xr8_sprint@hotmail.com> wrote:

    Nice to see you are still around.

    >The previous versions you could get a tool to decrypt the files in most
    >cases however this version is extreme in that it uses a combination of
    >RSA and AES on each file and sends the key back to a central server for
    >each file.



    > Without those keys it is impossible to recover from if you do
    >not have offline backup.


    It isn't impossible. In some cases, I grant, it may be too difficult
    to bother with.

    System restore on XP or later, for instance, will allow recovery in
    very many cases.

    The list of files which have been encrypted can be found in
    HKEY_USERS\[Temp_Hive_Name]\Software\CryptoLocker\Files,
    which can assist in recovery.

    You can also start in safe mode (and disable the run key for the
    malware) and use shadowexplorer to recover files directly from the
    shadow copy service in Vista/7 or 8.

    This service creates automatic point in time copies of files in all
    versions of windows from Vista onwards, but you can only access them
    in the Business, Ultimate and Enterprise versions, though the service
    is still turned on by default in all versions. ShadowExplorer lets
    you access this data in the consumer versions.

    > It also now encrypts what it sends back to the
    >server which it did not do in the past, hence the previous versions were
    >able to be scoped out to some degree.


    Indeed, by capturing traffic, as the private key for each encrypted
    file was sent in cleartext.

    It is worthwhile to modify group polices to disallow the running of
    executable from any %AppData% paths, though it may interfere with such
    things as Chrome.
    --
    Cheers,
    Paul Saccani
    Perth, Western Australia.

  15. #15
    Ext User(XR8 Sprintless) Guest

    Re: OT - New ransomware scam that is nasty

    On 11/10/2013 11:11 PM, Paul Saccani wrote:
    > On Fri, 11 Oct 2013 11:48:14 +1000, XR8 Sprintless
    > <xr8_sprint@hotmail.com> wrote:
    >
    > Nice to see you are still around.


    Thanks. I lift my head out of the books occasionally and have a look.
    Nothing much changes. In this case I thought it was worth warning the
    group as this is a nasty that is not for the faint hearted.
    >
    >> The previous versions you could get a tool to decrypt the files in most
    >> cases however this version is extreme in that it uses a combination of
    >> RSA and AES on each file and sends the key back to a central server for
    >> each file.

    >
    >
    >> Without those keys it is impossible to recover from if you do
    >> not have offline backup.

    >
    > It isn't impossible. In some cases, I grant, it may be too difficult
    > to bother with.


    The bigger issue with this version is that it attacks network shared
    files. Whilst on a home user pc it is not a major problem when a network
    share is attacked it is, as in most cases recovery will be impossible
    from the share.

    > System restore on XP or later, for instance, will allow recovery in
    > very many cases.
    >
    > The list of files which have been encrypted can be found in
    > HKEY_USERS\[Temp_Hive_Name]\Software\CryptoLocker\Files,
    > which can assist in recovery.


    Exactly. Some people are reporting success with this although there are
    many who have paid the ransom as they found backups not working etc.
    It's a lesson for all techs who install backup systems to ensure that
    they check their reliability regularly.
    >
    > You can also start in safe mode (and disable the run key for the
    > malware) and use shadowexplorer to recover files directly from the
    > shadow copy service in Vista/7 or 8.


    Except if the file is on a network share or your home directory is
    stored on a server.
    >
    > This service creates automatic point in time copies of files in all
    > versions of windows from Vista onwards, but you can only access them
    > in the Business, Ultimate and Enterprise versions, though the service
    > is still turned on by default in all versions. ShadowExplorer lets
    > you access this data in the consumer versions.


    It is although a lot of people turn it off to save disk space. This is
    again a problem.

    >> It also now encrypts what it sends back to the
    >> server which it did not do in the past, hence the previous versions were
    >> able to be scoped out to some degree.

    >
    > Indeed, by capturing traffic, as the private key for each encrypted
    > file was sent in cleartext.


    > It is worthwhile to modify group polices to disallow the running of
    > executable from any %AppData% paths, though it may interfere with such
    > things as Chrome.
    >

    It's a catch 22 situation and the best solution is having offline
    backups as well as not opening attachments if you don't know who they
    are from. Certainly stopping executables is a good start but it does
    create it's own set of issues.

    Finally having a decent internet security solution if you are running
    windows is a necessity. There are a number of products out there that
    are not worth the money. It seems this particular flavor has a
    workaround to kill Trend and weave it's magic. MSE is also no longer
    capable of doing the job.



  16. #16
    Ext User(Sylvia Else) Guest

    Re: OT - New ransomware scam that is nasty

    On 11/10/2013 12:03 PM, XR8 Sprintless wrote:
    > There's a new ransomware scam that is very nasty called Cryptolocker. It
    > encrypts your files and you HAVE to pay to get them unencrypted, there
    > is no cure currently and probably unlikely to be one given the nature of
    > this one. It has only been in the wild for a few days and I have already
    > had a few emails with it attached sent to my honeypot address. The most
    > important thing is to ensure you have backups of your files and are
    > vigilant. It appears to trigger from emails with a Zip file attachment
    > at the moment. That could change.
    >
    > http://blog.emsisoft.com/2013/09/10/...mware-variant/
    >
    > The variants are asking for between US$100 to $300 currently.


    I hope someone's following the money trail.

    Sylvia.

  17. #17
    Ext User(F Murtz) Guest

    Re: OT - New ransomware scam that is nasty

    Sylvia Else wrote:
    > On 11/10/2013 12:03 PM, XR8 Sprintless wrote:
    >> There's a new ransomware scam that is very nasty called Cryptolocker. It
    >> encrypts your files and you HAVE to pay to get them unencrypted, there
    >> is no cure currently and probably unlikely to be one given the nature of
    >> this one. It has only been in the wild for a few days and I have already
    >> had a few emails with it attached sent to my honeypot address. The most
    >> important thing is to ensure you have backups of your files and are
    >> vigilant. It appears to trigger from emails with a Zip file attachment
    >> at the moment. That could change.
    >>
    >> http://blog.emsisoft.com/2013/09/10/...mware-variant/
    >>
    >>
    >> The variants are asking for between US$100 to $300 currently.

    >
    > I hope someone's following the money trail.
    >
    > Sylvia.



    I would have thought that if big business and or govt. was being
    attacked that the big guns would be brought out against the baddies.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •