bluecoupe Posted October 26, 2013 Share Posted October 26, 2013 (edited) Not really sure where to put this...I absolutely hate to put up notices like this but unfortunately, this one appears to be necessary. This one is a bit long but I suggest that you read it. If you choose to not install it, that's fine - if you're cautious you should be fine anyhow but you should at least be aware that this is lurking in the wings and trying to bite you. I know, I'm new here and pretty unknown but at least read and look into this for yourself.This is a warning to Windows users of an extremely serious and severe infection that is going around called CryptoLocker. It first appeared in early Sept 2013. It is not impossible to recover from, but you need to be prepared for it. First, what it is and what it does:It's a trojan type of malware that comes into your system primarily thru email as a ZIP file. Many people report a fake USPS email but it can be anything to try and get you to open the attachment. If you open the attachment, the executable will encrypt your files on your hard drive making them unusable. There are only 2 ways to recover from that scenario.1, you pay the ransom following the instructions (prices vary from $100-$400) and then you wait for the files to decrypt.2. You remove the malware (easy to do that) and restore from a good backup. If you don't have a backup, you're SOL. You will have to pay to get your files back. The "experts" haven't been able to resolve this particular malware yet and while the possibility exists, it will be very difficult. The encryption uses a public and private key, unique to each system that it infects. The public portion of the key resides on your system and the only way to get the private portion is to pay the ransom fee. You cannot decrypt your files without the private part of the key.Second, how the h*77 do I stop it? :1 - Don't open any attachments in your emails that your aren't expecting. Just good common sense.2 - Backup your stuff. Again just good common sense.3 - There is a prevention tool available that will keep this particular malware from infecting your computer. I'd recommend that your d/l and install it but as always that's up to you and don't shoot the messenger (me).The link for the prevention tool: http://www.foolishit.com/download/cryptoprevent/ Yes, I know; it's a zip file, but it's not infected - it's the prevention tool, honest. Here are some additional links for your reading pleasure if you're a glutton for punishment:http://www.bleepingcomputer.com/viru...re-information http://www.snopes.com/computer/virus/cryptolocker.asp http://www.davescomputertips.com/block-cryptolocker-ransomware-with-free-cryptoprevent/or... google cryptolocker and I think you'll see it's for real. The prevention tool will also help protect from lots of other malwares that run from the same location as CryptoLocker.Bottom line is that I wanted to warn you about this nasty. There is currently no way around it other than pay up or restore from backups. My suspicion is that the Feds will be getting involved but they may be busy on another bomb of a website... <ahem> .Again, install it or not, totally your call.Recommendations:1. - Don't open email attachments.2. - Get your stuff backed up if you don't want to lose it.3. - Install the prevention tool, just to make sure.Here's a link that also has the installation instructions and some other data:http://www.davescomputertips.com/block-cryptolocker-ransomware-with-free-cryptoprevent/My "cliffs notes" installation instructions: 1) download the CryptoPrevent.zip file software from the provided link and save the file.2) find the CryptoPrevent.zip file on your system and double click in it3) There should be an "extract all files" at the top of the subsequent window - click that4) It will want to extract to a directory - let it, make sure that the "show extracted files when complete" box IS checked and click extract5) In the next window that popus, double click on CryptoPrevent.exe6) It will popup a window from FoolishIT.com - don't fret the name - it's legit - click on OK7) Click on Whitelist and then on Whitelist Options Click on "Whitelist all EXEs currently......" You'll get an "operation completed" popup, click ok and you may see the window get populated with quite a few .exe files - that's ok if it does.9) Click on the red X in the upper right to delete the Whitelist Options window - your done with it.10) Click the "Block" box in the "CryptoPrevent V2.2.3" window You'll get a "Refreshing Group Policy" popup for a bit that will eventually go away.Then you'll see a popup from CryptoPrevent indicating that you should restart your PC to enable it. Save any other windowsthat are open which you have not saved and click "yes" to reboot your system.There is a newsletter at the authors site (http://www.foolishit.com/) which you can sign up for to be kept up date if you wish. Edited October 26, 2013 by SteveC Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.