Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoLocker infection source - question


  • Please log in to reply
2 replies to this topic

#1 The Feet

The Feet

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:39 PM

Posted 21 November 2013 - 03:50 AM

Hi to All !
 
I'm new to this forum so I hope I'm not posting this in the wrong forum section.
 
I have been reading everything I can find about the CryptoLocker Ransomware.
 
and I have a question for people who have been a victim of it.
 
Is there anyone who got infected in any way apart from opening an email attachment ?
 
Any replies would be much appreciated as I am trying to build up a picture of how this is being spread.
 
I agree with some other members on here , who state that this problem may be with us for some time.
 
Many thanks , keep up the good work !

Edit: Moved topic from Virus, Trojan, Spyware, and Malware Removal Logs to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:02:39 AM

Posted 27 November 2013 - 12:39 AM

Hello The Feet (nice to see you walking in) :) -

 

I think that it is safe to say that all of those who have been infected and posted their own information in the main topic here, can relate the start of the infection to an attachment that came with an email.

 

 

The problem was not your regular "just a minor infection" or even a request from an African person offering you millions of dollars. This carried an infection that inserted the Encrypting Code into your computer, and even after fairly rapid removal of the "regular infection", the encryption code continued on to complete its work -

 

One of the better working manuals (still being developed) is in the program guide and FAQ linked below.

CryptoLocker Ransomware Information Guide and FAQ by Lawrence Abrams Site Administrator of BleepingComputer.com

 

Usually the email attachment was simple and often related to the small businesses that opened them as a matter of regular business operations. At times there were 5 or 10 or 20 or more units encrypted in the one hit, so the company was often halted in normal operations. In the old days, it would be like the book-keeper taking all current trading details. This may include basic price lists, current accounts, who owes money and who has paid, not to mention wages and many other details.

 

You can only imagine a small legal, building supplies, or general retail firm with 10 interlocked server computers that had been infected, and all files were Encrypted or basically locked, so that all current and past records could not be accessed.

 

Thank You -



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:39 PM

Posted 27 November 2013 - 07:11 AM

CryptoLocker, like other forms of ransomware, is typically spread through social engineering...by opening a malicious email attachment (usually from an unknown or unsolicited source). CryptoLocker is disguised in email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers. US-CERT also advises advises there have been reports that some victims encounter the malware following after a previous infection from one of several botnets such as Zbot/Z-bot (Zeus) which downloads and executes CryptoLocker as a secondary payload.

More information about CryptoLocker can be found in these articles:There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack program.

Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any more questions or comments in that thread.

Thanks
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users