Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoLocker infection changed payment price?


  • Please log in to reply
2 replies to this topic

#1 damainman

damainman

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 05 April 2014 - 12:48 PM

My apologies in advance as I know there are numerous articles and posts relating to prevention. However, running on 2 hours of sleep for the past 3 days I am posting here for assistance to assist in utilizing my time more efficiently when I wake up. 

 

I am working at a small shop running a Windows 2003 SBS Domain with about 40 total computers. I've been reading articles on applying configuration settings directly to the PC or by doing a GPO. I am fairly new to GPO and this network was setup before I arrived. Unfortunately there are PC's running XP, Vista, Win7, and Win8. 

 

As I understand, there are certain GPO settings to apply to XP and others to apply to Vista and above. However, I am a bit confused as to how to apply a GPO depending on the PC version considering 2003 SBS came out long before  Win7, and Win8. I might be looking at this incorrectly as I don't normally manage Windows Based Environments. 

 

I guess I am looking for a step in the right direction on how to properly implement these changes within the Windows SBS 2003 server so they can be applied across the domain to any computer connected. Any Advice/comments/etc would be greatly appreciated. 

 

Here are the resources I looked at so far:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information

http://www.foolishit.com/vb6-projects/cryptoprevent/

http://community.spiceworks.com/topic/396103-cryptolocker-prevention-kit-updated?page=1



BC AdBot (Login to Remove)

 


m

#2 damainman

damainman
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:00 PM

Posted 05 April 2014 - 01:25 PM

Hello,

 

Just an informational post I guess. Working on no sleep and I know variants are out there but just in case. 

 

Got infected with a cryptolocker virus, here are some differences I see from the information I read:

 

1. It is asking for a payment of $400 instead of $300, and only accepts moneypak and bitcoins. 

2. There are two background processes running, with one consistently taking up 50% of CPU

-- The two processes are being seen as Skype broker IE add-ons. 

-- I attached images. 

3. One other thing I noticed is wording is slightly different as well. For example instead of saying 
"Payments are processed manually, therefore, the expectation of activation may take up to 48 hours."
It says:
"Payments are processed manually after a review and can take up to 2 business days. 

--- The loading/status bar animation on this screen is also pushed up a bit so its directly under the text instead of being in the center. 

 

I have backups so can restore this PC and created another thread regarding prevention at:
http://www.bleepingcomputer.com/forums/t/530041/protecting-against-cryptolocker-on-a-windows-sbs-2003-domain-mixed-environment/#entry3334748

 

txhyFxy.jpg
 

 



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:00 PM

Posted 06 April 2014 - 05:51 AM

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoLocker Ransomware does and provide information for how to deal with it and possibly recover your data.

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack Program. Since this infection is so widespread, rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users