Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Question about CoinVault and CryptoLocker Infections.

  • This topic is locked This topic is locked
1 reply to this topic

#1 disabledcomputer


  • Members
  • 2 posts
  • Local time:04:47 PM

Posted 22 November 2014 - 01:37 PM

I was wondering if anyone out there had any information about where people are getting infected with the CryptoLocker family of viruses.  I have tried looking on the internet to find out some kind of information.  Any help would be greatly appreciated.


BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,953 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:47 PM

Posted 22 November 2014 - 09:37 PM

Crypto malware, like other forms of ransomware, is also typically spread through social engineering and user interaction...i.e. opening suspicious email attachments, opening an infected word docs with embedded macro viruses and sometimes via exploit kits. Crypto malware can be disguised as fake PDF files in email attachments which appear to be legitimate correspondence from reputable companies such as banks and Internet providers or UPS or FedEx with tracking numbers. Attackers will use email addresses and subjects (purchase orders, bills, complaints, other business communications) such as this example that will entice a user to read the email and open the attachment.

US-CERT advises there have been reports that some victims encounter the malware after clicking on a malicious link within an email or following a previous infection from botnets such as Zbot/Z-bot (Zeus) which downloads and executes the ransomware as a secondary payload from infected websites. Other types or crypto malware have been reported to spread on YouTube ads, via browser exploit kits and drive-by downloads when visiting compromised web sites.

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoLocker Ransomware Information Guide and FAQ

There is also a lengthy ongoing discussion in this topic: Cryptolocker Hijack Program.

...from the above topic.

I want to make something very clear to any users just now getting to this thread because they were infected by "CryptoLocker"! The real Cryptolocker has been down, and has not returned for awhile now! This means that what ever infection you have, is a new one Fake one! Before EVER considering paying for the ransom you should always make it first priority to ask on the thread first or PM any member to ask for help! Things that will help us identify your infection is Screenshots of any windows, The Ransom Note, and the EXE if you have it..

Nathan (DecrypterFixer), Security Colleague Post #3223

...For those of you emailing me about CryptoLocker: Stop. You do not have CryptoLocker, that infection has been dead for awhile and you most likely have TorrentLocker, or a copycat of some kind.

Nathan (DecrypterFixer), Security Colleague Post #3241

Information about a fake CryptoLocker can be found in this discussion topic: TorrentLocker Support and Discussion Thread (CryptoLocker copycat)

A repository of all current knowledge regarding CoinVault Ransomware is provided by Grinler (aka Lawrence Abrams), in this tutorial: CoinVault Ransomware Information Guide and FAQ.

Reading that Guide will help you understand what CoinVault does and provide information for how to deal with it. Also see A new ransomware called CoinVault has been released

There is also an ongoing discussion in this topic: CoinVault Support Topic. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of those topic discussions.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users