Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cryptolocker encrypt network folders linked to Favorites/Quick Access?


  • Please log in to reply
3 replies to this topic

#1 whuigens

whuigens

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 11 November 2015 - 05:41 PM

Hello there I've been doing some research on Cryptolocker and know that it Encrypts files locally and mapped drives. I was wondering if I removed mapped drives from my environment and used UNC Folder links in the Favorites (Windows 7) or Quick Access (Windows 10) areas. Would these files get encrypted as well or be safe?



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:08 AM

Posted 11 November 2015 - 06:35 PM

A repository of all current knowledge regarding Cryptolocker is provided by Grinler (aka Lawrence Abrams), in this topic: CryptoLocker Ransomware Information Guide and FAQ

The original CryptoLocker Ransomware infection does not exist anymore and hasn't for over a year. There are several copycat and fake ransomware variants which use the CryptoLocker name but those infections are not the same.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 whuigens

whuigens
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:08 AM

Posted 12 November 2015 - 08:19 AM

I read through this article already and I know that UNC shares in general are safe. But with all the variants and copy cats I'm wondering if it is safe to have the UNC folder \\%servername%\share linked in Quick Access or Favorites in File Explorer instead of mapping to a drive letter. Does the ransomeware target this location or not?



#4 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:11:08 AM

Posted 12 November 2015 - 10:12 AM

I read through this article already and I know that UNC shares in general are safe. But with all the variants and copy cats I'm wondering if it is safe to have the UNC folder \\%servername%\share linked in Quick Access or Favorites in File Explorer instead of mapping to a drive letter. Does the ransomeware target this location or not?


No Ransomware variant enumerates your prefetch files fas a method of discovering open network shares... Most sophisticated variants active in-the-wild today will enumerate any and all shares that the infected device has access to, so regardless of whether your map the drive to a letter or not, it will still be targeted. Not the case for ALL variants, though.

Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users