Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PSA: Locky and how to attempt to avoid it.


  • This topic is locked This topic is locked
5 replies to this topic

#1 neuronic

neuronic

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:11:32 AM

Posted 05 March 2016 - 05:50 PM

A ransomware named "Locky" has been spreading to users around the globe. Because this malware relies on downloading and installing the Tor browser, we recommend proactively blacklisting the following URL if you have not done so already: https://www.torproject.org/download/download-easy.html It should be mentioned that TorBrowser, which is a great piece of software, isn't malware in itself - It is just being downloaded by Locky and without it Locky will not encrypt your files. 

 

 

If you are a Synapse user (I think there is one in the forum lol) you don't have to worry about this - It has already been taken care of. 


Edited by neuronic, 05 March 2016 - 06:12 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:32 AM

Posted 05 March 2016 - 05:55 PM

We have a BC News article about this infection.TAnd there is an ongoing discussion in this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,511 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:32 AM

Posted 05 March 2016 - 06:00 PM

The Tor Browser isn't really the cause of the infection. If downloaded from the legitimate source, Tor Browser is safe. Think of it as just another web browser like Chrome (it's actually based off of code from Firefox). Most ransomware will direct the user to open their "personal page" over Tor due to the anonymity. Their servers run over Tor so they can't be tracked down, or shut down.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:32 AM

Posted 05 March 2016 - 06:10 PM

Yes and a lot of malware developers utilize the TOR browser for various types of ransomware.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 neuronic

neuronic
  • Topic Starter

  • Members
  • 52 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New Hampshire
  • Local time:11:32 AM

Posted 05 March 2016 - 06:12 PM

The Tor Browser isn't really the cause of the infection. If downloaded from the legitimate source, Tor Browser is safe. Think of it as just another web browser like Chrome (it's actually based off of code from Firefox). Most ransomware will direct the user to open their "personal page" over Tor due to the anonymity. Their servers run over Tor so they can't be tracked down, or shut down.

 

Yes that is true. I have edited the original post to reflect that. 


We have a BC News article about this infection.

TAnd there is an ongoing discussion in this topic.

 

 

Thanks for this :D



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,471 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:32 AM

Posted 05 March 2016 - 06:14 PM

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any comments
about Locky in the support topic noted above. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users