Cryptolocker

Posted by admin in Windows on April 7, 2015 with No Comments

History
 
CryptoLocker typically propagated as an attachment to a seemingly innocuous e-mail message, which appears to have been sent by a legitimate company. A ZIP file attached to an email message contains an executable file with the filename and the icon disguised as a PDF file, taking advantage of Windows’ default behaviour of hiding the extension from file names to disguise the real .EXE extension. CryptoLocker was also propagated using the Gameover ZeuS trojan and botnet.
 
When first run, the payload installs itself in the user profile folder, and adds a key to the registry that causes it to run on startup. It then attempts to contact one of several designated command and control servers, once connected, the server generates a 2048-bit RSA key pair, and sends the public key back to the infected computer. The server may be a local proxy and go through others, frequently relocated in different countries to make tracing them more difficult.
 
The payload then encrypts files across local hard drives and mapped network drives with the public key, and logs each file encrypted to a registry key.
 
The process only encrypts data files with certain extensions, including Microsoft Office, OpenDocument, and other documents, pictures, and AutoCAD files. The payload displays a message informing the user that files have been encrypted, and demands a payment of 400 USD or Euro through an anonymous pre-paid cash voucher (i.e. MoneyPak or Ukash), or an equivalent amount in Bitcoin (BTC) within 72 or 100 hours (while starting at 2 BTC, the ransom price has been adjusted down to 0.3 BTC by the operators to reflect the fluctuating value of Bitcoin), or else the private key on the server would be destroyed, and “nobody and never will be able to restore files.
 
” Payment of the ransom allows the user to download the decryption program, which is pre-loaded with the user’s private key.Some infected victims claim that they paid the attackers but their files were not decrypted.
 
In November 2013, the operators of CryptoLocker launched an online service that claimed to allow users to decrypt their files without the CryptoLocker program, and to purchase the decryption key after the deadline had expired, the process involved uploading an encrypted file to the site as a sample and waiting for the service to find a match, the site claimed that a match would be found within 24 hours. Once found, the user could pay for the key online, if the 72-hour deadline passed, the cost increased to 10 Bitcoin.
 
Recovery
link-wordpress-post-title-to-external-url
 
To restore a file or folder that was deleted or renamed, follow these steps
link-wordpress-post-title-to-external-url

Server 2008 routing

Posted by admin in Windows on September 4, 2013 with No Comments

Server 2008 GPO setup

Posted by admin in Windows on September 4, 2013 with No Comments

Ubuntu LAMP setup

Posted by admin in Linux on September 4, 2013 with No Comments

Ubuntu Samba setup

Posted by admin in Linux on September 4, 2013 with No Comments

Categories

Archives

LoadingRetrieving latest tweet...

Back to Top

Follow us on Twitter to receive updates regarding network issues, discounts and more.
2024 © Data Associate | Providers of specialized hosting & IT solutions.