Cryptolocker

[Jack 1]

My Puter seems to be working fine with ESET SS 7 64-bit.

I friend sent me a disturbing email about Crtptolocker.

I assume ESET has this baddy covered?

 

[Arakasi 549]

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3433

 

hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN2372

 

Yes sir

[Arakasi 549]

We call it FileCoder

 

There are some variants called crypto here : hxxp://www.virusradar.com/en/search/all/crypto

Edited October 29, 2013 by Arakasi

[audiodragon 0]

Not sure FileCoder is the same as the Cryptolocker that's going around lately.  Cryptolocker doesn't use RDP (which would make Home version Windows immune), but rather an executable sent by email in which the user would have to click it. I know businesses that's been hit with this and the threat did not come in through RDP.

 

From CIS Cyber Alert (https://blog.cisecurity.org/):

 

CIS has received multiple reports about the CryptoLocker malware. CryptoLocker is ransomware that seeks out and encrypts documents on the infected machine and any connected shares or drives. The encrypted files are held ransom for a fee. If the fee is not paid within a specific timeframe, typically seventy-two hours, the encrypted files will be deleted. Decryption is only feasibly possible given the purchase of the key. However, open source intelligence suggests paying the fee does not always result in the restoration of files.

 

It should be noted that once the victim is infected, the CryptoLocker malware might not be downloaded immediately. It has been reported that CryptoLocker has been downloaded as long as twenty-four hours following the initial infection. Because of this, it is important that infected systems be identified as quickly as possible and remediated immediately.

[Marcos 5,074]

CryptoLocker is a name used by some other vendors, ESET calls it Win32/Filecoder.BQ.