Page 1 of 2 1 2 LastLast
Results 1 to 15 of 19

Thread: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

  1. #1
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts

    OMG CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

    http://www.bleepingcomputer.com/viru...re-information

    We got hit with this last night. One user infected, then it went through every drive mapping he had and encrypted all of our files.

    We were lucky to get an older variant that didnt have this "feature"

    Note: Newer variants of CryptoWall will attempt to delete all shadow copies when you first start any executable on your computer after becoming infected. Thankfully, the infection is not always able to remove the shadow copies, so you should continue to try restoring your files using this method
    So I was able to restore from a shadow.


    http://www.pcworld.com/article/26889...ansomware.html

    The new CryptoWall samples were not detected by any of the 55 antivirus products used on the VirusTotal website when they were discovered Sunday, the Barracuda researchers said. The detection rate has slightly increased since then, they said.

    Its nasty, make sure your backups are in order






  2. The Following User Says Thank You to PorkChopSandwiches For This Useful Post:

    Hal-9000 (10-16-2014)

  3. #2
    #DeSantis2024 Teh One Who Knocks's Avatar
    Join Date
    Jan 2011
    Location
    5280' Above Sea Level
    Posts
    256,044
    vCash
    10966
    Mentioned
    20 Post(s)
    Thanks
    23,810
    Thanked 113,085 Times in 59,902 Posts
    Yeah, I've read about this...if you get hit with the version that deletes that shodow files, then you are basically fucked unless you have backed-up all your files really recently. The only way to decrypt them is to pay the ransom.

    Do you know how the person got infected? Bogus e-mail? Visited a shady website? Downloaded something they shouldn't have?

  4. #3
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts
    No, we searched the internet history, nothing out of the ordinary. But, it really could have come from any normal browsing

    Several websites in the Alexa top 15,000 list were affected by this latest malvertising—malicious advertising—campaign including hindustantimes.com, the site of Indian daily newspaper Hindustan Times; Israeli sports news site one.co.il; and Web development community codingforums.com.






  5. #4
    Dilly dilly Goofy's Avatar
    Join Date
    Jan 2011
    Location
    On the oche
    Posts
    52,011
    vCash
    5200
    Mentioned
    124 Post(s)
    Thanks
    6,061
    Thanked 13,156 Times in 6,846 Posts
    Sounds like a fun challenge....... i'm game

  6. #5
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts
    Want me to send it to you






  7. #6
    Dilly dilly Goofy's Avatar
    Join Date
    Jan 2011
    Location
    On the oche
    Posts
    52,011
    vCash
    5200
    Mentioned
    124 Post(s)
    Thanks
    6,061
    Thanked 13,156 Times in 6,846 Posts
    Just after i read your post i got an email Porky

  8. #7
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts






  9. #8
    transracial Hal-9000's Avatar
    Join Date
    Jan 2011
    Location
    On the Discovery
    Posts
    92,141
    vCash
    1000
    Mentioned
    1 Post(s)
    Thanks
    5,799
    Thanked 11,829 Times in 8,168 Posts
    so good or bad I use Norton internet security....the suite has changed so much from 5 years ago you'd think it was made by someone else...the protection, light resources it uses....really can't tell it's running even when opening rar's or moving files..

    Norton tends to update their protection quite quickly...like within 24 hours of a reported outbreak of crap like this...

    should I be worried PCS?

  10. #9
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts
    Its super easy to get and not easily detected until its to late

    The new CryptoWall samples were not detected by any of the 55 antivirus products used on the VirusTotal website when they were discovered Sunday, the Barracuda researchers said. The detection rate has slightly increased since then, they said.






  11. #10
    transracial Hal-9000's Avatar
    Join Date
    Jan 2011
    Location
    On the Discovery
    Posts
    92,141
    vCash
    1000
    Mentioned
    1 Post(s)
    Thanks
    5,799
    Thanked 11,829 Times in 8,168 Posts
    Quote Originally Posted by Teh One Who Knocks View Post
    Yeah, I've read about this...if you get hit with the version that deletes that shodow files, then you are basically fucked unless you have backed-up all your files really recently. The only way to decrypt them is to pay the ransom.

    Do you know how the person got infected? Bogus e-mail? Visited a shady website? Downloaded something they shouldn't have?

    so the malware/virus creators are so blatant they actually ask for a payment to get your files back?

    you would think someone could tag them from the payments..

  12. #11
    Hal killed Tormund! Pony's Avatar
    Join Date
    Jan 2011
    Location
    Borneo
    Posts
    17,294
    vCash
    2000
    Mentioned
    7 Post(s)
    Thanks
    7,292
    Thanked 7,740 Times in 4,205 Posts
    I ran into the old version awhile back on a friends laptop. It encrypts your files and puts up a timer to tell you how long you have to pay up or it will delete the decrypt keys. I actually lucked out and managed to remove it by booting into safe mode and running Malwarebytes. To my surprise 90% the files were still there and accessible after. I was expecting to lose my buddies 500GB of music and music video. (he's a DJ)

    Nasty piece of work that is. Good luck Porky!

  13. #12
    transracial Hal-9000's Avatar
    Join Date
    Jan 2011
    Location
    On the Discovery
    Posts
    92,141
    vCash
    1000
    Mentioned
    1 Post(s)
    Thanks
    5,799
    Thanked 11,829 Times in 8,168 Posts
    Thanks Pony...was just trying to imagine if they would want to hit an average home user and do that to their files...

    I have the free version of Malwarebytes (no real time protection) so I may do a full scan tonight just to be safe

  14. #13
    21-Jazz hands salute Muddy's Avatar
    Join Date
    Apr 2011
    Location
    On the Waters of Life
    Posts
    47,246
    vCash
    9653
    Mentioned
    5 Post(s)
    Thanks
    25,971
    Thanked 12,316 Times in 8,172 Posts
    Quote Originally Posted by Pony View Post
    I ran into the old version awhile back on a friends laptop. It encrypts your files and puts up a timer to tell you how long you have to pay up or it will delete the decrypt keys. I actually lucked out and managed to remove it by booting into safe mode and running Malwarebytes. To my surprise 90% the files were still there and accessible after. I was expecting to lose my buddies 500GB of music and music video. (he's a DJ)

    Nasty piece of work that is. Good luck Porky!
    You and your titty bar friends..

  15. The Following User Says Thank You to Muddy For This Useful Post:

    Pony (10-16-2014)

  16. #14
    transracial Hal-9000's Avatar
    Join Date
    Jan 2011
    Location
    On the Discovery
    Posts
    92,141
    vCash
    1000
    Mentioned
    1 Post(s)
    Thanks
    5,799
    Thanked 11,829 Times in 8,168 Posts
    and thank you number 666 for Porky!

  17. The Following User Says Thank You to Hal-9000 For This Useful Post:

    PorkChopSandwiches (10-16-2014)

  18. #15
    Shelter Dweller PorkChopSandwiches's Avatar
    Join Date
    Jan 2011
    Posts
    77,135
    vCash
    5000
    Mentioned
    15 Post(s)
    Thanks
    47,197
    Thanked 29,254 Times in 16,488 Posts
    Quote Originally Posted by Hal-9000 View Post
    so the malware/virus creators are so blatant they actually ask for a payment to get your files back?

    you would think someone could tag them from the payments..
    They make you pay into multiple bitcoin accounts

    Quote Originally Posted by Pony View Post
    I ran into the old version awhile back on a friends laptop. It encrypts your files and puts up a timer to tell you how long you have to pay up or it will delete the decrypt keys. I actually lucked out and managed to remove it by booting into safe mode and running Malwarebytes. To my surprise 90% the files were still there and accessible after. I was expecting to lose my buddies 500GB of music and music video. (he's a DJ)

    Nasty piece of work that is. Good luck Porky!
    We got it sorted because I fucking crush at this shit


    A lot of people just pay, they have collected a million in payment all ready






  19. The Following User Says Thank You to PorkChopSandwiches For This Useful Post:

    Pony (10-16-2014)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •