[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Extra juicy! | Home]

CryptoWall

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 103
Thread images: 4

File: 1448478703068.gif (4MB, 500x282px) Image search: [iqdb] [SauceNao] [Google]
1448478703068.gif
4MB, 500x282px
im infected with CryptoWall

please god help

plz help me
>>
>>51603000
Just restore from your backups
>>
>>51603055
That'd be fine if I HAD ANY
>>
>>51603055
Not him but

>tfw you don't have enough space for backups

I don't have enough cash for a fucking HDD due to the 6700k going up in price, literally end me senpai
>>
>>51603055

i dont have backups.........this thing cant have killed all my files on all external HDD's .......cant I brute force the encryption ?

I do have a mining rig that could maybe spead up the process

pleas guys help, ill send bitcoin to the person who can help

cause im sure not sending it to the pricks who made this
>>
>>51603055
>>51603055

i dont have backups.........this thing cant have killed all my files on all external HDD's .......cant I brute force the encryption ?

I do have a mining rig that could maybe spead up the process

pleas guys help, ill send bitcoin to the person who can help

cause im sure not sending it to the pricks who made this
>>
Nah, you're fucked, sorry
>>
>>51603225
>i dont have backups.........this thing cant have killed all my files on all external HDD's
as far as I know, only 'document' types are affected (pdf, office extensions, etc), any other files (including compressed ones) are usually spared
>.......cant I brute force the encryption ?
short answer: No. Long answer: Yes, but it will take you a few billion years to break it
>I do have a mining rig that could maybe spead up the process
It makes no difference whatsoever
>pleas guys help, ill send bitcoin to the person who can help
anyone that claims that they can help is scamming you
>cause im sure not sending it to the pricks who made this
most of the time, if the files are that important to you, this is the only option. By default they will decrypt one file to prove they can so you can pay them. I am not OK with this kind of shit but sometime you just have to cooperate.

Learn from this anon, make backups, even if it means dumping them to a shit flash drive.
>>
>>51603225
>cant I brute force the encryption
It would literally take years for the most powerful supercomputer on the planet to brute force it.
>>
RIP in pieces, OP.
>>
>>51603000
No backups, you fucked pal. I'm sorry. I had to deal with this shit and it was a fucking nightmare. And i'm not talking about 1 weaboo infected pc, i'm talking about 200+ infected office machines because 1 retarded moron clicked a bait.
>>
>downloadmoreram.com

your welcome OP
>>
should've used linux, faggit
>>
>>51603566
>I had to deal with this shit and it was a fucking nightmare.
I hope they fired you for your shitty infosec
>>
>>51603626
There is a cryptowall variant for linux, but it's so bad coded it can be easily bruteforced.
>>
>>51603566
>1 retarded moron clicked a bait
how a single user was capable of infecting 200 machines? I get that this thing spreads to network shares but why have 200 machines with network shares and on top of that what kind of AD account this guy had that had him with write privileges to all 200 machines?
>>
I think there are "medicines" for some cryptowall variants in windows, too. try googling "cryptowall removal". don't have much hope, though
>>
>>51603627
I wasn't employed there, i was called to solve shit.
>>51603687
All i can tell you is there was no proper fix for the attack. They had to backup. Luckly the company was storing backups everyday, and on separated machines.
Authorities were involved since the group that planted the crypto asked millions in return.

Beside backing up nothing more came of it since they were operating from a east european country and nobody over there cooperated for the investigation. At least i was told
>>
>>51603000
>>51603132
>>51603225

Here are your options in decreasing chance of it working out for you:

1) Small small chance that they used a variant that has been decrypted. Not likely but worth uploading a sample to them and see,

2) Also small chance you had vss enabled and the variant didn't wipe them. Check.

3) Pay the fucker. I've not once heard of an instance where they don't decrypt the files. Hilariously they have fantastic support; live chat and all. How much is the ransom, OP?

4) Let it go. You won't be able to defeat it. Maybe back up the encrypted files hoping another option comes along like #1 above for the variant used against you and you'll be able to recover then. Most likely not though.

Moral of the story: backup. Even if it's just your important docs/pics and you end up using google drive/dropbox/box/onedrive; DO SOMETHING. usb stick/drive. aws. rsync. SOMETHING. Fuck man.
>>
>>51603827
>decreasing
increasing

whoops
>>
>>51603055
this
>>
>>51603000
1) reinstall
2) restore from backup
3) don't be a fucking retard this time

you do have back ups, right anon?
If not, think of this as a lesson
>>
How did you get it?
>>
Easy, OP. Just get a quantum computer to brute force it for you.
>>
>/g/
>see a problem with data loss
>smugly reply to restore from backups knowing no one on their personal computer who thinks their files are safe has ever done
>go on yourself never making backups too
>finally experience data loss in some unfortunate accident
>ask /g/ for help
>restore from backups
>>
>>51603920
do u have discount code for it

LOL UR SO FUNNY ANON

AHAHAH!!!!!!!

Get the FUCK out of my thread, you useless shithead!
>>
how fucking stupid do you have to be to get this shit anyways???
>>
>>51603955
top kek to be honest family
>>
guys help

I think cryptowall is dosing my computer its going really slow and my xbox is starting to lag a bit too

dad is going to smack my arse if he sees this when he gets back from work

HELP
>>
How do you even get something like this anyway?

I ask this seriously. I've pirated tons of anime and hentai games and I've never gotten anything like this.
>>
>>51603969
Considering that the interface hides itself while it doing its thing and only comes up AFTER it has finished running, not that much. If you are security minded, it is very likely it wont hit you but most windows users see something flashy and click on it right away. I am not bashing windows users (I am one after all) but the trend is more active for them than linux users.
>>
>>51604029
Did I mention I'm his wife's son?
>>
>>51604030
>>51603969


You just gotta visit youtube.

>http://zerosecurity.org/2014/08/cryptolocker-spread-youtube-ads
>>
>>51604029
Slow computer means that the program is still encrypting your files... I have no idea why you have not shutdown the computer at this point. As far as your XBOX lagging that is something else. These guys are not looking for overall damage, they want money.
>>
>>51604074
There are people who don't run some form of at least adblock if not a script blocker?
>>
>>51604100
Anon, there are people who don't know the difference between a browser and an operating system. Being old, for some, is still a thing
>>
say fuck you to hacker and nuke and pave, fuck that data you didn't need it anyway
>>
How do you stop this anyways?
>>
>>51604074
>"visit youtube"
>not "click on ads and run the software that downloads"
>>
Reminescient of mugging, this disruptive technology called ransomware, does all but yell "Freeze and give me the money." These sophisticated attacks lock users out of their computers, and request a fee to unlock the data. Depending on the particular piece of malware, the data may be irrecoverable. The main victims of these types of attacks are usually consumer level users, but according to IBM Security: IBM X-Force Threat Intelligence Quarterly, the threat is evergrowing and the threat may be moving toward corporate machines.
Some of the up and coming threats are associated with mobile devices and internet enabled devices(IoT) Symantec reports that running an infected .apk file on a smartwatch infected the paired device, this was only a proof of concept, but information security experts expect to see these exploits in the wild , soon.
Another recent attack hit the Chamber of Commerce where employees were receiving messages indicating they could exchange cash for a key to decrypt the data. Luckily, the IT team was able to disinfect the workstations. Because of the recent release of Windows 10, a targeted attack has been launched against users of the new operating system. Customers were advised to install an anti-malware solution.
The success attributed to ransomware attacks comes from the business model of the attack, it's much easier to extort 1000 people of $100 than $100,000 from an individual. Besides that, the ransomware spreads quickly and the organizations that run these extortion rings are difficult to prosecute.
IBM also noted that a lot of malicious traffic is coming from TOR network, Historically however, reports indicate the malware is spread by traditional means; email spamming, trojan installations, and network worms.
>>
>>51604212
Stop from becoming infected? Be mindful of where and what you click: downloading the program does not run it immediately (unless you click RUN in the download dialog, shame on you for using IE). After the infection: really, there is not much you can do other than pay up or restore from your backups.
>>
>>51604251
The best course of action to protect yourself against ransomeware attacks is to keep regular offline backups. Networked backups aren't recommended, because they too can be exploited. One of the methods of removing ransomware involve booting to safe mode and running virus scans. Another method involves cracking the encryption, but if the extortionists implemented the encryption properly, you would never be able to crack the key.
Of course, you can always pay up knowing that you're aiding a criminal operation that will likely do the same to another innocent victim, because you are accepting their terms and verifying the efficacy of their business model. If you do pay, don't worry, you're not alone, cops in Maine payed a ransom to get their files back.
>>
File: y.jpg (2MB, 1813x2111px) Image search: [iqdb] [SauceNao] [Google]
y.jpg
2MB, 1813x2111px
>>51604212
Literally not run code you don't trust, it's literally that simple

every single time someone gets malware it's because they ran code they shouldn't have trusted, literally not joking. That's why some people use only open source code that they can personally check and then compile themselves to make sure they can trust it with their data.
>>
>>51603000
Install gentoo.
>>
Sorry senpai. I got that Wednesday. They seem to be getting more and more aggressive. Thank god it didn't get to my other drives.
>>
Well now I'm worried for my idiot family. If you guys are getting compromised then they are fucked.
>>
>>51604416
>implying /g/ users are smart.
Shh desu senpai
>>
>>51604446
this... mostly shitposters in here so nothing to worry about
>>
>>51603827
thx for the help man also thx to everyone else


now i gotta decide whether I pay the ransom or not ...after i try the few possible fixes

fuck my life
>>
>>51603947
I don't have anything important to backup.
>>
>>51603947

See, the trick is to just be a worthless NEET with no important documents :^)
>>
>>51603947
>go on yourself never making backups too
Speak for yourself, retard.

You have to be retarded to not make backups.

>You can make a perfect copy of your house, for free, whenever you want.
>You can restore your house to perfect condition if it burns down, robber breaks in, etc.
>"Oh, I've got nothing important, it takes too much time, besides nothing will happen to me, right?"

Literal retardation.
>>
>>51603000
just pay man
>>
boot an ubuntu live cd/usb and copy your files from the machine or upload to onedrive.
>>
>>51603132
>That'd be fine if I HAD ANY
A computer without a backup solution is not a fully functioning computer.
>>
>>51603651
anyone else here use level access for important files?

When I browse the web, do research on things foro work/school I generic access.

WHen I work on things, I switch logins, with new home etc. Trustes sites get to run java.

Onthat linux verision, can it get root?
>>
>>51603132
If you didn't build your computer with Murphy in mind, you built a self-destructing computer. You, sir, are a terrorist. VIRUS-HU ACKBAR!
>>
https://noransom.kaspersky.com/
>>
honestly, if you really need the data just pay the ransom and dont be such a fucking idiot from now on.
>>
>>51603000
not sure how people get viruses, unless they regularly click on ads and download all their media from tpb.
Then again, one of my friends who I held in high regard regularly downloads movies from putlocker. Is everyone just this dumb?

>>51604330
>literally
>>
>This means that some files were encrypted using a key, and others using another set of keys. However, in so doing, the race condition generated leads to some files getting irreparably damaged (their content is truncated to zero). And in some cases even the ransom notes became encrypted!

I kind of want to create some ransomware that imitates one of the more widespread ransomwares, but it totally destroys your data. If faulty ransomware became more prevalent, people would stop giving money to the developers since they'll think it might be useless.
>>
>>51603000
Op, what kind of data did you have on the drive? Unless its something really important like photos of your family etc. you can most likely write this off as a lesson in download discipline and data backups.


If nothing important, just wipe the drive.
Curious, what os? If windows, then try linux before you reinstall your os.

And op: if you want to wipe the drive:
dd if=/dev/random of=/dev/sda.
>>
didnt kaspersky release keys to open the encryption?
>>
>>51608748
It was cryptolocker.
>>
>>51608748

They released the keys that were obtained from one server they compromised.

Given keys are generated at the time of infection, unless OP is posting about an issue they had several months ago this isn't going to help.
>>
>>51603000
Does your data matter to you financially?

>No
Then forget about it.

>Yes
Is it worth more than what the CryptoWall ransom costs?
>No.
Then forget about it.
>Yes.
Then pay the ransom.
>>
>>51607689
Pretty much this. If you don't backup your files, you are stupid.
>>
>>51608916
Hurray for DHE
>>
I have a Trisquel laptop and a Parabola server, and I've been making backups every few months of my laptop to my server via SSH
Supposing that my laptop gets hit with one of these (unlikely since I don't run nonfree javascript) is it unsafe for my server as well if it's online while the virus is doing its thing?
>>
Didn't even read the thread, but let me guess it's some ransomware you downloaded from beastlover.avi.exe?

>Make backups next time,
>encrypt your shit if you have to
>use a password manager for sites.
go fuck yourself
>>
>>51612725
how is parabola compared to Trisquel?
Did you go through a minimal install or the mate liveCD
>>
>>51612961
Just made a live USB and followed the directions on the website
It's a headless machine but it still has X because of Mumble's dependence on it
>>
>>51610867
>Then pay the ransom

Or don't, because the randomware most likely *won't* provide you with the decryption key either way. Why would you trust such a party to honor its contracts in the first place?

>>51603000

Your data is gone. Just reformat and start backing up your shit from now on. If you really insist on using Windows, then don't have it connected to the Internet.
>>
Is there a cryptolocker/wall version for linux? And is Shadow Defender useful to get rid off of this virus?
>>
File: 1448799448184.jpg (58KB, 540x531px) Image search: [iqdb] [SauceNao] [Google]
1448799448184.jpg
58KB, 540x531px
What I don't get is how you even get infected by that shit in the first place. Anyone got any info on how they infect you, I'm genuinely curious.
>>
>>51613002
this is a common roumer

they DO pay out, or else word would have gotten around and no one would pay, if no one paid there wouldn't be a market for this.

UNLESS YOU HAVE NSA TIER TOP SECRET DATA

dont fucking pay the $500 just nuke your shit.

sorry bro but its game over
>>
It's fine OP, just restore from your bac-

Oh, you didn't take backups. Well this is awkward.

Basically, if your shits important, you need to pay them. You might not get your shit back. These guys have gone to a lot of effort to make their shit, and honestly as bad as it is to recommend them, a lot of the time paying them /does/ get your stuff back.

It's like Government ransom policies. They don't pay ransoms because it encourages it. But when you're stuck in a ransom, your choice is payment or death. You choose the logical option (or take out ransom insurance).

Is your shit important? Then pay and take the chance. If it's not, then don't. Simple choice. And take backups for fucks sake next time.
>>
>>51613045
running nonfree javascript and getting exploited?
Adobe Flash?
Windows security is garbage and there is nothing like package signing, hashing, gpg keys etc.
Alot could be stopped by just doing that and moving to linux.
>>
>>51613089
Cyptoware is typically spread through phishing emails, such as UPS ones, from what I've seen in my organisation.

Our deployed AV to moe workstations manages to catch most of them. Plus they can only touch the user profile of which we keep shadow copies. I literally just revert their profile back a few days and reimage the machine, poof its gone.

We literally put a new NAS in the budget to take more frequent backups because of this shit
>>
>>51613089
So basically not updating flash and not running something like noscript on the browser?

I'm just genuinely curious since these types of attacks seem to get more usual by the day. Are people just that tech illiterate or what.
>>
>>51613115
removing flash completely and using GNASH in it's place would be better.
>>
>>51603000
Try rakhnidecryptor op
>>
>>51603000
Try shadow explorer op, worked for me
>>
Sorry OP, my condolences

This is why I'm glad I don't keep anything on my PC worth ransoming. Also developing a healthy paranoia of hyperlinks, emails, downloads, and obvious bullshit helps.
>>
Ask the NSA for the latest backup they have.
>>
>tfw i downloaded a russian virus when i was 7 on accident
>it bugged out and didn't work
>>
>>51613325
Can you really be infected from just clicking a link though? If that was the case it would almost seem to easy to exploit.
>>
Just erase the HDD inside..... RIP files and videos... but at least you save money for not paying ransom....
>>
You have two options - pay the ransom, or format your operating system and lose all of the files. If it's AES encryption, there is no way for anyone, even the NSA, to recover your files.
>>
>>51613412

Format hard drive and reinstall operating system*.

I derped.
>>
what's cryptowall guys
>>
>>51607030
top kek
>>
>>51603000
install gentoo.
>>
>>51603055
>backups
more trouble than they're worth
>>
>>51614240
>insurance
more trouble than it's worth
>>
>>51603910
Seriously this. Is no one else even asking this?

>>51604157
>Anon, there are people who don't know the difference between a browser and an operating system. Being old, for some, is still a thing
Then explain how these fuckers on /g/ keeps getting these? How many of these threads have we've gotten so far? Please tell me this is a meme.
>>
>>51603000

Have backups, don't run Windows, minimize the damage by having multiple specialized computers instead of one do-all monolith.
>>
>>51615491
>minimize the damage by having multiple specialized computers instead of one do-all monolith
>mfw my computer does heavy editing, compiling, video games, virtual machines for my brother, media consumption in movies or anime, backup, and small NAS features
>>
>>51608023
If they are actually encrypted that won't work
>>
>>51613110
>Cyptoware is typically spread through phishing emails, such as UPS ones, from what I've seen in my organisation.

Yup, that's how it works. Peggy at the front desk gets an email claiming to be from UPS with a link to track a recently ordered package. Malicious pdf or zipped file is at the end of the link and it's as simple as that.
>>
>>51615588

Enjoy having a centralized point of failure, I guess.
>>
>>51615491

This is my approach.

I have three rigs: one Win10 for gaymen. Xubuntu for general purpose internettery, and stuff. And, a Win7 box for audio production.
>>
A friendly reminder from decades past:

Save now. Save often.
Thread posts: 103
Thread images: 4


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.