Finally, a Cure for Cryptolocker

Some of our clients’ computers have been infected with the virus Cryptolocker which encrypts all the files on the computer, and often, unfortunately, the business data and photos. People lose all their baby photos, once in a lifetime travel photos, or photos of a deceased family member or friend. They lose important business data. Now two IT cyber security companies, FireEye and Fox IT have partnered to provide a free service that will decrypt the files.

The virus creators were stopped for awhile by the FBI and RCMP’s Operation Tovar which took down many of the cyber-criminals’ servers. After a couple of weeks, however, Cryptolocker was back, although not as rampant as before, it seems, from my experience. During Operation Tovar decryption keys were obtained and FireEye and Fox IT

These companies have a created website www.decryptcryptolocker.com that will help you get a free decryption key.

decryptolocker

On the website, you have to upload a encrypted file and send an email address and they will send you a decryption key.

If anyone needs help with doing this or has been infected with Cryptolocker in the past, Ducktoe’s anti-virus lab would be glad to help you recover your encrypted files.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Be Careful: Cryptolocker Back after Two Week Hiatus

Cryptolocker is back after a two week break.  This ransomware encrypts all the files on your computer’s hard drive and will not decrypt them you pay the ransom.  Two weeks ago the FBI and Mounties took down Gameover Zeus servers which also contained the Cryptolocker virus and put both out of commission.  We at Ducktoes were so relieved because as a virus removal service dedicated to helping you and fixing your computers quickly and effectively we often have to deal with this horrible virus.  After a computer is infected there is very little we can do to bring the files back.  Cryptolocker is devastating to businesses that lose business files and individuals who lose all their files, especially photos.

Unfortunately, Cryptolocker is now being used as a stand-alone program without Gameover Zeus.  It is back in service.

Read more.

http://www.cbronline.com/news/security/cryptolocker-ransomware-is-back-after-two-week-takedown-4306092

http://betanews.com/2014/06/24/times-up-cryptolocker-ransomware-is-back-in-business

What we can do at Ducktoes is prevention and help you not get the virus in the first place.  Please be careful and do the following:

  1. Don’t open pdfs or any attachments unless you are ENTIRELY sure about them.
  2. Backup your computer right now and then disconnect the backup drive from your computer.  Backup often.
  3. Install Malwarebytes Premium.  It prevents the virus.  We have it on sale at the shop.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Cryptolocker is Back Already

According to a recent article, which I will cite later, Cryptolocker is already back in operation.  Thank you to friend. former classmate, and fellow tech Paul Maslak for that information.  I’ll write more about it later today if I can.

In the meantime please don’t download any pdfs from FedEx, UPS, Canada or US Post and other businesses. Just don’t.  Put Malwarebytes Premium on your computer.  It prevents Cryptolocker.  We can help you do that.  Just call our remote support.  I’ll do it for free even, the installation that is.  The program costs around $36.  403-219-3031.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Worst Virus Ever Cryptolocker Stopped for Now


Mastermind behind Cryptolocker and Gameover

The worst virus Ducktoes has ever seen, Cryptolocker, has been stopped, at least for now, and maybe for good. We’ve had a few clients infected with it. The worst affected was a woman who lost her family photos. She didn’t want to pay the cybercriminals for decryption so decided to lose the photos instead. Another was a lawyer’s office but I was able to disconnect all the computers from the network before it spread so they lost only one user’s files. Another was a business who called in the middle of the night and I happened to be up. I told the client to shut down all her computers until I could get there early in the morning. The data loss from those two clients was minimal. Another business client had the virus and lost his files but had them backed up so was able to recover them.

The main suspect behind this virus and its sister virus “Gameover Zeus” according to the FBI Wanted Poster is Evgeniy Mikhaylovich Bogachev.  Bogachec a thirty-year-old Russian man living in a Black Sea resort town, according to the Globe and Mail and other sources.

What made the virus so bad was that there was no way to unencrypt the files so the clients would have to pay for the decryption key or lose their files forever. Also it was highly contagious and would infect all other computers on the network.  At businesses this can be devastating.  In our computer repair lab, we had to put all infected computers in quarantine on a completely separate network.

The RCMP in cooperation with the FBI has shut down two servers in Montreal that were used to spread the two viruses Gameover Zeus and Cryptolocker. According to a Globe and Mail article, “As part of a major crackdown in a dozen countries against Russian cyber-criminals, the RCMP has shut down two computer servers in Montreal that were part of a network that extorted millions of dollars from businesses and consumers.

The operation disrupted malicious software called Gameover Zeus (GOZ), which has infected up to a million computers around the world and caused losses of more than $100-million (U.S.).”

Gameover would get computer users’s bank account information and withdraw or transfer money to the cybercriminal’s account. It also would infect the computer with Cryptolocker which encrypts the client’s files such as business data, personal records, photos, and videos. Some businesses lost a fortune without their files. Many clients lost all their family photos.

According to Grinler of Bleeping Computer, Cryptolocker was downloaded in infected pdfs purporting to be from Fedex, UPS, tax companies and other business related companies.

Other servers were in Ukraine and Kazakhstan, besides the ones in Montreal.

At Ducktoes we can remove viruses like this one and restore and fix your computer back to normal in a computer repair lab. We can also prevent viruses like this in the first place with our anti-virus cocktail.

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather

Ducktoes Wins Against the Worst Virus Ever: Cryptolocker

 

A red mean looking virus chases a scared looking computer tower.

A Law office client of ours got Cryptolocker, the worst virus ever, earlier this week.  Luckily they let me know before it encrypted all their files.  The lawyer stopped in the office and said something strange was happening to the files, that they were locked and said they were encrypted.

I immediately grabbed my laptop and went out the door and literally ran down the street to his office.  The lawyer yelled after me, “Where are you going?”  “To your office!” I said.

Luckily it had only encrypted one user’s files on the server.  Often it encrypts everything on the network because it is really contagious and moves quickly.  They were lucky they had us as their IT support and that we reacted immediately or they would have lost all their documents which would devastating and expensive beyond belief for a law office.

What I did:

  • I reacted immediately. Since it was late on a Friday afternoon the it support techs were already on their way home after a really long and busy day so I went myself.
  • Upon arrival, I disconnected all network drives and started virus removal on all desktops.
  • I backed up any documents not yet encrypted.
  • I took the two infected computers back to the office and quarantined them, then did advanced virus removal. (You have to quarantine Cryptolocker or it will infect all your computers.)
  • I put better protection on their computers, AVG Cloud and Malwarebytes Pro. Before they had a different free antivirus which we don’t recommend but they liked it and until then it had served them well.  AVG Cloud is good because it is alerts us of viruses by email and Malwarebytes Pro prevents the encryption virus.

I love saving clients from catastrophic outcomes.  We can help your company too with our Calgary IT support services.

 

Facebooktwittergoogle_plusredditpinterestlinkedinmailFacebooktwittergoogle_plusredditpinterestlinkedinmailby feather