- January 8, 2015 at 7:36 pm #70128adminKeymaster
Ransomware holds a user’s data hostage. The latest ransomware variants encrypt the user’s data, thus making it unusable until a ransom is paid to retrieve the decryption key. The latest Cryptowall 2.0, utilizes TOR to obfuscate the command and control channel. The dropper utilizes multiple exploits to gain initial access and incorporates anti-vm and anti-emulation checks to hamper identification via sandboxes. The dropper and downloaded Cryptowall binary actually incorporate multiple levels of encryption. One of the most interesting aspects of this malware sample, however, is its capability to run 64 bit code directly from its 32 bit dropper. Under the Windows 32-bit on Windows 64-bit (WOW64) environment, it is indeed able to switch the processor execution context from 32 bit to 64 bit.January 9, 2015 at 10:09 am #84087
I swear I saw that someone had discovered a way to decrypt.. to create the Key needed, but I cant find it!January 9, 2015 at 5:26 pm #84102JMRKParticipant
I swear I saw that someone had discovered a way to decrypt.. to create the Key needed, but I cant find it!
There were some encryption methods where they were able to decrypt the files. In one case the malware writer inadvertently left the keys in the registry or somewhere on the system. In some cases they’ve used a known key which made it easy as well. Cryptolocker and CryptoWall are using pretty advanced methods to make sure the key is kept secret.January 12, 2015 at 10:08 am #84136
well, i would never pay.. i make back ups often enough I would just wipe the system and re-start.January 12, 2015 at 2:12 pm #84142Admin1Guest
This also happened to a police station in Swansea, Mass. in 2013 and they paid the $750 lol Google it if you want to read the story. I’m originally from Somerset Mass, Swansea is 5 minutes awayJanuary 12, 2015 at 4:23 pm #84143
lol.. they paid!?? oh god…January 13, 2015 at 3:20 pm #84162altshep123Participant
I was thinking $750 was pretty steep if you were targeting your average schmuck, but hitting a police station… I bet they paid within the first couple hours : ( heaven help the unlucky if this ever got widespread. No anti-virus is going to help grandma in this case…January 14, 2015 at 2:30 pm #84191Admin1Guest
I’m very surprised that they didn’t ask for more, seeing as they must have known it was a police station computer. I believe they were told not to pay, but they did it anyway. For all they know every single file might have been copied and saved to sell at a later date.January 15, 2015 at 11:41 am #84208
I dont think Crypto is a “targeted attack” – i think its a virus like any other
- You must be logged in to reply to this topic.