Sign in with
Sign up | Sign in
Your question

Improved CryptoLocker Clone "Cryptowall" Has Locked Over Half A Million PCs, 5 Billion Files

Tags:
  • Malware
  • Security
  • Dell
Last response: in News comments
Share
Anonymous
a b 8 Security
August 29, 2014 1:48:16 PM

The ransomware CryptoLocker was defeated, but its successor, CryptoWall, has already encrypted more PCs and files, and it should prove a lot harder to break.

Improved CryptoLocker Clone "Cryptowall" Has Locked Over Half A Million PCs, 5 Billion Files : Read more

More about : improved cryptolocker clone cryptowall locked half million pcs billion files

August 29, 2014 2:03:33 PM

These bad boys have hit my company a few times. Stupid users will click on anything.
m
10
l
August 29, 2014 2:47:00 PM

That's really the biggest problem.

We regularly go over safe browsing habits with customers but short of us "policing" their internet these problems will never go away.

So at the very least we strongly encourage users to either purchase a backup external drive or setting them up to save files to a central server. Worse case scenario we can just roll back the backup and all is well.
m
0
l
August 29, 2014 4:15:22 PM

If they really wanted to be paid you'd think pick an easier way--or less money. I know people who've had computers for years and every file they've ever acquired will fit on a single DVD. It might be worth $10-$15 to unlock their files, but for $500 they'll just buy a new computer.
m
7
l
August 29, 2014 8:40:57 PM

Having an admin account really has nothing to do with these things. Even if you have a standard user account that you use daily, the problem is that these things have methods to get around UAC and other protections in Windows Vista-8.
Now, as to the "Don't download programs from iffy websites!" that I agree with.
Quote:
If they really wanted to be paid you'd think pick an easier way--or less money. I know people who've had computers for years and every file they've ever acquired will fit on a single DVD. It might be worth $10-$15 to unlock their files, but for $500 they'll just buy a new computer.

Or they will just re-image their computer and have done with it. That is what I would do in this situation, re-image my computer and move the hell on.
m
0
l
August 30, 2014 7:19:03 AM

If I fitted my house with locks which failed so miserably at preventing
a break-in, beyond any insurance claim I'd certainly consider suing
the lock maker. What we need one of these days is a person/company to
sue MS (or class action) to force them to make operating systems
with far better security by default. The security mess known as Windows
has been plodding along for years & years, costing individuals & corps
enormous sums every year in wasted time, resources, etc., yet nothing
seems to change. Instead, blame & responsibility is placed upon the
user wrt to visited sites, handling emails, downloads, etc. - an approach
which means the security 'effort' is replicated billions of times over and
over again with no improvement in the base system. The focus is
entirely at the wrong end of the scale; a decently written OS shouldn't
be such a security nightmare in the first place, but because winblows
is standard, nobody seems to care, it's regarded as normal, an attitude
found nowhere else in modern consumer tech. If an ordinary consumer
tells a computer shop owner that their PC has a virus problem, they are
told that's a normal risk; same response for a bug-related BSOD or other
Windows issue. When are we going to say enough is enough and force
the responsibility back onto MS?

I quite like Win7 in general terms, but it's security aspects are absolute
junk compared to the 15-year-old UNIX box I also use.

I have no interest in Win8; I only use desktops & thus refuse to be treated
like a child by being forced to use a gesture-focused interface more suited
to a slate & chalk era.

Ian.

m
-9
l
August 30, 2014 10:55:15 AM

Quote:
If I fitted my house with locks which failed so miserably at preventing
a break-in,


It doesn't matter what MS does. If you fitted your house with locks and every time ANYONE knocked on the door you opened it up for them and invited them in for cookies, your locks are still worthless.

People unfortunately when it comes to computers, are stupid. They treat them like appliances which they are not. I have been running windows for many many years and I could count on one hand (2 fingers) how many times I have had a problem with malware or viruses. Of those two times I recognized immediately what I did wrong and knew how to fix it.
m
6
l
August 30, 2014 2:28:05 PM

Quote:
Quote:
If I fitted my house with locks which failed so miserably at preventing
a break-in,


It doesn't matter what MS does. If you fitted your house with locks and every time ANYONE knocked on the door you opened it up for them and invited them in for cookies, your locks are still worthless.


Funny way of putting it, however he is correct. Not only are 95%(made up number) of the viruses and spamware on peoples computer on there because of their own doing but no matter how well designed any program is if somebody wants to break into it they will.

Seriously though when even government computers get hacked into every now and then and their security and restrictions on what a user can do are a 1000x more extreme, don't expect a home computer to ever be 100% unless you leave it powered off.
m
2
l
August 30, 2014 6:35:59 PM

You can have the best lock money can buy but as long as you leave the door open (click on install) you can't expect great protection.
m
2
l
August 30, 2014 6:41:45 PM

Quote:
If I fitted my house with locks which failed so miserably at preventing
a break-in, beyond any insurance claim I'd certainly consider suing
the lock maker. What we need one of these days is a person/company to
sue MS (or class action) to force them to make operating systems
with far better security by default. The security mess known as Windows
has been plodding along for years & years, costing individuals & corps
enormous sums every year in wasted time, resources, etc., yet nothing
seems to change.


It's painful to see dozens of "blame the victim" posts, but that seems to be the trend on much of the Internet. It's equally troubling to see thoughtful posts like your own downvoted so hard.

MS could absolutely provide an OS with better security. Virtualization technology has been readily available for decades, so there's no reason that "unsafe" code should be allowed to takeover your system, just as there's no reason that DRM should be able to upload your financial documents or e-mail.

The idea of holding software developers accountable for their software would do much to ensure software correctness and ethics. Only licensed software architects should be able to distribute certified software, and everything else should be restricted to sandboxes (which, honestly, really shouldn't limit functionality in any way). There are a ton of other professions that require licensure, so I don't think it's really that big of a stretch to require it of software developers.

I'd also like to see some legislation that limits OEM hardware and software to functions that support their advertised use. So, no more cell phones that come prepackaged w/ spyware, no SmartTVs that record and upload your viewing habits, etc.
m
0
l
August 30, 2014 8:25:39 PM

Precisely why there need be monitoring for accountability. I believe in a neutral Internet where all traffic run uninhibited like the free air we speak in. But certainly when one overhears of a crime and they should do something about it. That is mature and responcible. To whine over anonymity is paranoia, selfishness, immature and conceited. A free uninhibited net with accountability is responcible and prudent and a mature internet. Many will whine as they do best. But the whining spoiled coward is always the liability to all and themselves. To act without integrity and cowardice is what too many twenty somethings do. Like the brat wanting his way. Privacy for what. If the NSA wants to plant a camera iin my toilet I am not ashamed. Anti-social zealots whom hide behind screens too much neednt decide anyones future. They cant cope with their own.
m
-4
l
August 31, 2014 4:17:37 AM

Achoo22 said:
It's painful to see dozens of "blame the victim" posts, but that seems to be the trend on much of the Internet. It's equally troubling to see thoughtful posts like your own downvoted so hard. ...


Indeed, that's why all I can do is upvote your's. :}

Those who down-voted me should explain why they are effectively supporting the opposite notion,
ie. that sw developers should be allowed to publish whatever junk they like with no liability at all.
Windows security flaws cause billions in damage every year worldwide, but nothing changes; the
down-voters are saying they think this is a good thing. Sheesh...

Ian.

m
-2
l
August 31, 2014 6:05:50 AM

Because:
1: you downloaded the software somewhere on the internet. On microsoft store application have a chance of being monitored, you can't analyze every .exe on the internet nor ban them in any way.
2: For your pc a malware installer has the same rights as every other installer. Besides being able to recognize a malware having Microsoft telling you what you can and what you can't install would cause them way more issues and limit your freedom to do what you want.
3: All this because you can't check what you are accepting to install? I think you deserve to be infected then since is not the tool being faulty, is how you use it. It's like trying to sue Ferrari because you had an accident driving at 320kmh :-D
m
0
l
August 31, 2014 6:55:36 AM

Sheesh, talk about someone with no clue how OSs work...

The point is, a decently written OS would never allow an executable to harm system files
in the first place! That's why UNIX has always been so much better in this regard. Windows
is so messed up that half the time one has to use an admin-rights account to do various things
whether one likes it or not. I had to deal with this daily as a sysadmin at a research dept.

Ian.

m
-2
l
August 31, 2014 8:08:10 AM

Sheesh what? Go use UNIX.
m
2
l
August 31, 2014 8:22:01 AM

Anyway we are not talking about system files harmed, we are talking about user files being encrypted. As long as you have rights to access the files and you install a software giving it admin-rights what kind of locks are you putting between the (suspicious) software and your files? None. Even in UNIX, if a program asks to access files outside their sandbox and you give your approval there's no need for privilege excalation or any other exploit. YOU are giving those permissions.
Who can you blame then?
The fact that Windows is messed up is irrelevant here.
m
2
l
August 31, 2014 2:35:14 PM

these people are like terrorists to me
m
1
l
August 31, 2014 4:44:44 PM

My mother got hit by this POS
Make sure you back up everything important. If you use a backup hard drive
or flash drive make sure you unplug it or the virus can still get it
m
2
l
August 31, 2014 5:40:20 PM

Blazer1985 said:
Sheesh what? Go use UNIX.


Duh.:D 

I have lots of systems, many are UNIX, others are Win7 setups. I've been using UNIX
since the late 1980s.

ian.

m
-1
l
August 31, 2014 6:55:02 PM

mapesdhs said:
Achoo22 said:
It's painful to see dozens of "blame the victim" posts, but that seems to be the trend on much of the Internet. It's equally troubling to see thoughtful posts like your own downvoted so hard. ...


Indeed, that's why all I can do is upvote your's. :}

Those who down-voted me should explain why they are effectively supporting the opposite notion,
ie. that sw developers should be allowed to publish whatever junk they like with no liability at all.
Windows security flaws cause billions in damage every year worldwide, but nothing changes; the
down-voters are saying they think this is a good thing. Sheesh...

Ian.


so lets say i get stabbed walking down the street, do i go blame the police for not doing a good enough job? or do i blame my government because their citizens are unlawful? Is it my fault for walking down the street knowing that these things happen from time to time? or do i blame the guy that stabbe me?

I would blame the guy that stabbed me, seems you would blame the police and the government.........
m
1
l
August 31, 2014 6:57:48 PM

smeezekitty said:
My mother got hit by this POS
Make sure you back up everything important. If you use a backup hard drive
or flash drive make sure you unplug it or the virus can still get it

Thats a problem if you backup the malware....

A good idea to use single write media like dvd's for important stuff from time to time. Incremental backups to a hdd can/will probably get infected by something at some stage.
m
1
l
August 31, 2014 6:59:17 PM

iam2thecrowe said:
smeezekitty said:
My mother got hit by this POS
Make sure you back up everything important. If you use a backup hard drive
or flash drive make sure you unplug it or the virus can still get it

Thats a problem if you backup the malware....

A good idea to use single write media like dvd's for important stuff from time to time. Incremental backups to a hdd can/will probably get infected by something at some stage.


That is true. One advantage of things like DVD backups.
But for me it is not nearly enough space (I probably have 10x that much to backup)
m
0
l
September 1, 2014 1:06:52 AM

Keep your critical files on a Mac. Use your PC for stuff you can easily wipe erase and start over.
m
-3
l
September 1, 2014 1:21:26 AM

iam2thecrowe said:
so lets say i get stabbed walking down the street, ...


Try discussing the subject without using pointless and irrelevant analogies. All you've done is
pick something which deliberately negates the direction of blame & responsibility. My original
statement still stands on its own. An operating system isn't a person walking down a street. :D 
Total mismatching of concepts, like the Suez Crisis popping out for a bun...


jameskatt write:
> Keep your critical files on a Mac. Use your PC for stuff you can easily wipe erase and start over.

Almost; I use an old SGI.

Ian.


m
-4
l
September 1, 2014 1:47:14 AM

iam2thecrowe said:
A good idea to use single write media like dvd's for important stuff from time to time. Incremental backups to a hdd can/will probably get infected by something at some stage.


I used to use a DDS4 DAT, but the capacity became an issue. I do have a DAT72 but it's not enough either.
For the moment I'm just cloning onto separate devices; not ideal really. Indeed it would be good to have
access to an affordable write-once backup solution. I suppose one could use bluray discs, though aren't
they kinda slow by comparison to tape drives? (not sure)


smeezekitty said:
But for me it is not nearly enough space (I probably have 10x that much to backup)


It's a shame modern tape tech like LTO6 is so expensive, though I suppose as an intermediate
step one could try and bag a used LTO3/4/5 instead. I did obtain a SCSI LTO1 but sadly couldn't
get it to work.

Ian.

m
-2
l
September 1, 2014 2:45:20 AM

mapesdhs said:
iam2thecrowe said:
so lets say i get stabbed walking down the street, ...


Try discussing the subject without using pointless and irrelevant analogies. All you've done is
pick something which deliberately negates the direction of blame & responsibility. My original
statement still stands on its own. An operating system isn't a person walking down a street. :D 
Total mismatching of concepts, like the Suez Crisis popping out for a bun...


jameskatt write:
> Keep your critical files on a Mac. Use your PC for stuff you can easily wipe erase and start over.

Almost; I use an old SGI.

Ian.




its a completely relevant analogy, your blaming someone for something thats out of their control.

Ill give you another analogy, someone brakes into your house and steals a briefcase full of files, and demands a ransom for them. I would blame the person who stole my files, not the locksmith, not the police or anyone else. There is always a way in no matter how secure. Microsoft doesnt claim 100% security, so they arent liable.
m
3
l
September 1, 2014 2:56:50 AM


Blah blah, more analogies. Can't you discuss the topic directly?

Fact is, MS has a responsibility to ship a secure product, whereas in reality it's barely even tried
for more than 20 years.

Ian.

m
-4
l
September 1, 2014 5:35:15 PM

Find the people who use the program and break their fingers with a mallet.
m
2
l
September 1, 2014 11:33:36 PM

And this is where I embarrass all the "MS sucks!!!0101" people.

MS actually provides more protections then UNIX / Linux when it comes to elevated privileges. It does this by preventing the user from ever assuming full system level privileges, "Admin" rights are really just power user type privileges, you can still get access denied errors even when your running as local administrator. POSIX environments on the other hand, once your root you've essentially become god on that system. They will happily let you do really really dumb stuff like "rm -rf /usr" and proceed to blow your system all to hell. Or to copy new binaries on top of other system binaries nonchalantly. No amount of security measures will stop someone with root access.

So what we're really discussing here is unintentional elevation of rights. Which is when a piece of software elevates into admin rights without the user authorizing it. And again NT has the same level of protection that Solaris and Red Hat do, that a user can never assume privileges higher then what the system administrator has granted them. The reason you see so many problems with MS, isn't that it has worse security but that the ones who use alternatives also are the ones who are cognizant of their system enough to secure it properly. Joe Bob and Marry Jane would screw up a Linux build just as fast as they would a MS Windows build and in exactly the same way. Both would get tired of constantly having to elevate their privileges via logout or UN/PW and eventually just do their day to day operations as root, which would actually render their system more vulnerable then logging into that MS Windows system as an account with administrative rights. The issue is with conducting daily activities like browsing and media consumption with permissions higher then required, which effects all Operating Systems equally.

And before any of you start hammering on your keyboards, this is coming from me as a certified Solaris Administrator, someone who eats and breaths Unix every day of my life in an enterprise environment. RBAC is simply too complex and time consuming to reasonably expect home users to employ.
m
3
l
September 2, 2014 1:13:44 PM

Now my opinions are the same as palladin9479. Probably the most accurate post here so far.

What I want to add though is that with whatever OS you use, if you open the door to malware, than it is your fault. From experience in the IT field I can say that most malware that comes in a computer uses the users to get installed. It's mainly when people install their programs and agree to install the malware unknowingly by clicking next-next-next without looking at what's written. That's how it beats all the protection Windows gives you.

It's pretty much the same thing on Linux and on Mac OS* except there's not enough people that use Linux to give an incentive to make malware for it, so there is very few malwares, and same thing with Mac OS* except Apple denies there being malware for them. When someone wants to get in an OS, they will, no matter the amount of security.
m
0
l
September 2, 2014 8:16:18 PM

mapesdhs said:

Blah blah, more analogies. Can't you discuss the topic directly?

Fact is, MS has a responsibility to ship a secure product, whereas in reality it's barely even tried
for more than 20 years.

Ian.



iogbrideau said:
Now my opinions are the same as palladin9479. Probably the most accurate post here so far.

What I want to add though is that with whatever OS you use, if you open the door to malware, than it is your fault. From experience in the IT field I can say that most malware that comes in a computer uses the users to get installed. It's mainly when people install their programs and agree to install the malware unknowingly by clicking next-next-next without looking at what's written. That's how it beats all the protection Windows gives you.

It's pretty much the same thing on Linux and on Mac OS* except there's not enough people that use Linux to give an incentive to make malware for it, so there is very few malwares, and same thing with Mac OS* except Apple denies there being malware for them. When someone wants to get in an OS, they will, no matter the amount of security.


i am guilty of this, a recent one when installing minecraft mods through an auto installer, all of a sudden random addons and things installed. Then when you go to uninstall them, it asks you a question, it will remove this program and install another program in an endless loop. A combination of malwarebytes, spybot s&d and killing some services and reg entries manually fixed it. I dont think having standard uiser rights or admin would make a difference if i clicked next? would it?
m
0
l
September 2, 2014 10:17:39 PM

Quote:
i am guilty of this, a recent one when installing minecraft mods through an auto installer, all of a sudden random addons and things installed. Then when you go to uninstall them, it asks you a question, it will remove this program and install another program in an endless loop. A combination of malwarebytes, spybot s&d and killing some services and reg entries manually fixed it. I dont think having standard uiser rights or admin would make a difference if i clicked next? would it?


If your able to install software then you have admin rights and no amount of security will fix that. The "proper" way to do this is to have two accounts, one that you log into the system as and only has local user privileges and another that was local administrative privileges. If you have a "run as admin" option when you right click then your current account as admin rights. As a user you can't install anything and instead you need to open a command prompt via runas.

http://www.windows-commandline.com/windows-runas-comman...

Quote:
runas /user:D omainname\username program


Open command prompt as Admin

Quote:
runas /user:administrator cmd


And how to open an explorer window for graphical interface as Admin

Quote:
runas /user:administrator explorer.exe


Both will ask you to provide the password for the specified user and if correct it will then launch a new process shell with those elevated rights. This is very similar to how su works in POSIX environments. Once as elevated you can then install your software.

This is a form of RBAC with two defined roles, "user" and "admin" and is the most simple implementation. More complex methods would have different accounts with different privileges that are used to do different things. And even this super simple method is too much hassle for the vast majority of home users.
m
1
l
September 2, 2014 11:10:39 PM

palladin9479 said:
Quote:
i am guilty of this, a recent one when installing minecraft mods through an auto installer, all of a sudden random addons and things installed. Then when you go to uninstall them, it asks you a question, it will remove this program and install another program in an endless loop. A combination of malwarebytes, spybot s&d and killing some services and reg entries manually fixed it. I dont think having standard uiser rights or admin would make a difference if i clicked next? would it?


If your able to install software then you have admin rights and no amount of security will fix that. The "proper" way to do this is to have two accounts, one that you log into the system as and only has local user privileges and another that was local administrative privileges. If you have a "run as admin" option when you right click then your current account as admin rights. As a user you can't install anything and instead you need to open a command prompt via runas.

http://www.windows-commandline.com/windows-runas-comman...

Quote:
runas /user:D omainname\username program


Open command prompt as Admin

Quote:
runas /user:administrator cmd


And how to open an explorer window for graphical interface as Admin

Quote:
runas /user:administrator explorer.exe


Both will ask you to provide the password for the specified user and if correct it will then launch a new process shell with those elevated rights. This is very similar to how su works in POSIX environments. Once as elevated you can then install your software.

This is a form of RBAC with two defined roles, "user" and "admin" and is the most simple implementation. More complex methods would have different accounts with different privileges that are used to do different things. And even this super simple method is too much hassle for the vast majority of home users.


I tried a normal user account once, but sapphire trixx needs admin rights to OC my gpu. I suppose i could do the old fasion way and bios flash.
m
0
l
September 2, 2014 11:41:13 PM

Quote:
I tried a normal user account once, but sapphire trixx needs admin rights to OC my gpu. I suppose i could do the old fasion way and bios flash.


A program communicating directly with a hardware device would need admin access because that is a big attack vector. The proper way to go about it is to make a short cut using the above runas method that references it's executable instead of relying on a link in the startup folder. If you want to run it every time you log in and never ask for credentials, then you can use Task Scheduler. Log in as the administrative user, then create a task that runs the program, you can then specify which credentials are used to launch the program. The program will launch every time you log in, even the as a non-elevated account, and it'll launch with those admin credentials you specified upon creating the task.

http://windows.microsoft.com/en-au/windows/schedule-tas...

Bonus points goes if you create a separate identity/role (really just another word for account) and only give it the explicit permissions that program needs rather then global admin rights. That's a bit much but it is the proper implementation of RBAC.
m
1
l
September 3, 2014 7:00:42 AM

Quote:
mapesdhs said:
Achoo22 said:
It's painful to see dozens of "blame the victim" posts, but that seems to be the trend on much of the Internet. It's equally troubling to see thoughtful posts like your own downvoted so hard. ...


you did it wrong. you're supposed to say should you blame the knife maker for not having anti human stabbing protection or blame the clothing maker for not being stabbing proof.
cheers

Indeed, that's why all I can do is upvote your's. :}

Those who down-voted me should explain why they are effectively supporting the opposite notion,
ie. that sw developers should be allowed to publish whatever junk they like with no liability at all.
Windows security flaws cause billions in damage every year worldwide, but nothing changes; the
down-voters are saying they think this is a good thing. Sheesh...

Ian.


so lets say i get stabbed walking down the street, do i go blame the police for not doing a good enough job? or do i blame my government because their citizens are unlawful? Is it my fault for walking down the street knowing that these things happen from time to time? or do i blame the guy that stabbe me?

I would blame the guy that stabbed me, seems you would blame the police and the government.........

m
0
l
!