Cryptolocker

[Dave Davison]

Hi, just received this information about a devastating bog and the suggestion to download a utility from http://tiny.cc/st755w which will offer some degree of protection. Would appreciate some advice as to whether it is prudent to take up the offer? Thanks Dave.

[HansV]

The CryptoLocker malware threat is real, but I recommend against downloading the utility, for the following reasons:
- The Windows Secrets website lists Tracey Capen as Editor-in-Chief, not Stefan Johnson. I cannot find any mention of Stefan Johnson on the Windows Secrets website.
- I would never follow a suspicious-looking link in an e-mail.

To protect yourself against BitLocker:
- Do not click on links in e-mails unless you're absolutely sure that they are safe.
- Do not visit 'shady' websites.
- If a website tells you that you need a new driver or codec to view a video, decline.

[John Gray]

I've passed this on to Windows Secrets to see if there's a reaction.

[Leif]

Hi, just received this information ...

Just as a matter of interest, who did the email come from (or claim to come from)?

[HansV]

I've passed this on to Windows Secrets to see if there's a reaction.

Thanks, John.

[Dave Davison]

Thanks guys, I suppose the sender is the fellow whose photo is shown in the article. Cheers Dave.

[HansV]

The real Windows Secrets group (the one that sends out the Windows Secrets newsletter and maintains the Windows Secrets Lounge, formerly Woody's Lounge) is based in Seattle in the USA. They don't use an @agora-mail.co.uk address, so this e-mail must be a scam. Do NOT click any link in the message!

[William]

Just curious here ... the dodgy email refers to CryptoLocker, whereas Hans refers to BitLocker. Are these two the same thing? I thought BitLocker was a legitimate Microsoft product.

If you go to the CheckShortURL site (say), you can see what http://tiny.cc/st755w" onclick="window.open(this.href);return false; supposedly represents. Interesting website name, though I wasn't curious enough to go there.

[HansV]

Sorry, that was a typo. BitLocker is indeed a legitimate Windows component. I have corrected my reply to say CryptoLocker instead of BitLocker. Thanks for pointing out my mistake!

[HansV]

According to CheckShortURL, the link resolves to http://www.foolishit.com/vb6-projects/cryptoprevent/ which appears to be safe (if silly). But I still wouldn't trust it, in view of the sneaky e-mail.

[Dave Davison]

Sincere thanks for the advice, I am glad I reacted cautiously to the gut feeling I got when I read the newsletter. I have put a block on the sender so all future posts go straight to the "Deleted" folder. Maybe this thread will be of some benefit to other readers of the lounge, especially those in the UK. Three cheers for the lounge and it's expert contributors. Many thanks Dave.

[Claude]

This is the email I've sent to all my customers earlier:

Make sure you BACK UP YOUR DATA ON A REGULAR BASIS AND DON'T CLICK ON LINKS in emails from unknown senders !

Worth a read – a couple of solutions suggested – more action in advance than solutions.

Computer criminals have a new weapon in their arsenal. No longer do they need to send out phishing emails in the hope that you'll fall for the scam and hand over your bank details. The new technique is a lot less subtle, but much more lucrative.

CryptoLocker is a new breed of malware, which is being distributed across the world by spammers sending out email messages. If you inadvertently click on the link within the email, and download the malware, it encrypts all of the files on your PC. The only place where the decryption key is stored is on the spammers' own servers, and it's only held there for 72 hours. To get it, you need to send a few hundred dollars. If you don't do so within the time limit, your files are gone forever. Nasty, eh. Well here's some things you can do to prevent getting caught out.

http://grahamcluley.com/2013/11/cryptolocker-protect/

http://www.techsupportalert.com/content ... our-pc.htm

[John Gray]

Good stuff, Claude.
I wonder how good is the MalwareBytes Anti-Exploit BETA?

[viking33]

Anyone know what the latest info on this Cryptolocker thing is?
Shortly after the news went out about this nasty, it seems that one of our local Police Departments in the Boston suburbs, got hit by it and they ended up shelling out $750.00 to get their data back in the clear!
( this was the website that warned people about clicking on unknown links! )

[jonwallace]

I don't know what the status is, but I get 2-3 virus alerts a day from my email provider (1and1). They strip out the virus and leave enough info in the email to make me suspect it is cryptolocker. The emails (if I actually got them) would purport to be from DHL or the Royal Mail and ask me to open the PDF in the attached zip file.

So still going strong, I think.

[BenCasey]

john:
I get these also,but have auto-marked as spam.
I also get ones from Amazon.co.uk on a regular basis.