PDA

View Full Version : cryptolocker



imc
24-Oct-2013, 13:56
I wasn't sure where to post this, so I'm doing it here. I stumbled
across this reading a tech blog this morning: 'CryptoLocker Ransomware
Information Guide and FAQ'
(http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

Apparently it's a super nasty, data destroying piece of malware. It
mentions targeting mapped drives. Has anyone encountered it? I'm
assuming an infected Windows computer will be able to encrypt files on
the mapped drives, even if it's mapped to an NSS drive. Ugh


--
imc
------------------------------------------------------------------------
imc's Profile: https://forums.novell.com/member.php?userid=346
View this thread: https://forums.novell.com/showthread.php?t=472010

Dave Howe
25-Oct-2013, 16:27
On 24/10/2013 13:56, imc wrote:
>
> I wasn't sure where to post this, so I'm doing it here. I stumbled
> across this reading a tech blog this morning: 'CryptoLocker Ransomware
> Information Guide and FAQ'
> (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
>
> Apparently it's a super nasty, data destroying piece of malware. It
> mentions targeting mapped drives. Has anyone encountered it? I'm
> assuming an infected Windows computer will be able to encrypt files on
> the mapped drives, even if it's mapped to an NSS drive. Ugh

Pretty nasty, yes. It is a development of the FBI "ransomware" virus,
but stores its decryption key on the criminal's webserver - failure to
pay up means your files *stay* encrypted, as does removing the virus
(and its reference to the correct key)

Not sure it would be able to see a Novell Client mapped drive - most
things running as system can't (truecrypt, for example) so non-cifs
drives are probably safe.

JOWood
11-Jan-2014, 13:56
Just FYI we have seen a CryptoLocker variant in 2014 that will encrypt
files on a NetWare NSS volume via a drive mapping from one infected
Windows desktop. Just FYI Cryptolocker is known to infect external
drives and thumbdrives as well, it will encrypt any data files that it
can see on any drive.


--
JOWood
------------------------------------------------------------------------
JOWood's Profile: https://forums.novell.com/member.php?userid=81623
View this thread: https://forums.novell.com/showthread.php?t=472010

Jim Henderson
12-Jan-2014, 21:27
On Sat, 11 Jan 2014 12:56:04 +0000, JOWood wrote:

> Just FYI we have seen a CryptoLocker variant in 2014 that will encrypt
> files on a NetWare NSS volume via a drive mapping from one infected
> Windows desktop.

It would, though - because as far as the OS is concerned, it's just a
file on the drive. Something like CryptoLocker isn't going to be trying
to do something crazy like write to the boot sector of a redirected
device.

Jim

--
Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner

ddhottinger
01-Oct-2014, 15:06
I just had this happen at one of our schools. We have a global
directory on the server that everyone has read/write access to and a
teacher has managed to infect it resulting in none of the files being
available. We dont run any kind of virus software on our novell boxes.


--
ddhottinger
------------------------------------------------------------------------
ddhottinger's Profile: https://forums.novell.com/member.php?userid=7800
View this thread: https://forums.novell.com/showthread.php?t=472010

malcolmlewis
01-Oct-2014, 15:33
On Wed 01 Oct 2014 02:06:01 PM CDT, ddhottinger wrote:


I just had this happen at one of our schools. We have a global
directory on the server that everyone has read/write access to and a
teacher has managed to infect it resulting in none of the files being
available. We dont run any kind of virus software on our novell boxes.




Hi
Have you seen this?
http://www.geekwire.com/2014/new-site-whitehat-hackers-offers-free-fix-cryptolocker-malware-woes/

--
Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below... Thanks!