Beware of cryptolocker emails!

Kevin

Administrator
Joined
Jul 28, 2008
Messages
7,049
Location
Sydney, Oz
Car Year
MY'03
Car Model
Forester
Transmission
A/T
Beware of cryptolocker emails!
https://www.smh.com.au/it-pro/securit...30-11egcy.html

Cryptolocker Email Campaign

12th
Nov
2014
Symantec has observed a new variant of the “Cryptolocker” email campaign appearing to
originate from the “NSW Office of State Revenue”. This new campaign was seen on 12th
November at approximately midnight and is similar to a campaign initially observed on 30th
October.
The subject line of the email this time reads “Traffic Offence ID: <series of random numbers> -
carries 3 demerit points”.
The email is well crafted - delete it immediately!
 
Cryptolocker is nasty stuff made me change my backup procedure. I now have an almost current backup off the LAN at all times. I rotate them between two Synology NAS boxes.
 
We've just received an alert for an email that claims to be "Annual Form - Authorization to Use Privately Owned Vehicle on State Business". Keep an eye out for this nasty!
 
Crypto ransomware attacks

There is a utility program that alters the Windows Local Security Policy settings that effectively blocks any/all executable files from running from all the usual locations (email folders, etc).

For a review on this program, see BleepingComputer.com here:

https://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

The utility program is available from Foolish IT here:

https://www.foolish it.com/download/cryptoprevent-installer/ (copy and paste the URL, then remove the space between "foolish" and "it", the language filter here destroys the URL otherwise ... ).

One of my (ex-)clients got this nasty pox on one of their computers last Friday. That computer has had all document data completely destroyed on it (.txt, .doc, .xls, .pdf, .jpg, .zip, etc), by being encrypted using 2048 bit encryption.
Fortunately, their main Outlook .PST file appears to be undamaged.

One of the staff opened a .ZIP file attached to an email ... :( :cry:

Of course, ethics forbids the paying of any kind of ransom ...

The only thing that saved the rest of the computers was the (deliberate, on my part) lack of explicit drive mappings!

Always use UNC path names for mapping devices, folks (e.g. \\computername\drive_letter\path_name).
NOT explicit drive mappings (e.g. "Z:").

DO NOT leave backup HDDs plugged in and turned on!!
 
Last edited:
...
DO NOT leave backup HDDs plugged in and turned on!!

Good advice. I have a Synology box that only powers up for a couple of hours every M-W-F evening and does a back up. I'm thinking about adding a DS115 that is dormant except for a quick Sunday evening backup.
 
Perhaps also worth setting an automatic AV update and full scan to occur just prior to the auto backup ... :poke: :iconwink:.
 
I believe these are surfacing again disguised as emails from Australia Post
 
Back
Top