Ransomware gets onto your computer, deletes all backups, old versions and shadow copies, and then encrypts all your pictures, documents, email files, PDFs and a variety of other stuff. It can also encrypt cloud storage.
It then gives to a period of time to pay them money or they will just forget about you.
Locker is the latest variant to appear.
In this case nobody is quite sure where it came from although it seems to be related to some copies of Minecraft torrents.
It got onto the computers when the owners installed other stuff, up to 6 months ago. It installed, inserted and concealed itself and opened itself some backdoors so it could communicate via the TOR network.
For some period of time the computer has been acting as part of a Botnet carrying out whatever activities the controllers wanted it to - all the owners may have noticed is their computer running slowly.
Then around the 19th May it started downloading the latest locker virus all set to go off after 00:00 25th May local time.
At this point it encrypted and gave people three days to pay.
Removing the malware is trivial and easy. Decrypting the files is not possible unless you pay.
So three alternatives;
1) You have backups of everything offline. [online backups were also encrypted and restore points deleted]. So format and rebuild your computer and restore all your files.
2) Pay the ransom. In this case about £15. Last time is was £150.
or
3) Accept the loss of everything.
I have just been sorting this out for a friend down here who lost *ALL* of the pictures of his children for the last 7 years since they were born including as babies with his [now dead] Mother..
Like or dislike blackmail, he needed his pictures back and so I paid in Bitcoin to an address, and it did subsequently decrypt all his files. And that's nto as simple as it sounds, and also fraught with dangers.
Take this as a warning. If you do not have an offline backup of something, then you are vulnerable. It could be a Locker virus, fire or burglary.
Because even if you download nothing, have up-to-date malware, virus and firewall protection there is always going to be a new threat, and a fire will get you whatever.
If there is anything on your computer you would be sad without, and you do not have a copy, then you are being very foolish.
Go buy an external USB disk. Copy onto it all your important stuff, and then go and leave it at your Mother's house. And do it regularly.
Really, do it. I have spent 4 days dealing with a friend in bits over this. Its not worth it.
www.bleepingcomputer.com/forums/t/577313/locker-ransomware-hides-until-midnight-on-may-25th-and-then-encrypts-your-data/
|
A good warning. It's scary what these people will do.
Recently I've implemented a more formal backup process. The volatile stuff (Documents, pictures etc) are sync'd regularly (mostly weekly) from all computers (and phones etc) to my 6Tb NAS. This is running about 70% full.
Every month I take a Macrium image of the C drives which is also stored on the NAS. I don't keep the full history - just the initial image from when the computer was first built plus the latest and two back. Additional images are taken if I am about to install something which might be suspect. but don't always make it to the NAS. (if I catch something I prefer to go back to the last known good rather than repair.)
I have 2 x 5Tb USB drives, imaginatively labelled 1 and 2. These are used to sync the entire NAS to, on odd months to disk 1, on even months to disk 2. These backups remain in my house. I also have at least one backup copy of my machine and data available online (on my machine). This means there is a minimum of 4 copies of all of my data, of different ages.
I have a 4Tb drive which has a further copy of my most critical "irreplaceable" files (photos, music etc). This gets backed up occasionally, usually around monthly, and is stored offsite.
It has cost a bit to set this up and it's probably not foolproof but I do feel my data is pretty safe!!
|
|
I'd add cloud storage with version control to your approach.
|
I did use cloud storage for a bit but had some concerns over it, not least that the particular company I'd gone with gave me some software which seemed to make its own mind up about what it would and wouldn't back up. And to back up getting on for 5 TB of data, even over my fast line, takes forever.
I do use the cloud for some stuff but that's not so much for security as accessibility (e.g. photos) - so there is an additional set of some of the volatile stuff up there.
My kids put all their pics on Facebook and say that no backup is required as a result. I'm not an active Facebook user but if they are right then that's an easy way to keep pics safe.
|
>> but if they are right then that's an easy way to keep pics safe.
Safe, for sure. But i think with much lower resolution and picture size.
>>which seemed to make its own mind up about what it would and wouldn't back up
You don't want a place to backup to so much as a place to synchronize with. If it is sync'ing everything that changed during the day, at night
I just looked at my store and picked the first file;
That file has been amended 3 times in the 5 months its been in my store, and all three of those versions remain available to me should I wish to roll it back.
I have 1TB space, which I appreciate is somewhat smaller than yours, covering all my data (excl. music & video). It is all the data from this computer - and thus pretty much used.
I occasionally notice the little sync wheels spinning around, but I have never noticed a performance impact.
Quite difference to a monthly mind-boggling complete backup.
1TB is about £6pcm
|
>>>> but if they are right then that's an easy way to keep pics safe.
>>Safe, for sure. But i think with much lower resolution and picture size.
So what? Nobody ever prints pictures these days, and nobody ever views them on anything larger than a computer screen.
Easiest not to bother having anything that needs backing up.
I wonder when your friend last looked at the huge volume of photographs he was so upset to lose... If you're taking 100 photos per week - easily done - then you're talking about 50,000 photos over a decade.
|
>>I wonder when your friend last looked at the huge volume of photographs he was so upset to lose
I could not tell you the last time I looked at pictures of my dead grandparents, but I'd be really upset if I lost them. Sometimes just having stuff is enough.
Anyway, the point is that *he* was bothered. If you wouldn't be bothered, then you don't need to worry about it.
>>>>Safe, for sure. But i think with much lower resolution and picture size.
>>So what?
So it may matter to some people - me, for example. if it doesn't matter to you, then why worry about it?
>>Easiest not to bother having anything that needs backing up.
Easiest to not have anything that needs insuring, easiest not to own anything you care about losing, etc. etc.
|
|
I was making no point about your friend, merely cogitating!
|
I wasn't taking umbrage.
My point was supposed to be;
"It may not matter to you, but if it does to someone (and there is no reason it either should or should not) and they're not taking precautions, then they are being foolish".
|
What OS was your mate running ?
Vista firewall is a one way effort, 7 was two way, assume (maybe wrongly) 8 is two way also.
What websites are we talking about ? Do you know ?
|
Windows 7.
The Locker software also created two exception rules for itself in the Firewall.
|
>>What websites are we talking about ? Do you know ?
No.
There was an original Trojan backdoor installed by downloaded copies of Minecraft. But not all copies, it seems to be a particular version from TeamExtreme. But again, not all of them, just some particular copies.
However, it seems that is not the only place that it has come from, but there is no clarity yet.
This Trojan.backdoor may have been used for Bitcoin mining and/or other Botnet type activities over the following months. You would only have noticed that your system was running slower.
This probably happened some months ago - 6?
Then on or around 19thMay that Botnet downloaded the Locker Ransomware.
At 00:01 on 25th May, that Locker activated and encrypted.
But seemingly not all of them. Some people have Minecraft and didn't get it, some people do not have Minecraft but did get it. Some people seem to have the Botnet but didn't get the Locker.
If you're worried then scan your system. Use a Panda Could Scan, a free virus checker but different to what you're currently using. MalwareBytes perhaps, and check your Firewall rules.
I would definitely do all of that if you have downloaded an "iffy" copy of Minecraft.
Fortunately I actually bought one for my daughter, I almost downloaded a copy to try it out for her, but then didn't as it was so cheap. Thank Goodness.
|
This post about downloads prompted me to take a closer look at my own firewall and what was on my machine.
I found Kodak and Apple had kindly opened my Firewall, one for updates of a printer I no longer use and Apple because I once plugged my company iPhone in to charge while I was using my PC.
I need to pay closer attention.
|
>> This post about downloads prompted me to take a closer look at my own firewall
>> and what was on my machine.
>> I found Kodak and Apple had kindly opened my Firewall, one for updates of a
>> printer I no longer use and Apple because I once plugged my company iPhone in
>> to charge while I was using my PC.
>> I need to pay closer attention.
Presumably your firewall had asked if you wished these items to access the internet?
I know that Comodo has asked if I wish Garmin updater to connect, for instance.
|
>>Presumably your firewall had asked if you wished these items to access the internet?
A dangerous presumption.
For sure it should. But it may not.
|
For what it's worth, I have a thing called CryptoPrevent installed, supposedly designed to combat "ransomware". It's free, doesn't seem to cause any problems. Whether it works or not I have no idea.
I back up every day to an external hard drive. Possibly I should do more than that, though all photos are also copied to a laptop from time to time.
Sounds as if NoFM2R's ideas are pretty good.
|
>> I back up every day to an external hard drive. Possibly I should do more
>> than that
No you don't need to do more than that, even daily back ups is overkill on a domestic system.
|
Unless your computer is changing significantly all the time, daily full backups are, as Zero said, probably overkill.
You need to work out what you are protecting against what.
Imagine these scenarios;
You get a lump of encryption software like above and lose data on your computer.
[back to the last copy of your photographs either offline or in the cloud]
Your hard disk crashes and loses everything.
[back to the last copy on a different disk]
Your house burns down or the hardware is stolen;
[back to the last time you stored everything at your friend's house]
If you have all the installation disks for all your programs, including windows, then whilst its a ton of work to reinstall everything, it is only your data which really matters.
Last edited by: No FM2R on Sat 30 May 15 at 13:49
|
Locker Ransomware - a cautionery tale. - smokie
