Jump to content

» «


2 replies to this topic
  • uNi


  • Administrator
  • Joined: 14 May 2004
  • United-Kingdom
  • Best Official Gang 2014 [Feroci]


Posted 14 November 2013 - 10:24 AM

Info on this ransomware here.


Has anyone encountered it yet? Read several reports of people actually paying to decrypt their files, nasty.

  • Shoumaker


  • The Yardies
  • Joined: 09 Jul 2012
  • Cameroon
  • Best Signature 2013
    Best Signature 2012


Posted 14 November 2013 - 03:14 PM Edited by Shoumic, 14 November 2013 - 03:17 PM.

When I first read your post I thought people were falling for those ads that promise you to 'disinfect' your PC giving them viruses but this is something completely different.. I haven't encountered this but I'm glad I got a heads up. I'm very cautious about the E-mails I receive either way. Downloading attachments from strangers is a big no no, even if they seem reliable. 


Not really surprised people are willing to pay the $300 because there are a few who find their data to be a lot more worth than the set price, but most would just give their data anyway (Including me) because they would have access to our credit card information. I guess they considered this hence, adding the bitcoin option. It's worse since the victims are being put under a certain time limit. 


Bottom line, people should be aware of the attachments they download in the first place or their files wouldn't be encrypted. I guess they'll be more careful next time. Hope there's a fix for those affected and not willing to pay as they didn't know any better at the time. 

  • sivispacem

    Ännu en dag, ännu ett slag, i betongens krävande skugga

  • Moderator
  • Joined: 14 Feb 2011
  • European-Union
  • Best Poster in Debates 2017
    Contribution Award [D&D, General Chat]
    Most Knowledgeable [Vehicles] 2013
    Best Debater 2017, 2016, 2015, 2014, 2013, 2012, 2011


Posted 16 November 2013 - 05:58 PM Edited by sivispacem, 16 November 2013 - 06:01 PM.

The method of transmission has been quite fluid over the last couple of months. It went from email spam to being delivered by some of the botnets, particularly ZeuS, so became a lot quieter. Now it basically isn't reliant on you opening dodgy emails- it's enough to simply go on a compromised site (and trust me, there are many, including lots of high-profile IT blogs, gaming blogs, and even things like the Excel Forums) with an outdated version of Java or Flash to get exploited. 


Alternatively you could just alter the Windows group policies so that you can't run executables from temporary folders like appdata, or the temporary internet files. That basically blocks the execution of pretty much all standalone malware which requires a presence on the hard drive to operate.




It's been hitting home users hard but the main targets are small businesses, hence the format on the initial emails. The risk-to-return ratio must be good hence why they're palming it out using the Cutwail and ZeuS botnets, and I've heard ZeroAccess too. Files are encrypted using 2048-bit RSA public keys with the private key for decryption being held on the servers so it's effectively unbreakable by brute force means. The only method of recovery is to pay.

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users