Cryptowall 3.0 ransomware switches to anonymous I2P network

I love this!

a reply to: Bigburgh

thanks, feel free to use them if you want , just don't publish them.

a reply to: andy06shake

Best one is Wolflenstein Ps3 2009.
Off topic but great!
Especially with all the cheats.

Hmm, so, we are told to believe that anything we encrypt can be unencrypted by the alphabets on a world wide scale!!!, and yet a few bozos can create an encrytion so strong its unencryptable!?

Someone is telling porkies!

originally posted by: hounddoghowlie
a reply to: Bigburgh

thanks, feel free to use them if you want , just don't publish them.

I won't! Thanks.
These will go great on my wallpaper.

a reply to: VoidHawk

Well if they are indeed "telling porkies" i wish some clever sod would hurry up and out the suckers and provide a working solution to restoring our files.

First off a firewall and Malwarebyte is not a Virus Scanner. You need to use a retail full security suites. Keep it updated. Once the virus is removed you might be able to recover some files right clicking and choosing earlier versions this recovers them from the shadowcopy. However, these types of programs are cunning and like to delete shadowcopy files too.
There is tons of things you can do to prevent things like this happening. Many are habit changes. Things like creating a limited user account. Use applocker and policies. Browse the internet & download files through a sandbox or isolated VM. use another remote machine you can remote into to access the net. Make network shares read only and login protected. Store backups & personal data on a secondary external HD and encrypt it. The biggest problem is that people do not create any clone or backup of their system, or take advantage of security and encryption. I can't stress how important that is.

originally posted by: VoidHawk
Hmm, so, we are told to believe that anything we encrypt can be unencrypted by the alphabets on a world wide scale!!!, and yet a few bozos can create an encrytion so strong its unencryptable!?

Someone is telling porkies!

Its all about motivation and the greater good. The gov't isn't going to disclose its capabilities for the general public.

However, You really want to find out the strength of that encryption. Get the general public to start utilizing it for torrent file sharing. Don't mess with the Oligopoly money.

a reply to: sean

There is tons of things you can do to prevent things like this happening

I personally use virtualization to protect from virus or data loss on top of other measures. I run vmware with linux for personal use: email,downloads,surfing,etc and another vm image for work related tasks. I simply use the OS for managing my VM environments running on the host. I also grant access to the local network on a need basis .

I got hit last year in March. I lost everything...photos, movies, correspondence, memories etc etc etc.

Until it happens to you, you don't understand the impact and stress of finally realising unless you pay you cant recover anything.

I made all the calls to the "computer doctors" most of whom had never heard of it. I got the whole "love...nobody can just encrypt you stuff and demand a ransom".

I had to do a complete factory reset. I was sitting here one day and noticed my digital photo frame and thought...sh*t...that has a usb with some of the photos. i also checked all my emails i had sent and got some stuff back via the attachments.

I have warned and warned and warned friends and family to get their precious photos and kids videos off their computer. some listen....some don't. some think pfft...i know someone who is an expert and could get it back. yeah...good luck with that.

Bleepingcomputer is a great site with loads of info about this. Heartbreaking but when you read people on there begging for someone to help them get back photos of family who have now passed and being told in most cases there is nothing that can be done.

Good luck mate and dont feel silly for feeling violated. I too felt the same. It a crime and you are a victim.

I'm always a little worried something like this could worm it's way on to my computer somehow. Rule numero uno for me has always been never open a file via email unless the sender tells me it's coming in advance. Second rule has always been to NEVER click ads, ever, no matter what site is it. I've never clicked on one in all the years I've been online and never will, just to err on the side of caution.

I've got several computer drives sitting in a box, just waiting for me to build a recovery computer to pull the old pictures & videos off of. I finally decided to just lock my SD cards once they were full, and buy a new one to fill up. If I ever lose this computer's drive, at least I have the SD cards to fall back on. Smartest move I ever made regarding my family pictures & videos

originally posted by: Bigburgh
a reply to: andy06shake

G@d damn it!
When I gave you the male ware removal link yesterday, did it make it worse? Did ANON set that up?

In the last couple of month. ANONYMOUS set up an ATS account.
I was going to suggest yesterday, that you send an email to that member and ask what would they do. Giving this would be up their alley.

Now.. pfffffff

Anon isn't a monolith so they say. That being the case I would imagine the Intel services of Chad (no offense Chad you have low GDP and a small economy) are part of the game. These ransomware guys usually operate out of eastern Europe and Russia, or historically they have. There was a group in France a few years ago who were continually cracking these wares thous. Not how sure.... Decomp, MiTM, Your guess is as good as mine as I assume they weren't breaking crypto keys.

originally posted by: PhoenixOD
a reply to: andy06shake

How about using software that searches for deleted files and try to find the restore points?

It's 2048-bit RSA, at least from the variants that I have seen. You could brute force it with today's technology. It would just take longer than the time that the universe has been around...

The only other option would be to locate the server and hack it to get the keys back.

google: CryptoWall and HELP_DECRYPT Ransomware Information Guide and FAQ @ bleeping computer

apparently ShadowExplorer works well

There's no way anyone is going to "crack" CryptoWall's encryption. If that were to happen, you could kiss all "secure" internet traffic goodbye since it's all based on the same algorithms. Technology is neutral but can be used for good or evil...

Just back up your data on a separate drive and keep it unplugged. Keep in mind that ALL software is prone to bugs and insecurities. But, losing your data to CryptoWall is no different from losing your data to a hard drive crash, a fire, dropping your phone in the toilet, etc. # happens. Make backups! (or learn to let go)

a reply to: lateralus212

The way im reading it, and from personal experience. Once the virus has progressed to the second level of extortion, demand goes from around $500 to $1000, it also disables/deletes your restore points and deletes the shadow copies of your files.

I did not even know the maleware/virus was on my system until it progressed to the second stage and that is with an active firewall, Malewarebytes Professional and Avast running in the background and even performing scheduled scans. Soon as i noticed the infection i attempted removal in windows safe mode with networking and run Shadowcopy to no avail. The problem being that actual removal of the maleware/virus in question does nothing to elevate the fact that your files have already been encrypted.

So please remember people, detection time is a significant factor regarding this particularly nasty infection.

www.bleepingcomputer.com...

i heard this kind of ransomware is now targeting Android as well ( Android on Mobile and Windows on Desktop have the largest market share, so they are targeted more ( we mac people/iOS people have less market share and targeted less ).

I gave up on Windows long time ever since I heard MS itself stores their backup on Unix server ( or even windows updates are piped thru Akamai's linux servers).

If all attempts fails, try to connect the drive to a Linux and see if the deletes files are visible there. (linux have PhotoRec utility which recovers deleted photo/video files). Again, it could make it worse as well, so use it with caution.

this:

originally posted by: grey580
you have at least 3 versions of your data right?
Live, backup and offsite backup?

should be common practice.
Why people keep their backupdrives plugged in if it´s rewriteable is beyond understandable.
Maybe you have to be hit that you learn.

andy06shake I´m sorry this happened to you but you could have prevented that.

a reply to: VimanaExplorer

That could be a possibility VimanaExplorer, ile give it a go on Monday.

a reply to: verschickter

Its ok mate i feel stupid enough and should really have known better. I deserve to be hazed.

Truth is i have never really encountered a virus or maleware that has ever presented a significant problem or i could not remove, i simply became complicit, you live and learn eh?