Author Topic: CryptoLocker Foiled by Whitehats (Read 5986 times)

BazBear · « **on:** August 06, 2014, 11:12:55 PM »

From the Ars Technica website:

Quote

Whitehats recover, release keys to CryptoLocker ransomware

Whitehat hackers have struck back at the operators of the pernicious CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage.

Through a partnership that included researchers from FOX-IT and FireEye, researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims' personal computer files until they pay a $300 ransom. They also reverse engineered the binary code at the heart of the malicious program. The result: a website that allows victims to recover the key for their individual content. (full article)

The file scanning and key recovery site can be found here.

smartcooky · « **Reply #1 on:** August 07, 2014, 12:44:52 AM »

Quote from: BazBear on August 06, 2014, 11:12:55 PM

From the Ars Technica website:

Quote
Whitehats recover, release keys to CryptoLocker ransomware

Whitehat hackers have struck back at the operators of the pernicious CryptoLocker ransom trojan that has held hundreds of thousands of hard drives hostage.

Through a partnership that included researchers from FOX-IT and FireEye, researchers managed to recover the private encryption keys that CryptoLocker uses to lock victims' personal computer files until they pay a $300 ransom. They also reverse engineered the binary code at the heart of the malicious program. The result: a website that allows victims to recover the key for their individual content. (full article)

The file scanning and key recovery site can be found here.

Neither link works

Try

http://arstechnica.com/security/2014/08/whitehats-recover-victims-keys-to-cryptolocker-ransomware/

BazBear · « **Reply #2 on:** August 07, 2014, 01:22:04 AM »

Sorry about that, and thanks for the heads up. I had just made an identical post over at the JREF forum, then simply C&Ped the BB entry code from the entry field over there into this one. Apparently this forum software decided to add an extra http:// to the URLs I had entered. All fix-ed-ed up now.

ka9q · « **Reply #3 on:** August 07, 2014, 08:37:51 AM »

I saw that. Of course, it only works with the present Cryptolocker, and then only some versions. It doesn't prevent anyone from using another incarnation of the same idea against new victims, taking greater care to protect their private keys.

Cryptolocker is utterly evil, but there's no real defense other than a) offline backups and b) improving computer security over the abysmal levels people tolerate from Microsoft.

BazBear · « **Reply #4 on:** August 07, 2014, 01:07:54 PM »

Quote from: ka9q on August 07, 2014, 08:37:51 AM

I saw that. Of course, it only works with the present Cryptolocker, and then only some versions. It doesn't prevent anyone from using another incarnation of the same idea against new victims, taking greater care to protect their private keys.

Cryptolocker is utterly evil, but there's no real defense other than a) offline backups and b) improving computer security over the abysmal levels people tolerate from Microsoft.

That's one of the reasons I've been using Linux >95% of the time. Of course, no OS is bulletproof, but the *nix family has to be orders of magnitude safer than Windows.

smartcooky · « **Reply #5 on:** August 07, 2014, 03:45:01 PM »

Quote from: ka9q on August 07, 2014, 08:37:51 AM

Cryptolocker is utterly evil, but there's no real defense other than a) offline backups and b) improving computer security over the abysmal levels people tolerate from Microsoft.

c) do NOT open an attachment to an email unless you absolutely 100% know what it is and who its from

d) do NOT click on links in emails unless you know exactly what they are and who the email is from

A large part of good computer security is not acting stupidly.

BazBear · « **Reply #6 on:** August 07, 2014, 04:29:36 PM »

Quote from: smartcooky on August 07, 2014, 03:45:01 PM

Quote from: ka9q on August 07, 2014, 08:37:51 AM
Cryptolocker is utterly evil, but there's no real defense other than a) offline backups and b) improving computer security over the abysmal levels people tolerate from Microsoft.

c) do NOT open an attachment to an email unless you absolutely 100% know what it is and who its from

d) do NOT click on links in emails unless you know exactly what they are and who the email is from

A large part of good computer security is not acting stupidly.

That's for sure. 99%+ of the problems I've dealt with on my less computer savvy friends' computers have been from them installing random crapware etc. It's been years since I've had a malware/virus issue on my own Windows systems; some people I know can't make it a day after a clean install without getting some malware fraking up their OS.

Echnaton · « **Reply #7 on:** August 07, 2014, 09:48:18 PM »

Quote from: smartcooky on August 07, 2014, 03:45:01 PM

c) do NOT open an attachment to an email unless you absolutely 100% know what it is and who its from

d) do NOT click on links in emails unless you know exactly what they are and who the email is from

A large part of good computer security is not acting stupidly.

My office is staffed by computer stupid people who get multi-forwarded cat photo email from computer stupider friends and family. The bosses wife cannot tell the difference between browsers or the difference between the browser and the web page. It has always been a problem and an occasional nightmare. I am surprised that nothing worse has happened to us. But there is a bomb somewhere out there with our name on it that will make a mess I cannot clean up.

ka9q · « **Reply #8 on:** August 08, 2014, 09:49:39 AM »

Quote from: BazBear on August 07, 2014, 01:07:54 PM

That's one of the reasons I've been using Linux >95% of the time. Of course, no OS is bulletproof, but the *nix family has to be orders of magnitude safer than Windows.

Same here. I also used to use Macs, but after the Snowden relevations I no longer trust Apple either.

ka9q · « **Reply #9 on:** August 08, 2014, 09:54:55 AM »

Quote from: smartcooky on August 07, 2014, 03:45:01 PM

c) do NOT open an attachment to an email unless you absolutely 100% know what it is and who its from

d) do NOT click on links in emails unless you know exactly what they are and who the email is from

A large part of good computer security is not acting stupidly.

Actually, there is no reason in the world that these precautions should be necessary, or to blame the users for not being superhuman in following them. It is only the abysmal lack of system-level security thinking in the software that makes these precautions necessary for the vast majority of people.

The basic problem is that the designers have failed to follow a rigorous distinction between code (program) and data everywhere in the system. If they did things properly, there'd be no need to warn people about clicking on attachments because nothing bad could happen regardless of what's in them. They'd be considered as pure data, incapable of directing the computer to do anything but to display their contents (though of course this might simply fail entirely if the contents are invalid.)

If the users have a failing, it's their willingness to accept systems in which mistakes they cannot be expected to avoid have such serious consequences. There should be rioting in the streets until this changes.

ApolloHoax.net

News:

Author Topic: CryptoLocker Foiled by Whitehats (Read 5986 times)

BazBear

CryptoLocker Foiled by Whitehats

smartcooky

Re: CryptoLocker Foiled by Whitehats

BazBear

Re: CryptoLocker Foiled by Whitehats

ka9q

Re: CryptoLocker Foiled by Whitehats

BazBear

Re: CryptoLocker Foiled by Whitehats

smartcooky

Re: CryptoLocker Foiled by Whitehats

BazBear

Re: CryptoLocker Foiled by Whitehats

Echnaton

Re: CryptoLocker Foiled by Whitehats

ka9q

Re: CryptoLocker Foiled by Whitehats

ka9q

Re: CryptoLocker Foiled by Whitehats