OFFROADSUBARUS.COM

OFFROADSUBARUS.COM (https://offroadsubarus.com/index.php)
-   General Forum (https://offroadsubarus.com/forumdisplay.php?f=2)
-   -   Beware of cryptolocker emails! (https://offroadsubarus.com/showthread.php?t=5848)

Kevin 13th November 2014 09:14 PM

Beware of cryptolocker emails!
 
Beware of cryptolocker emails!
http://www.smh.com.au/it-pro/securit...30-11egcy.html

Cryptolocker Email Campaign

12th
Nov
2014
Symantec has observed a new variant of the “Cryptolocker” email campaign appearing to
originate from the “NSW Office of State Revenue”. This new campaign was seen on 12th
November at approximately midnight and is similar to a campaign initially observed on 30th
October.
The subject line of the email this time reads “Traffic Offence ID: <series of random numbers> -
carries 3 demerit points”.
The email is well crafted - delete it immediately!

NachaLuva 13th November 2014 09:32 PM

Thanks for the heads up

SuperRu 13th November 2014 10:05 PM

Cryptolocker is nasty stuff made me change my backup procedure. I now have an almost current backup off the LAN at all times. I rotate them between two Synology NAS boxes.

DavAmb 4th December 2014 07:44 PM

We've just received an alert for an email that claims to be "Annual Form - Authorization to Use Privately Owned Vehicle on State Business". Keep an eye out for this nasty!

Ratbag 29th March 2015 11:04 PM

Crypto ransomware attacks
 
There is a utility program that alters the Windows Local Security Policy settings that effectively blocks any/all executable files from running from all the usual locations (email folders, etc).

For a review on this program, see BleepingComputer.com here:

http://www.bleepingcomputer.com/viru...re-information

The utility program is available from Foolish IT here:

http://www.foolish it.com/download/c...ent-installer/ (copy and paste the URL, then remove the space between "foolish" and "it", the language filter here destroys the URL otherwise ... ).

One of my (ex-)clients got this nasty pox on one of their computers last Friday. That computer has had all document data completely destroyed on it (.txt, .doc, .xls, .pdf, .jpg, .zip, etc), by being encrypted using 2048 bit encryption.
Fortunately, their main Outlook .PST file appears to be undamaged.

One of the staff opened a .ZIP file attached to an email ... :( :cry:

Of course, ethics forbids the paying of any kind of ransom ...

The only thing that saved the rest of the computers was the (deliberate, on my part) lack of explicit drive mappings!

Always use UNC path names for mapping devices, folks (e.g. \\computername\drive_letter\path_name).
NOT explicit drive mappings (e.g. "Z:").

DO NOT leave backup HDDs plugged in and turned on!!

SuperRu 29th March 2015 11:15 PM

Quote:

Originally Posted by Ratbag (Post 85292)
...
DO NOT leave backup HDDs plugged in and turned on!!

Good advice. I have a Synology box that only powers up for a couple of hours every M-W-F evening and does a back up. I'm thinking about adding a DS115 that is dormant except for a quick Sunday evening backup.

Ratbag 30th March 2015 02:43 AM

Perhaps also worth setting an automatic AV update and full scan to occur just prior to the auto backup ... :poke: :iconwink:.

Kevin 22nd July 2015 07:03 PM

I believe these are surfacing again disguised as emails from Australia Post


All times are GMT -3. The time now is 08:39 AM.

Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.