CryptoLocker: Was ist das? – Panda Security

So if you get a cryptolocker virus, how are you supposed to pay them if so many ask for Bitcoin as payment but you don't have any?

submitted by now_im_toast to NoStupidQuestions [link] [comments]

Swansea, MA police department gets hit by CryptoLocker virus, pays ransom. "You have to buy these Bitcoins, which we had never heard of."

Swansea, MA police department gets hit by CryptoLocker virus, pays ransom. submitted by RamonaLittle to Bad_Cop_No_Donut [link] [comments]

Any way a newcomer can get a bitcoin today from any legit site? Cryptolocker virus infection at a large client.

Hey I have a large client that was infected with cryptolocker today and they want $500USD in bitcoin. They gave us a test file and it unencrypted so I at this point we pretty much have to take their word and pay the ransom.
Is there any way for me to get a bitcoin today via any website? I have company credit cards I can use to purchase on.
PS: Before you say should have had backups, the user that was infected was their IT manager and he had domain admin rights, it encrypted the entire backup server.
submitted by Coolmarve to Bitcoin [link] [comments]

US police force pay bitcoin ransom in Cryptolocker malware scam: Unprepared officials blindsided by sophisticated virus call experience 'an education'

submitted by Libertatea to news [link] [comments]

My University was hit by the Cryptolocker virus today - This is actually good news since it creates Bitcoin Awareness.

submitted by TGDE to Bitcoincirclejerk [link] [comments]

Does anybody here think the recent rise in bitcoin price is due to Cryptolocker virus?

Some information: http://www.coindesk.com/cryptolocker-malware-demands-bitcoin-ransom/
Discuss
submitted by Snaaky to Bitcoin [link] [comments]

Cryptolocker - help needed

First of I'd like to apologise if this is not the right subreddit, but I'm hoping someone here has the experties and experience on how to deal with this malware.
One of my parent's laptop has been attacked by a cryptolocker malware.
I have no experience with viruses and have been freneticly been looking over the internet on how to deal with this.
They demand over £ 3000 of Bitcoins and if the sum is not payed within a certain time frame, it will increase.
I will be calling various data-recovery/anti-ramsonware websites for help, but in the meantime I would like to know if anyone had any experience with this specific type of malware before and how they overcomed it.
Thanks a lot
submitted by Nando0101 to computerforensics [link] [comments]

I need help - CryptoWall virus infected my client's law firm. I need some bitcoins...

I need to pay these "cyber-terrorists" with bitcoins. I need to send 0.82 bitcoins in less than 34 minutes or else it doubles to 1.64 bitcoins.
I've been screwing around with this for over 24 hours. Where on earth can I buy some bitcoins using my credit card? I tried Coin Mama and WU/MG are declining all three cards. We contacted the banks and they are dumbfounded. I tried Coin.mx and there's a $250 limit. I tried VirWox and there's a $78 limit.
I'd buy them from a bunch of places if I knew I could get it all to add up to 0.82 bitcoins in time.
I would appreciate ANY help, guidance, hand holding, or even light extortion at this point. :(
EDIT: To clarify, this is a NEW client. They called me AFTER getting the virus. I always teach my clients safe backup habits, but I can't time travel. This is why I am trying to help them pay the fee to get their files unlocked. I've never had to go this far because I've never had a company call me out of the blue with this situation yet.
submitted by thechaosrealm to Bitcoin [link] [comments]

CryptoLocker Recap: A new guide to the bleepingest virus of 2013.

As the previous post, "Proper Care & Feeding of your CryptoLocker Infection: A rundown on what we know," has hit the 500 comment mark and the 15,000 character limit on self-posts, I'm going to break down the collected information into individual comments so I have a potential 10000 characters for each topic. There is a cleaner FAQ-style article about CryptoLocker on BleepingComputer.
Special thanks to the following users who contributed to this post:
I will be keeping a tl;dr recap of what we know in this post, updating it as new developments arise.
tl;dr: CryptoLocker encrypts a set of file masks on a local PC and any mapped network drives with 2048-bit RSA encryption, which is uncrackable for quite a while yet. WinXP through Win8 are vulnerable, and infection isn't dependent on being a local admin or having UAC on or off. MalwareBytes Pro and Avast stop the virus from running. Sysadmins in a domain should create this Software Restriction Policy which has very little downside (you need both rules). The timer it presents is real and you cannot pay them once it expires. You can pay them with a GreenDot MoneyPak or 2 Bitcoins, attempt to restore a previous version using ShadowExplorer, go to a backup (including versioning-based cloud backups), or be SOL.
EDIT: I will be updating individual comments through the evening to flesh out areas I had to leave bare due to character limitations or lack of info when they were originally written.
EDIT 2: There are reports and screenshots regarding a variant that sits in AppData/Local instead of Roaming. This is a huge development and I would really appreciate a message with a link to a sample of this variant if it does indeed exist. A current link to the known variant that sits in Roaming would also be appreciated.
10/24/13 EDIT: Please upvote How You Can Help for visibility. If you can contribute in any of those fashions it will help all of us a lot.
11/11/13 EDIT: Thanks to everyone that submitted samples. The latest '0388' variant can be found at http://bluesoul.me/files/0388.zip which is password protected, password is "infected". Please see Prevention for updated SRPs.
submitted by bluesoul to sysadmin [link] [comments]

Witnessed REAMDE in real life

(though no one got abducted or shot)
Took a weekend trip to Vancouver to check out the ATM. An older lady started asking me questions about how to use the thing after I did the first palm scans. I made some comment about how cool the whole thing is and she said: "Well no, I'm being held ransom for my excel files."
This is, I'm sure you're thinking, a statement that does not compute. It definitely is hard to parse when you're in the mindset of techno-utopianism. Her explanation, after a moment of my shock: she got a virus on her household computer, its encrypted all her Excel files, and some hacker is extorting her for one Bitcoin and threatening to delete all her files in 72 hours if he doesn't get it.
I tried to help her out, but there's a huge wall to climb in figuring out how to help someone in that circumstance, right? She had a hand-written receiving address that I imagine the hacker was monitoring for payment; it would have been a nightmare to enter correctly into the machine (even if she had copied the CaSe correctly).
It didn't come to that, though, because the machine was having problems. She walked out in exasperation at some point, leaving some cash behind in the machine, and I imagine she (rightly) went to the cops. I called Bitcoiniacs and told them about the situation, a few hours later they (commendably) called me back and said they'd got her straightened out.
The point: this individual has had probably the worst introductory experience with bitcoin possible. I imagine this isn't an isolated event; I imagine that Vancouverites are being specifically targeted by this kind of randsomeware because of the presence of the ATM.
We, as a community, need to get out ahead of this issue, or it will become a PR nightmare. Being extorted for one bitcoin for your excel files is probably the mildest scenario, I can imagine much worse situations. Like, for instance, the plot of REAMDE.
I don't know what to do. Discuss.
submitted by NixPhenom to Bitcoin [link] [comments]

[UPDATE] - TL;DR - Accounting firm gets Cryptolocker Virus. Tech wipes the server to clean it because he has Carbonite backups. He can't remember password to the privately managed encryption key file and can't download the firms backup. Everything lost.

I've been waiting to get some more info before I updated so here it is, with clarification on exactly what happened:
Here's the original post - http://www.reddit.com/talesfromtechsupport/comments/1ps0ae/tldr_accounting_firm_gets_cryptolocker_virus_tech/
It turns out that what they wiped was ALL of the local backups -- they still have the files that were encrypted by the virus.
I have spoken with the owner god knows how many times and it has been frustrating.
From the get-go, the owner's actions have baffled me. I told her that if she just sent me the encrypted key, I'd see if I could crack it, but she's apparently so tech-un-savvy that she simply doesn't know how to do anything at all with it.
Her tech has been with her for more than a decade and is a family friend, however, he bolted and she can't reach him.
Naturally, she's pissed off as hell at him because, well, he deleted all the Carbonite backups, deleted Carbonite, forgot the password and can't install it back.
From one of the comments in the last post, I learned that the hackers who created the virus are now allowing people to log into an onion site through Tor, send an encrypted file, pay about 2k in bitcoins, then they promise they'll send the unencryption key plus a utility to unlock everything.
The owner is naturally skeptical that she'll get the key after paying 2k, plus the world of the deep web may as well be wizardry, plus since her tech guy is AWOL, she really has no one to help her out.
I told her that I'd log into her server, grab the carbonite-encryption.pem key and see if I could get the password from it, but I guess she got too busy last night to do it.
This morning she sent me a text asking if we could do it today, however, it's my birthday.
I don't work on my birthday. At all. Period. Today is the day I fuck off and do precisely what I want, without thinking about anything other than doing fun things.
To that end, I'm going to eat food that's bad for me, drink concoctions that will inebriate me, spend time with people of ill-repute, and do nothing at all of any value.
Tomorrow, when I get the file, I'm going to throw the 64-bit cuda version of hashcat at it and see what happens.
I've already pulled down a 2GB collection of dictionaries, but let's be real -- the odds are low.
This whole thing has been really bizarre. The owner should have thrown the $300 at the original people and gotten her shit back, the tech should have WRITTEN DOWN THE FUCKING PASSWORD, they never should have wiped the backups, deleted Carbonite, only had one backup, etc., but hey, this is the perfect storm of shitty and it is what it is.
I've learned a ton of interesting stuff so for that reason alone, it has been worth it.
Anyway, I'm off to get the mirror on my car fixed (fuck Mercedes and their $400 bill) that I foolishly cracked when I tapped the gates leaving my community, get a hair cut, and I'll continue to snapchat the fuck out of the day.
Oh, and I've gotten the best snaps from you guys and it's really fun, so if you're bored, add me (Warlizard) and you TOO can see absolutely nothing of interest from the great state of Arizona :)
Laterz.
EDIT: First of all, wasn't trying to be a pretentious fucktard about the mirror, was just angry with myself for being a dumbass and hitting the gate because I was trying to beat it closing.
Next, just had my car washed and the guys there are replacing the mirror, fixing the cracked turn signal on the front of it, fixing the crack in the bumper, repainting the bumper, detailing the car and wet-sanding / waxing the whole car for a bit more than the dealership wanted to just replace the mirror glass. So fuck the dealership.
The owner told the tech that he should cover half of the cost to get this shit fixed and that's when he bolted. If I were in her shoes, I'd pay the 2k and hope I didn't get fucked. It seems to me that the only way this scam works is if the hackers actually do what they say they're going to do. Sure, some people would pay the 300 out of desperation and maybe some would lose, but when people start paying 2k, if someone, anyone doesn't get their information back, then far fewer people would be inclined to pay at all.
Anyway, time to grab something to eat. I've been enjoying the snaps from you guys and the cool birthday wishes. I know that I'm not 5 years old and I shouldn't give a shit about something as trivial as a birthday, but fuck it. I do. It's fun and it's what you make it.
EDIT 2: I know this really isn't the place, but I need to source a good tech for a friend of mine who's looking for a full-time IT guy to manage his offices. PC stuff, Server 2003/8, networking, etc. It's a salaried position, not paying crazy, but about 35k plus health care. If anyone is interested and in the Phoenix area, please let me know. It's a hodge-podge of crap and you will be unappreciated, plus the hours are long, but it's an interesting challenge, mostly because managing a heterogeneous environment held together with duct-tape and the tears of the frustrated can be pretty fun.
submitted by Warlizard to talesfromtechsupport [link] [comments]

Proper Care & Feeding of your CryptoLocker Infection: A rundown on what we know.

This article is no longer being maintained, please see the new version here. Thanks.
tl;dr: I hope you have backups. It's legit, it really encrypts. It can jump across mapped network drives and encrypt anything with write access, and infection isn't dependent on being a local admin or UAC state. Most antiviruses do not catch it until the damage is done. The timer is real and your opportunity to pay them goes away when it lapses. You can pay them with a GreenDot MoneyPak or 2 Bitcoins, attempt to restore a previous version using ShadowExplorer, go to a backup, or be SOL.
Vectors: In order of likelihood, the vectors of infection have been:
  • Email attachments: A commonly reported subject is Payroll Report. The attachment, most of the time, is a zip with a PDF inside, which is actually an executable.
  • PCs that are unwitting members of the Zeus botnet have had the virus pushed to them directly.
  • There is currently one report of an infection through Java, using the .jnlp file as a dropper to load the executable.
Variants: The current variant demands $300 via GreenDot MoneyPak or 2 BTC. I will not attempt to thoroughly monitor the price of bitcoins for this thread, use Mt. Gox for the current exchange rate. Currently the MoneyPak is the cheaper option, but last week Bitcoins were. Two variants, including a $100 variant and a $300 that did not offer Bitcoin, are defunct.
Payload: The virus stores a public RSA 2048-bit key in the local registry, and goes to a C&C server for a private key which is never stored. The technical nuts and bolts have been covered by Fabian from Emsisoft here. It will use a mix of RSA 2048-bit and AES 256-bit encryption on files matching these masks:
*.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.eps, *.ai, *.indd, *.cdr, ????????.jpg, ????????.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c, *.pdf, *.tif
This list of file masks may be incomplete. Trust this list at your peril. When in doubt, CryptoLocker will show you what files it has encrypted by clicking the relevant link in the virus's message.
It will access mapped network drives that the current user has write access to and encrypt those. It will not attack server shares, only mapped drives. Current reports are unclear as to how much permission is needed for the virus to encrypt a mapped drive, and if you have clarification or can test in a VM please notify me via message.
By the time the notification pops up, it's already encrypted everything. It's silent until the job is done.
Many antiviruses have been reported as not catching the virus until it's too late, including MSE, Trend Micro WFBS, Eset, GFI Vipre, and Kaspersky. They can further complicate matters by reverting registry changes and removing the executables, leaving the files behind without a public or private key. Releasing the files from quarantine does work, as does releasing the registry keys added and downloading another sample of the virus.
Windows XP through 8 have all reported infections.
What's notable about this virus, and this is going to lead to a lot of tough decisions, is that paying them to decrypt the files actually does work, so long as their C&C server is up. They verify the money transfer manually and then push a notification for the infected machine to call home for the private key again, which it uses to decrypt. It takes a long time to decrypt, at the rate of roughly 5GB/hr based on forum reports. The virus uses the registry to maintain a list of files and paths, so not moving the files around is vital to decryption if you are paying them.
Also notable is that the timer it gives you to pay them does appear to be legitimate, as multiple users have reported that once the timer ran out, the program uninstalled itself. Reinfecting the machine does not bring a new timer. I was not able to verify the uninstallation of the program after the timer ran out, it appears to be dependent on internet access.
Due to the nature of the encryption, brute-forcing a decrypt is essentially impossible for now.
Removal: Removing the virus itself is trivial, but no antivirus product (or any product, for that matter), will be able to decrypt the files until the private key is found.
File Recovery: There are only a handful of options for recovering encrypted files, and they all rely on either having System Restore/VSS turned on or having a backup disconnected from the infected machine. Cloud backup solutions without versioning are no good against this as they will commit the encrypted files to the cloud.
I had a Carbonite employee message me regarding my earlier statement that Carbonite is no good against this virus. It turns out that versioning is included in all Carbonite plans and support all agent OSes except Mac OS X which is outside the scope of this thread anyway. They have the ability to do a mass reversion of files, but you must call tech support and upon mentioning CryptoLocker you will be escalated to a tier 3 tech. They do not mention this ability on the site due to the potential for damage a mass reversion could do if done inadvertently. These are my own findings, independent of what the employee told me. Crashplan and other versioning-based backup solutions such as SonicWALL CDP should also work fine provided the backups are running normally.
Using the "Previous Versions" tab of the file properties is a cheap test, and has had mixed results. Using ShadowExplorer on Vista-8 will give you a much easier graphical frontend for restoring large amounts of files at once (though this will not help with mapped drives, you'd need to run it on the server in that case). Undelete software doesn't work as it encrypts the files in place on the hard drive, there is no copying going on. The big takeaway is that cold-storage backups are good, and they will make this whole process laughably easy to resolve.
Prevention: As this post has attracted many home users, I'll put at the top that MalwareBytes Pro, Avast! Free and Avast! Pro (defs 131016-0 16.10.2013 or later) will prevent the virus from running.
For sysadmins in a domain environment, one way to prevent this and many other viruses is to set up software restriction policies (SRPs) to disallow the executing of .exe files from AppData/Roaming. Grinler explains how to set up the policy here.
Visual example. The rule covering %AppData%\*\*.exe is necessary for the current variant. The SRP will apply to domain admins after either the GP timer hits or a reboot, gpupdate /force does not enforce it immediately. There is almost no collateral damage to the SRP. Dropbox and Chrome are not effected. Spotify may be affected, not sure. I don't use it.
Making shares read-only will mitigate the risk of having sensitive data on the server encrypted.
Forecast: The reports of infections have risen from ~1,300 google results for cryptolocker to over 150,000 in a month. This virus is really ugly, really efficient, and really hard to stop until it's too late. It's also very successful in getting people to pay, which funds the creation of a new variant that plugs what few holes have been found. I don't like where this is headed.
Some edits below are now redundant, but many contain useful information.
9/17 EDIT: All 9/17 edits are now covered under Prevention.
10/10 EDIT: Google matches for CryptoLocker are up 40% in the last week, and I'm getting 5-10 new posts a day on this thread, so I thought I'd update it with some interesting finds from fellow Redditors.
  • soulscore reports that setting the BIOS clock back in time added time to his cryptolocker ransom. Confirmed that the timer extends with the machine offline, but that may be cosmetic and I don't like your chances of this actually helping if your timer runs out on the server side.
  • Spinal33 reports that AV companies are catching up with CryptoLocker and are blocking websites that are spawned in the virus's domain generation algorithm. This effectively means that some people are locked out of the ability to even pay the ransom. (Technically they could, but the virus couldn't call home.)
  • Malwarebytes is claiming that MBAM Pro will catch CryptoLocker. If someone wants to test them on it, be my guest. Confirmed
  • CANT_ARGUE_DAT_LOGIC gave some insight on the method the virus uses when choosing what to infect. It simply goes through folders alphabetically and encrypts all files that match the filemasks towards the top of this post. If you are lucky enough to catch it in the act of encrypting and pull the network connection, the CryptoLocker message will pop up immediately and the countdown will begin. Helpful in determining what will need to be taken into account for decryption.
EDIT 2: We had a customer that ignored our warning email get infected so I will have my hands on an infected PC today, hope to have some useful info to bring back.
10/10 MEGA EDIT: I now have an active CryptoLocker specimen on my bench. I want to run down some things I've found:
  • On WinXP at least, the nested SRP rule is necessary to prevent infection. The path rule needs to be %AppData%\*\*.exe
  • An alternate link to the virus sample is http://gktibioivpqbot.net/1002.exe
  • Once the program runs it spawns two more executables with random names in %userprofile%. Adding a SRP to cover %userprofile%\*.exe may be desired, though this will prevent GoToMyPC from running at a bare minimum.
  • This user was a local administrator, and CryptoLocker was able to encrypt files in other user's directories, though it did not spawn the executables anywhere but the user that triggered the infection. When logged in under a different account there is no indication that a timer is running.
  • The environment has server shares but no mapped drives and the shared data was not touched, even though a desktop shortcut would've taken the virus to a share. I suspect that will be covered in the next iteration.
  • The list of masks above does not appear to be totally complete. PDF files were encrypted and were not originally part of the set of file masks. That is the only exception I noticed, everything else follows the list. Conveniently (/s), CryptoLocker has a button you can click that shows the list of files it's encrypted.
  • The current ransom is $300 by MoneyPak or 2BTC, which at the time of writing would be $280 and change.
  • Fabian reported that registry data is stored at HKCU/Software/CryptoLocker. I cannot glean the meaning of the DWORD values on files but I do notice they are unique, likely salts for the individual files. I'm curious what purpose that would serve if the private key was revealed as the salts would be useless.
  • I have confirmed the message soulscore left that setting the BIOS timer back a few hours adds an equal amount of time. No telling whether that will work once it has a network connection and can see the C&C server, though.
  • The virus walked right through an up-to-date version of GFI Vipre. It appears AV companies either consider the risk too low to update definitions or, more likely, they're having trouble creating heuristic patterns that don't cause a lot of collateral damage.
10/11 EDIT: I ran Daphne on the infected PC to get a better idea of what might be going on. lsass.exe is running like crazy. Computer's had it's CPU pegged all day. I noticed the primary executable running from %AppData% has a switch on the end of the run command, which in my case is /w000000EC. No idea what that means.
10/15 EDIT: I just wanted to thank all the redditors that have submitted information on this. I have some interesting new developments that I'll be editing in full tomorrow.
10/18 EDIT: Hello arstechnica! Please read through comments before posting a question as there's a very good chance it's been answered.
New developments since 10/15:
  • We have confirmation that both Malwarebytes Antimalware Pro and Avast Free and Pro will stop CryptoLocker from running. My personal choice of the two is MBAM Pro but research on your own, AV Comparatives is a wonderful resource.
  • We have reports of a new vector of infection, Java. This is hardly surprising as Zeus was already being transmitted in this fashion, but Maybe_Forged reports contracting the virus with a honeypot VM in this manner.
  • zfs_balla made a hell of a first post on reddit, giving us a lot of insight to the behavior of the decryption process, and answered a frequently-asked question. I'm paraphrasing below.
A file encrypted twice and decrypted once is still garbage.
The waiting for payment confirmation screen stayed up for 16 days before a decryption began, so don't lose hope if it's been up a while.
The DWORD values in the registry have no bearing on decryption. Renaming an encrypted file to one on the list in the registry will decrypt it. However, I would presume this would only work for files that the virus encrypted on that machine as the public key is different with every infection.
Adding any new matching files to somewhere the virus has access will cause them to be encrypted, even at the "waiting for payment confirmation" screen. Be careful.
Hitting "Cancel" on a file that can't be found doesn't cancel the entire decryption, just that file.
EDIT 2: I've rewritten the bulk of this post so people don't have to slog through edits for important information.
10/21 EDIT: Two noteworthy edits. One is regarding Carbonite, which is apparently a viable backup option for this, it is covered under File Recovery. The other is regarding a piece of software called CryptoPrevent. I have not tried it, but according to the developer's website it blocks %localappdata%\*.exe and %localappdata%\*\*.exe which is not necessary for the current variant and will inflict quite a bit of collateral damage. I have no reason right now to doubt the legitimacy of the program, but be aware of the tradeoffs going in.
I'm now at the 15000 character limit. Wat do?
submitted by bluesoul to sysadmin [link] [comments]

Why burn bitcoins?

I read the wiki on proof of burn, but hoping for a more intuitive explanation
submitted by bananenfrosch to Bitcoin [link] [comments]

Mike Hearn, Chair of the Bitcoin Foundation's Law & Policy committee is also pushing blacklists behind the scenes

Bitcointalk discussion: https://bitcointalk.org/index.php?topic=333824.msg3581480#msg3581480
Hearn posted the following message to the legal section of the members-only foundation forum: https://bitcoinfoundation.org/forum/index.php?/topic/505-coin-tracking/ If you're not a member, you don't have access. I obtained this with the help of a foundation member who asked to remain private.
He's promoted blacklists before, but Hearn is now a Bitcoin Foundation insider and as Chair of the Foundations Law & Policy committee he is pushing the Foundation to adopt policies approving the idea of blacklisting coins. I also find it darkly amusing that he's now decided to call the idea "redlists", perhaps he has learned a thing or two about PR in the past few months.
All Bitcoin investors need to make it loud and clear that attacking the decentralization and fungibility of our coins is unacceptable. We need to demand that Hearn disclose any and all involvement with the Coin Validation startup. We need to demand that the Foundation make a clear statement that they do not and will not support blacklists. We need to demand that the Foundation support and will continue to support technologies such as CoinJoin and CoinSwap to ensure all Bitcoin owners can transact without revealing private financial information.
Anything less is unacceptable. Remember that the value of your Bitcoins depends on you being able to spend them.
I would like to start a discussion and brainstorming session on the topic of coin tracking/tainting or as I will call it here, "redlisting". Specifically, what I mean is something like this:
Consider an output that is involved with some kind of crime, like a theft or extortion. A "redlist" is an automatically maintained list of outputs derived from that output, along with some description of why the coins are being tracked. When you receive funds that inherit the redlisting, your wallet client would highlight this in the user interface. Some basic information about why the coins are on the redlist would be presented. You can still spend or use these coins as normal, the highlight is only informational. To clear it, you can contact the operator of the list and say, hello, here I am, I am innocent and if anyone wants to follow up and talk to me, here's how. Then the outputs are unmarked from that point onwards. For instance, this process could be automated and also built into the wallet.
I have previously elaborated on such a scheme in more detail here, along with a description of how you can avoid the redlist operator learning anything about the list's users, like who is looking up an output or who found a match.
Lately I was thinking about this in the context of CryptoLocker, which seems like it has the potential to seriously damage Bitcoin's reputation. The drug war is one thing - the politics of that are very complex. Extortion is something else entirely. At the moment apparently most people are paying the ransom with Green Dot MoneyPak, but it seems likely that future iterations will only accept Bitcoin.
Specifically, threads like this one concern me a lot. Summary: a little old lady was trying to buy bitcoins via the Canada ATM because she got a CryptoLocker infection. She has no clue what Bitcoin is beyond the fact that she needed some and didn't know what to do.
The risk/reward ratio for this kind of ransomware seems wildly out of proportion - Tor+Bitcoin together mean it takes huge effort to find the perpetrators and the difficulty of creating such a virus is very low. Also, the amount of money being made can be estimated from the block chain, and it's quite large. So it seems likely that even if law enforcement is able to take down the current CryptoLocker operation, more will appear in its place.
I don't have any particular opinion on what we should talk about. I'm aware of the arguments for and against such a scheme. I'm interested in new insights or thoughts. You can review the bitcointalk thread on decentralised crime fighting to get a feel for what has already been said.
I think this is a topic on which the Foundation should eventually arrive at a coherent policy for. Of course I know that won't be easy. -Mike Hearn
submitted by jdillonbtc to Bitcoin [link] [comments]

How do you use Bitcoin?

Hello! At muun we are working on a new bitcoin wallet, and we are analyzing the wallet market in order to give you the best experience. Can you give us a hand?
 
What have you used bitcoin for in the last 6 months?
 
1.- Online purchases
2.- On-site purchases
3.- Payments to friends, relatives, acquaintances
4.- Trading
5.- Savings or holding
6.- As a way to buy other cryptocurrencies
7.- Payments on Tor
8.- Online service payments (hosting, vpn, etc.)
9.- Bill payments
10.- Get paid salary
11.- Pay virus rescue (cryptolocker)
12.- Online gambling
13.- Money transfer to family abroad
 
You can answer in the comments (“1,2,5”), or if you prefer to do it anonymously here https://goo.gl/forms/A9jDocTIC4SNZsSv2
 
submitted by c3p0s to Bitcoin [link] [comments]

Cryptolocker Encrypted Files, 90 Hours left and 0.5 Bitcoin ($134) fee requested. HELP!

Specs:
Windows 7 Home Premium Manufacturer: iBUYPOWER Computers Processor: Intel(R) Core(TM) i7-4790 CPU @ 3.60GHz RAM: 16.0 GB Hard Drive: 1 TB
I don't have the rest of the specs on hand but please consider this request anyways, for I am in desperate need of help.
http://i.imgur.com/Sco1dZK.png
Here is a picture of what my computer desktop looks like now. A trojan virus called Cryptolocker apparently got installed on my computer, and has already encrypted most of my files and is asking for 0.5 bitcoins as ransom. It's got a timer, and is currently at around 90 hours left, so please hurry. I looked online already as to what options I have, but found that the few options I have are either unavailable, such as a system restore (due to the fact that my system doesn't have a saved restore point), or are too tedious, such as getting a personal key to decrypt each file (there are thousands). If anyone can help me that would be great, because I would really rather not pay the fee of course.
Thank you for your time,
tdawgthefirst
submitted by tdawgthefirst to techsupport [link] [comments]

Why Bitcoin is Not the Root Cause of Ransomware

Why Bitcoin is Not the Root Cause of Ransomware submitted by mikeytom77 to Bitcoin [link] [comments]

10 Most Dangerous Viruses in Internet History.

Getting a computer virus has happened to many users in some fashion or another. To most, it is simply a mild inconvenience, requiring a cleanup and then installing that antivirus program that you’ve been meaning to install but never got around to. But in other cases, it can be a complete disaster, with your computer turning into a very expensive brick which which no amount of antivirus can protect.
In this list, we will highlight some of the worst and notorious computer viruses that have caused a lot of damage in real life. And since people usually equate general malware like worms and trojan horses as viruses, we’re including them as well. These malware have caused tremendous harm, amounting to billions of dollars and disrupting critical real life infrastructure. Here are the 10 most famous and malicious computer viruses.
Recommended Reading: 10 Signs Your PC Has Been Compromised

1. ILOVEYOU

The ILOVEYOU virus is considered one of the most virulent computer virus ever created and it’s not hard to see why. The virus managed to wreck havoc on computer systems all over the world, causing damages totaling in at an estimateof $10 billion. 10% of the world’s Internet-connected computers were believed to have been infected. It was so bad that governments and large corporations took their mailing system offline to prevent infection.
📷via BBC
The virus was created by two Filipino programers, Reonel Ramones and Onel de Guzman. What it did was use social engineering to get people to click on the attachment; in this case, a love confession. The attachment was actually a script that poses as a TXT file, due to Windows at the time hiding the actual extension of the file. Once clicked, it will send itself to everyone in the user’s mailing list and proceed to overwrite files with itself, making the computer unbootable. The two were never charged, as there were no laws about malware. This led to the enactment of the E-Commerce Law to address the problem.

2. Code Red

Code Red first surfaced on 2001 and was discovered by two eEye Digital Security employees. It was named Code Red because the the pair were drinking Code Red Mountain Dew at the time of discovery. The worm targeted computers with Microsoft IIS web server installed, exploiting a buffer overflow problem in the system. It leaves very little trace on the hard disk as it is able to run entirely on memory, with a size of 3,569 bytes. Once infected, it will proceed to make a hundred copies of itself but due to a bug in the programming, it will duplicate even more and ends up eating a lot of the systems resources.
📷via F-Secure
It will then launch a denial of service attack on several IP address, famous among them the website of the White House. It also allows backdoor access to the server, allowing for remote access to the machine. The most memorable symptom is the message it leaves behind on affected web pages, "Hacked By Chinese!", which has become a meme itself. A patch was later released and it was estimate that it caused $2 billion in lost productivity. A total of 1-2 million servers were affected, which is amazing when you consider there were 6 million IIS servers at the time.

3. Melissa

Named after an exotic dancer from Florida, it was created by David L. Smith in 1999. It started as an infected Word document that was posted up on the alt.sex usenet group, claiming to be a list of passwords for pornographic sites. This got people curious and when it was downloaded and opened, it would trigger the macro inside and unleash its payload. The virus will mail itself to the top 50 people in the user’s email address book and this caused an increase of email traffic, disrupting the email services of governments and corporations. It also sometimes corrupted documents by inserting a Simpsons reference into them.
📷via MSN Canada
Smith was eventually caught when they traced the Word document to him. The file was uploaded using a stolen AOL account and with their help, law enforcement was able to arrest him less than a week since the outbreak began.He cooperated with the FBI in capturing other virus creators, famous among them the creator of the Anna Kournikova virus. For his cooperation, he served only 20 months and paid a fine of $5000 of his 10 year sentence. The virus reportedly caused $80 million in damages.

4. Sasser

A Windows worm first discovered in 2004, it was created by computer science student Sven Jaschan, who also created the Netsky worm. While the payload itself may be seen as simply annoying (it slows down and crashes the computer, while making it hard to reset without cutting the power), the effects were incredibly disruptive, with millions of computers being infected, and important, critical infrastructure affected. The worm took advantage of a buffer overflow vulnerability in Local Security Authority Subsystem Service (LSASS), which controls the security policy of local accounts causing crashes to the computer. It will also use the system resources to propagate itself to other machines through the Internet and infect others automatically.
📷via HP
The effects of the virus were widespread as while the exploit was already patched, many computers haven’t updated. This led to more than a million infections, taking out critical infrastructures, such as airlines, news agencies, public transportation, hospitals, public transport, etc. Overall, the damage was estimated to have cost $18 billion. Jaschen was tried as a minor and received a 21 month suspended sentence.

5. Zeus

Zeus is a Trojan horse made to infect Windows computers so that it will perform various criminal tasks. The most common of these tasks are usually man-in-the-browser keylogging and form grabbing. The majority of computers were infected either through drive-by downloads or phishing scams. First identified in 2009, it managed to compromise thousands of FTP accounts and computers from large multinational corporations and banks such as Amazon, Oracle, Bank of America, Cisco, etc. Controllers of the Zeus botnet used it to steal the login credentials of social network, email and banking accounts.
📷via Abuse.ch
In the US alone, it was estimated that more than 1 million computers were infected, with 25% in the US. The entire operation was sophisticated, involving people from around the world to act as money mules to smuggle and transfer cash to the ringleaders in Eastern Europe. About $70 million were stolen and in possession of the ring. 100 people were arrested in connection of the operation. In late 2010, the creator of Zeus announced his retirement but many experts believe this to be false.

6. Conficker

Also known as Downup or Downadup, Conficker is a worm of unknown authorship for Windows that made its first appearance in 2008. The name comes form the English word, configure and a German pejorative.It infects computers using flaws in the OS to create a botnet. The malware was able to infect more than 9 millions computers all around the world, affecting governments, businesses and individuals. It was one of the largest known worm infections to ever surface causing an estimate damage of $9 billion.
📷via Wikipedia
The worm works by exploiting a network service vulnerability that was present and unpatched in Windows. Once infected, the worm will then reset account lockout policies, block access to Windows update and antivirus sites, turn off certain services and lock out user accounts among many. Then, it proceeds to install software that will turn the computer into a botnet slaveand scareware to scam money off the user. Microsoft later provided a fix and patch with many antivirus vendors providing updates to their definitions.

7. Stuxnet

Believed to have been created by the Israeli Defence Force together with the American Government, Stuxnet is an example of a virus created for the purpose of cyberwarfare, as it was intended to disrupt the nuclear efforts of the Iranians. It was estimated that Stuxnet has managed to ruin one fifth of Iran’s nuclear centrifuges and that nearly 60% of infections were concentrated in Iran.
📷via IEEE
The computer worm was designed to attack industrial Programmable Logic Controllers (PLC), which allows for automation of processes in machinery. It specifically aimed at those created by Siemens and was spread through infected USB drives. If the infected computer didn’t contain Siemens software, it would lay dormant and infect others in a limited fashion as to not give itself away. If the software is there, it will then proceed to alter the speed of the machinery, causing it to tear apart. Siemens eventually found a way to remove the malware from their software.

8. Mydoom

Surfacing in 2004, Mydoom was a worm for Windows that became one of the fastest spreading email worm since ILOVEYOU. The author is unknown and it is believed that the creator was paid to create it since it contains the text message, “andy; I’m just doing my job, nothing personal, sorry,”. It was named by McAfee employee Craig Schmugar, one of the people who had originally discovered it. ‘mydom’ was a line of text in the program’s code (my domain) and sensing this was going to be big, added ‘doom’ into it.
📷via Virus.Wikidot.com
The worm spreads itself by appearing as an email transmission error and contains an attachment of itself. Once executed, it will send itself to email addresses that are in a user’s address book and copies itself to any P2P program’s folder to propagate itself through that network. The payload itself is twofold: first it opens up a backdoor to allow remote access and second it launches a denial of service attack on the controversial SCO Group. It was believed that the worm was created to disrupt SCO due to conflict over ownership of some Linux code. It caused an estimate of $38.5 billion in damages and the worm is still active in some form today.

9. CryptoLocker

CryptoLocker is a form of Trojan horse ransomware targeted at computers running Windows. It uses several methods to spread itself, such as email, and once a computer is infected, it will proceed to encrypt certain files on the hard drive and any mounted storage connected to it with RSA public key cryptography. While it is easy enough to remove the malware from the computer, the files will still remain encrypted. The only way to unlock the files is to pay a ransom by a deadline. If the deadline is not met, the ransom will increase significantly or the decryption keys deleted. The ransom usually amount to $400 in prepaid cash or bitcoin.
📷via Bleepingcomputer.com
The ransom operation was eventually stopped when law enforcement agencies and security companies managed to take control part of the botnet operating CryptoLocker and Zeus. Evgeniy Bogachev, the ring leader, was charged and the encryption keys were released to the affected computers. From data collected from the raid, the number of infections is estimated to be 500,000, with the number of those who paid the ransom to be at 1.3%, amounting to $3 million.

10. Flashback

Though not as damaging as the rest of the malware on this list, this is one of the few Mac malware to have gain notoriety as it showed that Macs are not immune. The Trojan was first discovered in 2011 by antivirus company Intego as a fake Flash install. In its newer incarnation, a user simply needs to have Java enabled (which is likely the majority of us). It propagates itself by using compromised websites containing JavaScript code that will download the payload. Once installed, the Mac becomes part of a botnet of other infected Macs.
📷via CNET
The good news is that if it is infected, it is simply localized to that specific user’s account. The bad news is that more than 600,000 Macs were infected, including 274 Macs in the Cupertino area, the headquarters of Apple. Oracle published a fix for the exploit with Apple releasing an update to remove Flashback from people’s Mac. It is still out in the wild, with an estimate of 22,000 Macs still infected as of 2014.
submitted by bogdan9409 to u/bogdan9409 [link] [comments]

CryptoLocker Battle #1 - The Screwed Client

This will be my last post with a disclaimer of what type of IT we handle, and what stories to expect from me.
We are an IT consulting / Computer repair company servicing small business (~1-25 employees), and residential market. I will try to focus my stories on battles, insane clients, billing issues, whatever seems to stand out to me. I won't have many of the stupid user stories. I love them just as much as the next person, but honestly, we see this every day. I can't stress enough how many service calls we go on a regular basis where the power cord is unplugged, or they are doing other stupid stuff. It honestly doesn't faze me, and they don't really stand out in my memory. We do about ~20 service calls a day, so it takes something really interesting to stand out to me. That being said, here is an interesting battle against CryptoLocker. This story took place about 3 months after CryptoLocker first came about.
The Screwed Client - They are a design and print company. They aren't the type of company that just designs and sends the jobs off to Vistaprint or some online printer. They are a serious printing company with real printers doing the actual work. In a smaller city like mine, that is a rarity. I mean you can go to any Kinkos to get copies made, but if you need 50,000 business cards, even Kinkos will send the job out to a Vistaprint or the like. These guys will handle it. Hell they will even hand deliver it to your door(and I don't mean shipped!). They design quite a bit of their print jobs. They store pretty much everything that they have ever designed, and have regular customers who call in to have their usual order printed.
This is a really new client to us. Their previous IT consultants were rather crap, and they decided to try us out after having a virus on one computer. We fixed it and talked with the owner about setting up a meeting where we can go over a list of things we recommend they do. Upgrade to Gigabit routers/switches, backups, etc. He was going to be on vacation for a few weeks, but agreed to sort it when he got back.... Unfortunately, by then it would be far too late!
Fast forward 1 week. We get a call that their design computer had a random virus on it, so we send out a technician. When he gets there about 1-2 hours later, the designer boasted how they were able to remove the virus themselves, and they were quite proud of this. They found the tools online, and removed it quickly. He did mention though that designs he tried to open weren't working. Red Flag.
Our tech checks it out, finds out that every design(pdf, psp, psd, etc), every document, every frickin user file of use is encrypted. These files are located on their server. A typical network shared drive is how they are setup. Tech asks client what encryption software he is using, and he says he isn't. Bigger Red Flag. Tech digs deeper, checks the logs of the anti-virus/malware software the designer ran to remove it. He finds some virus files he hasn't really seen before(none of us had at this point) that were removed. To the Oracle! He googles the name, and finds out it is the worst virus in the known world... A name that most of us in the biz won't forget... CryptoLocker.
Reads up on it, finds the gory details about how it uses an incredibly secure encryption method, literally can't be decrypted without paying the ransom. Their ransom? 2 BTC. The bitcoin prices were something like $700-900 back then. The damn virus didn't just encrypt the local files on the designers HDD, it encrypted their network shared folder. The entire folder. Tech googles around some more to find any backdoors. Finds out that if you have shadow copies enabled, then you can revert to previous saves and be ok. Unfortunately, it wasn't enabled, and so it isn't ok.
Now the hard part; informing the boss.
Our technician calls the boss up to explain the situation. Asks him if there are any backup systems in place, and about how much the ransom is. The boss explains how they have no backups in place. Ooof. Nothing, nada. After some more conversation, the boss OK's paying the ransom. In a city like ours, most people and businesses don't have a lot of free cash laying around. We aren't like Detroit bad, but my point remains.
Technician goes about finding the website where you find details on how to pay the ransom. There is a nice box, asking for a decryption key. Tech starts looking around to find any traces of where the key is stored. After examining the now gone virus files/folders, he googles to find where the decryption key is stored. It is stored in the virus files.... The same ones the designer deleted. After some more research, he finds out that there is no way to decrypt the files without providing the key. And if the key is deleted/destroyed, the data is absolutely worthless....
The client is now completely and utterly screwed.
Boss wasn't happy, designer was even less happy. I do believe some designs were recovered from past emails, but the bulk was gone with no way to get it back.
The moral of the story? BACK UP YOUR DATA.
Don't put it off til after vacation, don't wait until you have a near disaster, don't wait until next paycheck. Do it. You won't regret it, that one friggin time you will need it.
We finished the removal of any remnants that were left of other malware/viruses we found, cleaned up the data folders, and installed anti-virus software on the server(it was lacking it, previous IT company FAIL).
It took all of 0.01 seconds for the boss to approve of spending money to install a backup system. We installed the software that day, got it up and running right away. They have been a happy client of ours ever since, even though on that day, they got screwed by CryptoLocker.
submitted by Syron4 to talesfromtechsupport [link] [comments]

Top 10 Most Infamous Viruses and Malware

This is a list of 10 of the most infamous viruses and malware. Viruses and Malware are often seen as similar things but viruses are actually a type of malware, to learn more about the types of malware see the full article below. This article is not an absolute list and there are many viruses not covered here. If something wasn’t covered feel free to discuss it in the comments below.
  1. Melissa
In 1999 while the internet was beginning to grow the Melissa virus grew to notoriety. The virus spread through email by sending messages from compromised outlook accounts. Melissa would have the subject that this was an urgent message and once opened would read’ “Here is that document you asked for…don’t show anyone else ;-).” The message would then include a file named LIST.doc. Once opened the file would send itself to the 50 first people in your contacts using your name. Melissa contained several pornographic website usernames and passwords. If the date and time lined up properly Melissa would also corrupt word files to read “Twenty-two points, plus triple-word score, plus fifty points for using all my letters. Game’s over. I’m outta here.” A reference to the Simpsons. This spreading overwhelmed various servers and shut down email systems. The creator of the virus was eventually found out to be David Smith who named the virus after a stripper. Ultimately Melissa would go on to cause around 1.1 billion dollars in damage worldwide and Smith went on to work with the FBI to fight viruses.
  1. I Love You
    The ILOVEYOU or love bug virus started in May of 2000 and, just like Melissa, was spread using email and curiosity. The virus would work by sending an email with the subject “ILOVEYOU” and an attachment that said “LOVE-LETTER-FOR-YOU.txt.vbs” Though in most cases the .vbs was hidden making the file appear to be a simple .txt file. Once clicked on the virus would overwrite various files with itself, taking over everything from office documents to mp3s. The virus would then send itself to everyone in your windows address book. This would cause losses of data and the shutdown of various email services causing around $7 billion in damage and $15 billion to remove. The virus was ultimately traced back to the Philippines and the men responsible never severed time as local law did not have provisions for this sort of crime.
  2. Storm Worm
In late 2006 Storm Worm arose using click bate style emails. The most common email claimed to link to an article about how a storm in Europe killed 230 people, this is how Storm Worm got its name. Though, unlike the previous entries, Storm Worm used this access into computers to build a bot net or a network of computers working to collect information and further spread Storm Worm. The Storm Worm bot net differs from other bot nets as it does not use a central server but rather uses some of the computers it infects to operate. Storm Worm does not directly harm machines but rather is available for malicious people to hire. Once commissioned the bot net then spams networks to overwhelm them and cause failures. Though Storm Worm itself was shut down in 2008 various forms of Storm Worm still function to this day.
  1. SQL Slammer
Next on this list is the 2003 worm SQL Slammer. This worm worked by exploiting Microsoft SQL Server, once a server was infected it would spread the worm to other servers. The infected servers would send so much data it slowed down entire networks and shut down the internet in some areas. This caused flights to be canceled, companies to switch to pencil and paper and completely shut down the internet in South Korea. SQL Slammer lead to massive costs that could have been avoided as it exploited an old vulnerability that had been previously patched. What truly made this virus effective was its small size and its prey. Slammer was small enough to be undetected by most antivirus programs. Slammer focuses on servers not home computers, this meant it could cause massive damage with a smaller number of hosts. Though the creator was never caught SQL Slammer has been patched out.
  1. Flashback
The majority of viruses on this list effect Microsoft machines as they are the majority of machines used. Flashback is different from there other viruses as it effects Mac devices. Flashback targets a vulnerability in Java in order to create a bot net. Flashback is a Trojan that used infected websites to spread itself so a user would have to visit a specific website to become infected. It is estimated that Flashback was able to infect around 600,000 apple devices in mid-2012 before Oracle fixed the Java vulnerability. This attack caused apple to take viruses and security more seriously leading to changes in their advertisements wording to new security features.
  1. Cryptolocker
Cryptolocker was a ransomware type of malware that would encrypt important files and ask for a fee to have them returned if you didn’t pay the fee in 72 hours your files would be lost forever. Starting in September of 2013 Cryptolocker spread through email. These emails would be generated through a botnet. Cryptolocker would pose as a message from a bank or other official service stating that they had a document for you to read. The file would appear as a PDF but once opened would actually launch Cryptolocker and begin to lock down your files. Once inside a machine Cryptolocker would infect everything the computer had access to, from hard drives, to flash drives to machines on a shared network. Because of this ability to spread Cryptolocker would compromise RAID arrays as well as continuous backups. This meant that even if you were actively backing up your data Cryptolocker could infect your backups as well, only separated backups were safe. Cryptolocker was a very advanced type of ransomware that experts struggled to crack and for a long period of time is was agreed the best way to get data back was to pay the ransom. Cryptolocker asked for around $300 in some form of untraceable currency such as bitcoin. It is not certain how much money this generated but it is estimated the creators made at least $3 million. Though as the attacks went on, in an attempt to slow or stop Cryptolocker, the servers hosting parts of it were shut down though this only served to make unpredictable if one would actually get their files back. As time went on antiviruses developed ways to protect from Cryptolocker.
  1. Code Red
Code Red was a unique worm found in July of 2001 that could infiltrate a computer just by being connected to the internet. Code Red would gain access by exploiting a vulnerability in Microsoft’s internet information services. Once the worm had access it would spam the letter “N” until it overwhelmed the computer enough to gain access. The worm spread rapidly infecting computers and defacing websites to make them display “HELLO! Welcome to http://www.worm.com! Hacked By Chinese” Once Code Red infected a sufficient number of machines it would launch spam attacks to try and overwhelm preset IP addresses such as that of the Whitehouse. The attack on the Whitehouse was mitigated by changing its IP address once the plan was discovered. Though the creator was never caught a patch eliminated the worms effectiveness. This was another attack that could have been avoided by sufficient updates and backups as the vulnerability was patched a month prior to the attack.
  1. MYDOOM
This virus was the most expensive ever causing around $38 billion in damage. In 2004 the MYDOOM virus became the fastest spreading virus spreading through email and infecting 1 in 12 email accounts. The emails sent containing MYDOOM had a wide variety of names and content meant to trick users into opening the attachment. Once infected with MYDOOM the virus uses the devices to spam attack a specific target to overwhelm the system. The primary target was believed to be the SCO group as they were attacked by 25% of MYDOOM infected devices. The creator has never been found.
  1. Stuxnet
Stuxnet was one of the first cyber weapons ever created. Stuxnet was designed to target Iranian nuclear enrichment labs and cause the centrifuges used to destroy themselves while also preventing warning systems from going off. Stuxnet is such a complex cyber weapon entire articles and documentaries have been created about it. There are also countless theories about Stuxnet. It is believed Stuxnet was created by the United States and Israel and snuck into the Iranian nuclear facility on a flash drive but how this was done is unknown. Due to an Iranian Engineer connecting to the internet Stuxnet was free to infect all the computer systems linked to the internet. This means Stuxnet could attack any power system in the world. But Stuxnet has only one target it will attack and that is the Iranian nuclear system. The fear is that someone could alter the Stuxnet code in order to launch a mass attack, though this is all theory and speculation as there is so much mystery around Stuxnet. Stuxnet is one of if not the most complex viruses ever created believed to be around 20 times more complex than any other virus. Stuxnet is able to enter these security systems using stolen credentials from actual cyber security systems. Ultimately, everything above is just speculation and theory as this is such a complicated virus it is impossible be sure of the details. Though there is an existing tool that can stop and remove a Stuxnet infection.
  1. WannaCry
    Similar to Cryptolocker WannaCry was a ransomware that went out in 2017 attacking windows XP computers. This included the UKs national health service, shutting down the hospital system for one day. WannaCry would charge between $300-$600 to get files returned though reports are unclear if anyone who paid the ransom got their files returned. Thankful the healthcare service had backed up their files and was able to quickly recover. WannaCry was built based off of a leaked NSA cyber weapon known as Eternal Blue. This weapon exploited an old vulnerability and a special patch was issued by Microsoft as the software impacted was so old it was no longer supported. This age to the software limited WannaCry’s ability to infect typical computer users. The attack was stopped in a unique way in that the virus actually had a kill switch built into it so when a specific domain name was registered the attacks stopped.
The Take Away
The most important thing to remember about these viruses and malwares is to backup your data. By backing up your data even if a virus infects your computer you can get all your information back. You should also avoid clicking on strange email attachments. Keeping a good antivirus software on your computer is all key. Lastly, keep your computer up to date, a lot of the viruses exploited older and devices that had yet to be updated. For more information on how to keep yourself safe from viruses see the full article below.
submitted by filiomane to geek [link] [comments]

Missing? Unconfirmed? Sweeping my keys?

A while back (2013 apparently) I setup an Armory offline wallet setup. It was pretty slick. Had a netbook that had never been online, yadda yadda yadda.
Well, I ended up hating it, because Armory always takes 19 years to sync back up if you don't run it constantly, so it was not convenient to move stuff in and out of. I messed with electrum a little- was going to go that route, and then decided to go with one of the commercial hardware wallet solutions.
Before I did that, and got things moved, Armory did some kind of update, I couldn't get my online and offline versions to play nicely together, and I ended up having to recover my wallet to my online PC to access my funds. The recovery worked- and I had everything there I was expecting. In early March of this year, a friend who owns an IT company had a client that needed help with one of the cryptolocker viruses. We sent 3 bitcoins to the company, and the files unlocked. But this is where I'm confused about my balance. It's 3 bitcoin short. This is my entire recovered wallet-- it was at 16.77ish bitcoins at the begining of March. Then I sent 3.0001 bitcoins. The incoming .35ish is probably change from an address?
The transaction itself is not confirmed for some reason, and my balance (also not confirmed) is off by 3 bitcoins from what I think it should be. It's showing about 10.77. Should be 13.77BTC.
http://imgur.com/5vCVr9I
So when I get my hardware device today- what is the BEST method to sweep my keys or whatever I need to do to ensure I've got each and every bitcoin I'm expecting, especially the missing 3BTC.
Thanks for your help.
Edit: Imgur link
submitted by themann00 to Bitcoin [link] [comments]

I sat in on a conference for a really huge computer/chip company that discussed bitcoin and the blockchain...here is what they said

This was a private conference for this very large, well known company that produces processors. The speaker (who is fairly high up in this company) had 2 slides in which she talked about "the block chain". She clarified quickly for the attendees, "I don't mean bitcoin, which is also a currency and other things" (using a neutral to negative tone). One speaker had previously mentioned bitcoin in passing when explaining CryptoLocker types of viruses to the attendees. Anyway, she said that 5 top financial institutions on the East coast have already decided on a private block chain for their transactions. She went on to say that the block chain will handle many things like contracts, deeds (and things that I don't understand--I tried to get a photo but it was too tough--basically all of the bitcoin v2 things we always hear about that others are solving with altcoins and side-chains). She also said that in the future other companies will form groups and create their own networks to have transparent ledgers between each other.
She also said that this "disruptive technology" is coming, it is here...and it will take over no matter what. There is nothing to stop it. It was good to hear this, but I almost fear how they are going to use the block chain technology. This was such a difference from how I saw the tech being developed. They won't even be using bitcoin, just using the open source tech and running with it and creating their own closed systems.
So my question to you is...will that be how the block chain goes down in history? Bitcoin just an experiment that allowed the big banks and financial systems to create back end systems and use an open ledger for their own good? How does this make you feel? I probably have more to tell if you ask me a question but it was about 2 slides worth of information.
submitted by throwaway848439849 to Bitcoin [link] [comments]

Vírus CryptoLocker e CryptoWall Ransonware ... CryptoLocker attack Demo CryptoLocker Ransomware!Demonstration of attack video review. What is Ransomware CryptoLocker Virus Malware Remove Crypt0L0cker (TorrentLocker) Ransomware Virus And Decrypt Files

CryptoLocker a crypto-malware family that threatens computer users since 2013 CryptoLocker is a malicious program that encrypts files on the affected machines and demands to pay the ransom in Bitcoin. The first version of ransomware was detected in 2013 [1] spreading via Gameover Zeus botnet [2] . Nevertheless, the botnet was shut down; new versions of malware continue emerging. The main goal ... CryptoLocker uses an RSA 2048-bit key to encrypt the files, and renames the files by appending an extension, such as, .encrypted or .cryptolocker or .[7 random characters], depending on the variant. Finally, the malware creates a file in each affected directory linking to a web page with decryption instructions that require the user to make a payment (e.g. via bitcoin). Instruction file names ... Worst virus ever locks your files, demands Bitcoin ransom Other ransom viruses are just a bluff. CryptoLocker is for real. Mar 2, 2020, 1:31 pm* Crime . Aaron Sankin. How much would you pay to ... CryptoLocker: Definition. CryptoLocker ist ein Ransomware-Exemplar, mit dem Computer über einen Trojaner infiziert werden. Die Malware ist so programmiert, dass Microsoft Windows-Systeme betroffen sind und Zugriff auf Dateien gesperrt wird, bis die Malware-Autoren ein Lösegeld erhalten.. Nach der Installation verschlüsselt CryptoLocker bestimmte Dateien, die auf dem infizierten Computer ... CryptoLocker, Ransomware and bitcoin Uncategorized Ransomware malware is a new kind of virus or software program, that encrypts the data of victim’s computers, rendering it unusable until a ransom is paid to the bad guys.

[index] [7453] [38778] [50954] [47579] [26846] [21260] [33916] [11529] [9968] [45355]

Vírus CryptoLocker e CryptoWall Ransonware ...

The private decryption key is only released to the user if they pay the equivalent of $300 USD via Bitcoin or MoneyPak. Read the full article: ... CryptoLocker Virus Explained: The Tech Guy 1026 ... O Ramsonware é um Vírus/Malware que bloqueia e sequestra seus arquivos usando criptografia em troca de resgate! Se inscreva aqui no Canal http://bit.ly/jeffe... BART Variant Crypto Locker BitCoin - Duration: 6:04 ... HOW TO FIX " Your personal files are encrypted! " popup from CryptoLocker ransomware - Duration: 7:47. Anti Computer Virus 336,917 views. 7 ... SUBSCRIBE ! for videos on finance, making money, how to invest and creative ways to acquire passive income ! After 10+ years of investing and saving, I'm here to pass the knowledge onto you ! New ... Here is the short video on what is Ransomware CryptoLocker Virus Malware ? Ransomware is Malware that is installed on a user's device from popups ads, malicious website or Emails attachment. It ...

#