[AusNOG] CryptoLocker Virus

Mike Manning mike at matilda.net.au
Thu Oct 24 10:10:32 EST 2013


I know someone who got this on their Win2k3 SBS Server - got in via the RDP vulnerability using brute force before it was made known - they encrypted every single document, pdf, qbw, jpg etc.. deleted all backups and demanded $2500 to send the "password" for the files which wasn't going to happen (reading up reports they never send the password anyway) - they ended up losing pretty much everything.  It's a nasty nasty piece of work.. They have since changed their RDP port from 3389 to something way up high, plus upgraded from server 2k3.  There's a lot of "fake" variants of the ransomware floating about as well that comes in via emails.. combofix does a good job at those ones though.

Mike Manning
Senior Technician

Matilda Internet
________________

*Telephone +61 7 4953 0711
*Fax +61 7 4953 0717
29 Gregory Street, Mackay, QLD 4740, Australia
* Email mike at matilda.net.au
<mailto:mike at matilda.net.au>Website www.matilda.net.au
<http://www.matilda.net.au/>

This email and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom it is addressed.  If you are not the recipient be advised that you have received this email in error and that any use, dissemination, forwarding, printing copying or use of the contents contained in this e-mail and any file attachments is strictly prohibited.  If you have received this email in error please immediately notify the sender by telephone or by reply email to the sender.  You must destroy the original transmission and its contents.  It is recommended that you virus test the information and any attachments.  Matilda Internet does not accept liability for any loss or damage howsoever occurred as a result of this email transmission or any attachments to it.

From: Daniel Pearson [mailto:dpearson at pingco.com.au]
Sent: Wednesday, 23 October 2013 9:57 PM
To: AusNOG at lists.ausnog.net
Subject: [AusNOG] CryptoLocker Virus


Hi All,

Not sure if anyone else has come across this nasty piece of work.... Definitely worth everyone knowing about it. Already has caused havoc for a number of people I know. New versions look at network resources and delete *.bak, *.vbk etc... so even backups will become encrypted.

Anyway just thought I would make sure everyone is aware of it.

Regards,
DP
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131023/94f8fe88/attachment.html>


More information about the AusNOG mailing list