[AusNOG] Fwd: CryptoLocker Virus

Dean Bird de at nbird.com.au
Thu Oct 24 10:17:31 EST 2013


We have had extensive dealings with this virus with about 5 customers being
hit with it in one day. We have a batch script which can be run over the
machine to identify if the virus is on the machine.


---------- Forwarded message ----------
From: Mike Manning <mike at matilda.net.au>
Date: Thu, Oct 24, 2013 at 9:10 AM
Subject: Re: [AusNOG] CryptoLocker Virus
To: "AusNOG at lists.ausnog.net" <ausnog at lists.ausnog.net>


 I know someone who got this on their Win2k3 SBS Server – got in via the
RDP vulnerability using brute force before it was made known – they
encrypted every single document, pdf, qbw, jpg etc.. deleted all backups
and demanded $2500 to send the “password” for the files which wasn’t going
to happen (reading up reports they never send the password anyway) – they
ended up losing pretty much everything.  It’s a nasty nasty piece of work..
They have since changed their RDP port from 3389 to something way up high,
plus upgraded from server 2k3.  There’s a lot of “fake” variants of the
ransomware floating about as well that comes in via emails.. combofix does
a good job at those ones though.****

** **

*Mike Manning*
*Senior Technician*

*Matilda Internet*
________________

(Telephone +61 7 4953 0711
(Fax +61 7 4953 0717
29 Gregory Street, Mackay, QLD 4740, Australia
* Email mike at matilda.net.au
Website www.matilda.net.au


This email and any files transmitted with it are confidential and are
intended solely for the use of the individual or entity to whom it is
addressed.  If you are not the recipient be advised that you have received
this email in error and that any use, dissemination, forwarding, printing
copying or use of the contents contained in this e-mail and any file
attachments is strictly prohibited.  If you have received this email in
error please immediately notify the sender by telephone or by reply email
to the sender.  You must destroy the original transmission and its
contents.  It is recommended that you virus test the information and any
attachments.  Matilda Internet does not accept liability for any loss or
damage howsoever occurred as a result of this email transmission or any
attachments to it.****

** **

*From:* Daniel Pearson [mailto:dpearson at pingco.com.au]
*Sent:* Wednesday, 23 October 2013 9:57 PM
*To:* AusNOG at lists.ausnog.net
*Subject:* [AusNOG] CryptoLocker Virus****

** **

** **

Hi All,****

** **

Not sure if anyone else has come across this nasty piece of work….
Definitely worth everyone knowing about it. Already has caused havoc for a
number of people I know. New versions look at network resources and delete
*.bak, *.vbk etc… so even backups will become encrypted.****

** **

Anyway just thought I would make sure everyone is aware of it.****

** **

Regards,****

DP****

_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net
http://lists.ausnog.net/mailman/listinfo/ausnog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20131024/18f030c7/attachment.html>


More information about the AusNOG mailing list