[AusNOG] CryptoLocker Virus

Matt Palmer mpalmer at hezmatt.org
Thu Oct 24 18:14:59 EST 2013


On Wed, Oct 23, 2013 at 11:10:32PM +0000, Mike Manning wrote:
> I know someone who got this on their Win2k3 SBS Server - got in via the
> RDP vulnerability using brute force before it was made known - they
> encrypted every single document, pdf, qbw, jpg etc..  deleted all backups

I'm somewhat surprised that it isn't a more widely-broadcast best practice
to ensure that the machine being backed up has no capability to modify the
existing backup sets.

> and demanded $2500 to send the "password" for the files which wasn't going
> to happen (reading up reports they never send the password anyway)

My (admittedly relatively thin) experience in this area is that they *do*
cough up the password, because then they can do it to you again next month
and you'll probably pay up again.  If they stiff you this time, you probably
won't cough up the dough in the future.  Chickens/eggs vs pigs/bacon and all
that.

- Matt




More information about the AusNOG mailing list