Archive for October 2013

Beware of Cryptolocker Malware


 What is Cryptolocker?

It seems a new breed of ransomware is making its rounds around the Internet. Its called Cryptolocker. This new variant/ransomware is particularly damaging because it encrypts the files on your PC such as Word Documents, Pictures, Spreadsheets, etc with very strong encryption which makes it nearly impossible to recover your files. What makes it worse, is that once infected Cryptolocker will not only encrypt files on your hard drive, but it will also scan for any mapped Network drives, Samba/Windows Shares, and if it has access will encrypt files on those as well.

From the Bleeping Computer Cryptolocker FAQ:

CryptoLocker will then begin to scan all physical or mapped network drives on your computer for files with the following extensions: *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c. When it finds a files that matches one of these types,it will encrypt the file using the public encryption key and add the full path to the file and the filename as a value under the HKEY_CURRENT_USER\Software\CryptoLocker\Files Registry key.

Read more »

Post navigation

Total Pageviews