cryptolocker

I wasn’t sure where to post this, so I’m doing it here. I stumbled
across this reading a tech blog this morning: ‘CryptoLocker Ransomware
Information Guide and FAQ’
(http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

Apparently it’s a super nasty, data destroying piece of malware. It
mentions targeting mapped drives. Has anyone encountered it? I’m
assuming an infected Windows computer will be able to encrypt files on
the mapped drives, even if it’s mapped to an NSS drive. Ugh


imc

imc’s Profile: https://forums.novell.com/member.php?userid=346
View this thread: https://forums.novell.com/showthread.php?t=472010

On 24/10/2013 13:56, imc wrote:[color=blue]

I wasn’t sure where to post this, so I’m doing it here. I stumbled
across this reading a tech blog this morning: ‘CryptoLocker Ransomware
Information Guide and FAQ’
(http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)

Apparently it’s a super nasty, data destroying piece of malware. It
mentions targeting mapped drives. Has anyone encountered it? I’m
assuming an infected Windows computer will be able to encrypt files on
the mapped drives, even if it’s mapped to an NSS drive. Ugh[/color]

Pretty nasty, yes. It is a development of the FBI “ransomware” virus,
but stores its decryption key on the criminal’s webserver - failure to
pay up means your files stay encrypted, as does removing the virus
(and its reference to the correct key)

Not sure it would be able to see a Novell Client mapped drive - most
things running as system can’t (truecrypt, for example) so non-cifs
drives are probably safe.

Just FYI we have seen a CryptoLocker variant in 2014 that will encrypt
files on a NetWare NSS volume via a drive mapping from one infected
Windows desktop. Just FYI Cryptolocker is known to infect external
drives and thumbdrives as well, it will encrypt any data files that it
can see on any drive.


JOWood

JOWood’s Profile: https://forums.novell.com/member.php?userid=81623
View this thread: https://forums.novell.com/showthread.php?t=472010

On Sat, 11 Jan 2014 12:56:04 +0000, JOWood wrote:
[color=blue]

Just FYI we have seen a CryptoLocker variant in 2014 that will encrypt
files on a NetWare NSS volume via a drive mapping from one infected
Windows desktop.[/color]

It would, though - because as far as the OS is concerned, it’s just a
file on the drive. Something like CryptoLocker isn’t going to be trying
to do something crazy like write to the boot sector of a redirected
device.

Jim


Jim Henderson, CNA6, CDE, CNI, LPIC-1, CLA10, CLP10
Novell/SUSE/NetIQ Knowledge Partner

I just had this happen at one of our schools. We have a global
directory on the server that everyone has read/write access to and a
teacher has managed to infect it resulting in none of the files being
available. We dont run any kind of virus software on our novell boxes.


ddhottinger

ddhottinger’s Profile: https://forums.novell.com/member.php?userid=7800
View this thread: https://forums.novell.com/showthread.php?t=472010

Hi
Have you seen this?
http://www.geekwire.com/2014/new-site-whitehat-hackers-offers-free-fix-cryptolocker-malware-woes/


Cheers Malcolm °¿° LFCS, SUSE Knowledge Partner (Linux Counter #276890)
openSUSE 13.1 (Bottle) (x86_64) GNOME 3.10.1 Kernel 3.11.10-21-desktop
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below… Thanks!