Slashdot Mirror

← Back to Stories (view on slashdot.org)

Many Australians Forced To Pay For "Unbreakable" Cryptolocker Ransomware

Posted by timothy on from the long-walk-short-plank dept.

An anonymous reader writes: Australians are paying thousands of dollars to overseas hackers to rid their computers of an unbreakable virus [Cryptolocker]. The deputy chairwoman of the Australian Competition and Consumer Commission, Delia Rickard, said over the past two months there had been a spike in the number of people falling victim to the scam. The commission has received 2,500 complaints this year and estimates about $400,000 has been paid to the hackers. Bad news for Australians: this is just one of many targetting the country.

4 of 148 comments (clear)

  1. Re:Every customer of mine by dwywit · · Score: 4, Informative

    Oh, bloody hell.

    Cryptoprevent from FoolishIT

    --
    They sentenced me to twenty years of boredom
  2. Re:Every customer of mine by dbIII · · Score: 4, Informative

    I'm sort of curious how this ransomware is being executed by clicking on a single link in an e-mail

    How?
    "Outlook not so good."
    Actually it's the combination of MS Outlook and IE that have such a "feature" for convenience. All it takes is for IE to be directed to the site and it helpfully runs the malware - no questions asked.

    Some of the emails have been from the tax office (equivalent to IRS), some have been about package deliveries with a tracking link and others have been about speeding fines. They are aimed squarely to catch people who are not idiots, just not as paranoid about computers as is required these days.

    There have been a few articles about it over the last year apart from the article linked above.

  3. Comment removed by account_deleted · · Score: 3, Informative

    Comment removed based on user account deletion

  4. You can typically get *some* data back... by iMouse · · Score: 3, Informative

    CryptoWall/CTB-Locker/Cryptolocker (or whatever the variant's name is this month) seems to have difficulty with or is rather slow at getting to data stored in the container for the Volume Snapshot Service. For businesses that do not allow their users to run as administrators (or have them elevate from a privileged account), they can typically restore a reasonably recent snapshot of data folder by folder using the Previous Versions option.

    If the user is an admin, I've found that the window for recovery using VSS is smaller, but certainly better than nothing. Network shares should be restored from backups or VSS from the server (if Windows). I haven't figured out what to do with flash drives quite yet....even most data recovery software doesn't find much since the files are never really erased, just overwritten with encrypted copies.