back to article CryptoLocker creeps lure victims with fake Adobe, Microsoft activation codes

Miscreants have brewed up a variant of the infamous CryptoLocker ransomware that uses worm-like features to spread across removable drives. The recently discovered CRILOCK-A variant can spread more easily than previous forms of CryptoLocker. The latest nasty is also notable because it comes under previously unseen guises - …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Windows

    Bastards....

    Before the linux-tards fire off, we, the Windows users, know it only infects Windows based machines. Save your pointless comment highlighting this.

    More importantly, what is being done to apprehend the gang(s) behind this.

    It really highlights how INeffective the NSA et al is at stopping anything or anyone who knows how to use decent encryption.

    Most virus outbreaks are a "meh!" event. This one is a bit more serious. I know i have radically altered my own personal back up strategy.

    The 1st person to decrypt or obtain a master key (it WILL happen) will be a hero to a lot of people.

    **other thought creeps in: They have made this pass around P2P networks as software cracks for some products. Given that most "users" have no knowledge of circumventing copy protection and that it is "techies" who are more likely to have that knowledge and therefore the gumption to not spread the infection, seems a bit arse about tit to me. I usually find financial incentives give a bigger return...

    PS, My Zyxel NSA sets permissions on all files to read only at a hardware level. Wonder if cryptolocker etc can still encrypt em....

    1. Tim99 Silver badge
      Big Brother

      Re: Bastards....

      You do know that the NSA et al rely on the fact that it is a mess out there to keep a lower profile and hide in the rivers of crap to carry out their sacred work on keeping the free world 'safe'?

    2. Anonymous Coward
      Anonymous Coward

      Re: Bastards....

      > It really highlights how INeffective the NSA et al is at stopping anything or anyone who knows how to use decent encryption.

      Why the fuck should the NSA do anything about it? It isn't their job, their job is to provide intelligence. Try the FBI instead.

      1. Anonymous Coward
        Anonymous Coward

        Re: Bastards....

        It would be Scotland Yard in my case. Either or, its the NSA at the forefront of snooping/cracking encryption.

        1. Anonymous Coward
          Anonymous Coward

          Re: Bastards....

          This has sod all to do with the FBI, NSA, Scotland Yard or any other government body. This is not a national security threat, it's a threat to those who want something for free. Want a copy of Adobe or MS software (although heaven knows why you would), then pay for it, threat gone.

          1. Anonymous Coward
            Boffin

            Re: Bastards....

            @Chris - "This is not a national security threat, it's a threat to those who want something for free."

            Other variations have been spread through email, by a supposedly "trusted" email partner.

            So no, this is not about the evils of downloading pirated software.

            1. Anonymous Coward
              Thumb Down

              Re: Bastards....

              >Other variations have been spread through email, by a supposedly "trusted" email partner.

              Oh, yawn, we are talking about this variation.

              Also your big mistake is that you are confusing the method of initial propagation with payload. Those emails could still promise to unlock software.

              1. ElReg!comments!Pierre

                Re: Bastards....

                This story has fuck all to do with software piracy; the fuckers disguised their nasty as oft-downloaded stuff, is all.

                Although I do seem to struggle to gather any significant amount of sympathy for people who try and download cracked MSOffice copies: it hurts the competition. Just get OpenOffice or LibreOffice or any other in the myriad of open source office software around, it's not like there's a shortage.

                1. Anonymous Coward
                  Anonymous Coward

                  Re: Bastards....

                  "Just get OpenOffice or LibreOffice or any other in the myriad of open source office software around, it's not like there's a shortage."

                  Some of us need a version of Office that actually works. Microsoft Office is the only option in that case....

                  1. ElReg!comments!Pierre

                    Re: Bastards....

                    > Microsoft Office is the only option in that case...

                    Ignoring the obvious troll*, people who feel they absolutely need MSOffice should be made to buy it. I'm sure it would go a long way towards re-evaluation of one's perceived needs. Hey, you may even go as far as actually trying an alternative instead of spouting nonsense on El Reg.

                    And spare us the "we have mission-critical VBA macros at work" crap. If that's the case get your employer to pay for the turd it forces on you.

                    *I'm pretty sure you could even do with Vim -and a few scripts- whatever it is you're doing with MSOffice, and more. Well, maybe _you_ couldn't, but that doesn't tell much about MSOffice vs the competition now does it?

                    1. Anonymous Coward
                      Anonymous Coward

                      Re: Bastards....

                      Last time I tried open office, which wasn't very long ago, it couldn't handle correctly something as simple as a table which spans multiple pages. My wife needs something which works properly and I need something which doesn't make her call me every five minutes to tell her how to do whatever. Open/Libre office is barely more than geek material, normal users don't want to jump through hoops just to write a document.

                      1. ElReg!comments!Pierre

                        Re: Bastards....

                        > Last time I tried open office, which wasn't very long ago, it couldn't handle correctly something as simple as a table which spans multiple pages.

                        I don't use OOo anymore; in 2007 I was using it and it handled multipage tables perfectly (although I do remember wrestling a bit with ODBC connections, that needed to be reset sometimes for no apparent reason). Back then it was significantly better than MSOffice for big tables (or anything big at all, really). Object anchoring worked a little differently from MSOffice which led to minor trouble for collaborative work with people who used MSOffice, but OOo's way meant that I was able to do overlays that MSOffice couldn't do, so I ended up finalizing documents for MSOffice users from time to time. On the other hand OOo's GUI was a bit ugly at that time. I'm told it improved.

                        I also wrote a couple technical reports on Abiword and Gnumeric back when they were definitely feature-light (2003? I don't recall precisely) because I was temporarily sans desktop computer and that's what was intalled on the students' room iMac; I'm pleased to let you know that the end result was pretty good (certainly not LaTEX-grade but at least as good as MSOffice).

                        One's failure to use a tool is not necessarily the tool's fault.

                        1. Anonymous Coward
                          Anonymous Coward

                          Re: Bastards....

                          You can argue as much as you like but if a normal user cannot do what they want then the tool is not suitable for general use. As I said, fine for geeks, for general use it isn't, and it's no good saying that if a normal user wants to do something then they should learn a whole new way of working to fit the tool. If OO wants to compete with Word then it should be be transparent to the user, it isn't, it's as simple as that.

                          1. ElReg!comments!Pierre

                            Re: Bastards....

                            > If OO wants to compete with Word then it should be be transparent to the user, it isn't, it's as simple as that.

                            I don't think OOo wants to "compete" with MSWord. I am no LaTEX fan but I don't think LaTEX wants to "compete" with MSWord either.

                            You could argue that since you are used to MSWord, you'd rather use it. And if you did, I'd agree with you. But you did not; instead, you claimed that the alternative is bad, because you, personnally, fail at using it. That is particularly weak. OO may not be transparent, but your argument , on the other hand, is.

              2. Old Handle

                Re: Bastards....

                > Oh, yawn, we are talking about this variation.

                And this variation also spreads by USB stick. The same method that that has brought malware into military and nuclear sites in the past.

          2. Anonymous Coward
            Anonymous Coward

            Re: Bastards....

            It's not a threat until this trojan ends up on the computer of someone important.

          3. JohnG

            Re: Bastards....

            "This has sod all to do with the FBI, NSA, Scotland Yard or any other government body. This is not a national security threat, it's a threat to those who want something for free."

            Regardless of the actions/intentions of the victims, this is extortion or fraud and it is a criminal offence/felony, so the relevant authorities in the UK or USA are interested:

            http://www.actionfraud.police.uk/cryptoLocker-alert-update-dec13

            http://www.fbi.gov/washingtondc/news-and-outreach/stories/cryptolocker-ransomware-encrypts-users-files

            1. Anonymous Coward
              Anonymous Coward

              Re: Bastards.... @JohnG

              "Dear mr police officer I was trying to crack the authorization on photoshop and these nasty people pawned my PC.", well tough titties. I'd rather the police were out tackling real crime not sorting out some mess a freetard has got themselves into.

      2. RobHib

        @A.C. -- Re: Bastards....

        Perhaps so. But the NSA could well do with some brownie points at the moment. Nuking these bastards would well do it.

        Rest assured it would.

    3. Hans 1
      Coffee/keyboard

      @ cornz 1 Re: Bastards....

      >PS, My Zyxel NSA sets permissions on all files to read only at a hardware level ...

      What? You mean you used the "read-only" switch on your sd card/usb stick ? rofl.

      There is no other such thing at "hardware" level to force "read-only" and switching the previously mentioned button/slider can certainly not be done by software.

      What you mean is, your NAS shares files read only .... cool feature, mate ... means you cannot modify them either, then, ehhh ? Uuuuuuseful NAS ....

      BTW, your zyxel NAS most certainly runs on Linux anyway ... and you call us "linux-tards" sporting the tramp icon .... wow, classy!

      1. Anonymous Coward
        Anonymous Coward

        Re: @ cornz 1 Bastards....

        @Hans1.

        I asked for clarification and the windows icon is because I use windows. I like it...

      2. Anonymous Coward
        Anonymous Coward

        Re: @ cornz 1 Bastards....

        >There is no other such thing at "hardware" level to force "read-only"

        HWB work with writeable media of all types......they are usually required for forensic work - else you might alter or destroy evidence.

    4. Yet Another Anonymous coward Silver badge

      Re: Bastards....

      I assumed that the NSA were behind this.

      Since we all know that software piracy funds terrorism, drug smuggling and kitten abuse - then surely it's the job of the squared jawed patriots as the NSA to target users of illegal software sites

    5. This post has been deleted by its author

    6. tom dial Silver badge

      Re: Bastards....

      I see no reason to expect there should be a "master key" at all. RSA key pairs are easily enoug generated that every victim could have his very own pair.

  2. This post has been deleted by its author

    1. Anonymous Coward
      Anonymous Coward

      Re: Bye Bye BitCoin

      It's partly the fault of PayPal and banks for blocking Wikileaks donations and the like.

    2. ElReg!comments!Pierre

      Re: Bye Bye BitCoin

      > Without untraceable BitCoin, the culprits being CryptoLocker would struggle to collect their cash.

      Nonsense. Ransomware is not new, they use a lot of different methods to collect money like pre-paid credit cards, Western Union, and pretty much anything else that cannot be easily traced.

      1. Nigel 11
        Flame

        Re: Bye Bye BitCoin

        Bitcoin is not untraceable. It's perfectly traceable for all time: that's what the blockchain is! trouble is, it would take someone with the resources of a whole nation to actually follow the trail (and then it would probably dead-end at a corrupt exchange where the traceable bitcoins were turned into untraceable cash).

        Personally, I think that we should impose consecutive sentences on anyone proved to be responsible for deliberately destructive malware. Let's be generous, say just one day per victim of extortion. Destroy 36500 or more computers with your malware, and go to jail for life. Other countries might prefer to hang them, and I'd not be particularly bothered if they do. Less so than about many murderers. There are people losing their livelyhoods by the thousands because of acts like these, and I'd bet that there will have been suicides (plural, probably tens of) as a consequence. Yes I know that everything should be stored on servers run by professionals who make nightly or hourly read-only snapshots of their filesystems, but in the real world there are very many small businesses who don't have any IT staff at all (but still rely on a few PCs).

        Yes, I'm ranting, so I'll stop.

        1. Rol

          Re: Bye Bye BitCoin

          I'd be happy to read page after page of your rant, as I agree wholeheartedly with you.

          My PC is my TV, my radio, my video recorder, my library of books, films, photographs and much much more. To lose them would be devastating and suicide would definitely be a consideration, so yes, when these destroyers of lives are found, I hope it's in a country that has a more balanced approach to human rights, instead of the insanely screwed up mess we have in the UK, where the human rights of the defendant gets consideration before those of the victims.

          1. Intractable Potsherd

            Re: Bye Bye BitCoin

            No criminal law system should put the victim before the accused. The whole point of criminal law is to remove the effect of the crime on the victim to bring some level of predictability into the law. Current moves to bring the victim into sentencing decisions have some small merit, but run contrary to many centuries of established law. If you want the victim to be considered, you need to be arguing for an Anglo-Saxon style, purely private legal system.

  3. Rol

    Fearlessly going where no sane person would tread.

    Quite easy really if you multi-boot. I have several versions of MS and Linux, each one fit for a purpose.

    Some are one use only and are overwritten using a never before loaded os. Others are used perpetually, but either have the LAN cable pulled out, made easier by having an extension coupling running just under my screen or I'm very specific in where I will and will not use them.

    Non of the flavours rely on a multiboot grub screen, instead the computer boots into whatever drive is turned on, which also makes for a far easier o/s upgrade.

    If I'm transferring MS files, it's done using a Linux OS, so I can better see if something is amiss.

    All my drives are readily removable and everything is backed-up, again using a virgin os.

    I understand perfectly the risks, well, what I mean is, I am too poor to be risk averse.

    My only fear is a Bios attack, so that too goes to the cleaners before it gets sight of my precious data.

    Yes OTT it is, but seeing as my pc is central to my work and play, I'm not ready for a life without it just yet.

  4. Old Handle

    If it successfully executes, CryptoLocker encrypts the contents of a hard drive and any connected LAN drives before demanding payment of up to 2 Bitcoins (payable within 72 hours) for a private key needed to decrypt the data.

    Is that correct? They're asking for 2 Bitcoins again? That's about $1500, which seems like an awfully high ransom especially since the new propagation methods look like they're aiming more at home users.

    1. lorisarvendu

      Pay close attention to the words. "Up to".

  5. Anonymous Coward
    Anonymous Coward

    Adobe4Numpty

    In fact, when it comes to indesign or acrobat, you can download the trial, hack out the DRM and use it for free or download gimp and inkscape - no DRM to remove or dodgy keygenerator to trust. Why are ppl using key generators ????????

    Worse, guess what ? Apparently, a great number of numpties prefer downloading over-bloated, unstable pieces of junk, hack out the DRM or use a dodgy key generator than use sensible free alternatives ... go figure ... then you wonder why they get infected ? I don't ...

    In fact, inkscape does a much better job than indesign or acrobat at producing publishing-worthy PDF's or EPS's.

    MS Office ? Who in their right mind uses MS Office without pressure from a window cleaner turned CTO ?

    1. RAMChYLD

      Re: Adobe4Numpty

      Thing is, Gimp is "too unlazy". To create outlined text, I have to create a mask from the text, grow the selection by a selected number of pixels, create a new layer, manually fill the layer in, and then adjust the layer position. On Photoshop, it can be done by just selecting the text and using the text effects tool.

      And Dreamweaver is still years ahead of the best webpage designer software for Linux (come to think of it, the only designer I've ever used under Linux was Seamonkey's composer, and that one's so basic that you can only create static webpages- a stalled legacy from Netscape Gold that was never improved upon). The only other designers I've heard of are text based with no WYSIWYG abilities.

      And don't get me started about creating Flash movies in Linux. Unless you care to enlighten me on a tool in Linux that allows me to create Flash files and then possibly export it to AVI or MP4?

      Not that I'm supporting Microsoft or Adobe. I actually advocate Linux and have converted three people, and have no less than three Unice boxes (two Linux and one OpenBSD). I've already dumped Photoshop for Gimp and Illustrator for Inkscape. The problem here is, there's just no equivalent in some applications, and in others (my example being Gimp), it's just harder to do something. I also don't like flash-filled sites that are unusable on an iPad either, but then there's no other way I know of to create super-surreal videos set to strange foreign music for my own amusement under Linux. Scratch? I wanted to give it a try, but it doesn't work for me- something about PulseAudio crashing it.

  6. John Smith 19 Gold badge
    Unhappy

    So what can be done to nobble the Crypto API ?

    And is it in normal use for most people but they don't realize it?

    I know, that won't help you if your gigs of stuff have turned into unusable rubbish.

    But it might help the next person.

    1. Adam 1
      Unhappy

      Re: So what can be done to nobble the Crypto API ?

      If only it were that simple. If the Crypto API was nobbled, it would break the ability to perform authentication (validating password hashes for logins / network shares) and break the ability to generate and validate session keys (https). It would also break any application relying on the API (usually random number generation, encryption for secure data transfer or hashing).

      Additionally, it would be ineffective because there are countless libraries that provide the same functionality. It would increase the payload size of the malware by a few hundred KB but that is about all.

  7. Anonymous Coward
    Anonymous Coward

    Re. master key

    Had an idea to use an array of quad core modified AMD laptop boards, to make a Beowulf cluster.

    The main issue is going to be cooling, to keep 30 boards running flat out with 60W apiece would be a hell of a lot of power to say the least.

    So far the "plan of attack" is to use the 64 qubit DIY quantum computer to get near to the correct key, then the cluster to "home in" on the right one.

    Estimate it would take about a week per key, which is still pretty good and every one I find gets me closer to a universal "fixit stick" that would work on all C-L variants.

    Apparently the algorithm it uses can be reversed using the original victim's hardware it was encoded on which reduces the keyspace quite a bit.

    1. tom dial Silver badge

      Re: Re. master key

      1. 30 boards x 60 watts is the same as the input to my four slice toaster and would cost about $0.18 per hour, not unmanageable. That would put your estimated recovery cost at a bit over $30 per key.

      2. RSA 2048 bit key generation time on my laptop is a hair under 0.3 seconds, over 2 million times as fast as your estimated decryption, about which I have serious doubts. in any case.

      3. Of course "the algorithm it uses can be reversed using the original victim's hardware" - once the victim has the private key. This fact has nothing at all to do with the size of the keyspace.

      1. Anonymous Coward
        Anonymous Coward

        Re: Re. master key

        What I meant was that the original key is generated using a pseudorandom seed that can be uniquely located to the victim's machine, possibly based on the CPUID, MAC addresses of the network and wifi cards, Windows key and motherboard BIOS serial number.

        As this doesen't normally change much it can be used to reduce keyspace to manageable levels.

        The 64 bit QC I am working on at the moment can be scratch built with about £100 worth of parts and uses off the shelf hardware, however some of the more exotic components may require creative thinking to locate.

        I hope to have it working in about three weeks, depending on needed funding, time AND whinging SWMBO who is convinced I am "Madder than a bag of snakes" for even attempting to build such a thing.

        :-)

        Is there some sort of award if I succeed with this venture?

  8. psychonaut

    foolishit

    Crypto prevent from foolishit. Its free.

  9. Anonymous Coward
    Anonymous Coward

    there's an up side

    yes, there's misery, and, judging from various forums, a steady flow of bitcoins flowing one way to unlock the files. But through the media hype, a sensible message seems to get through: do your backups, update your antivirus. The battle of common sense (backup) v. human nature (shit happens to others) can't be won. But a round or two, to last some time, can't be a bad thing.

    p.s. it's interesting to watch how antivirus vendors play this scare / threat: we can do fuckall about the encryption but yes, our software CAN detect the threat.

  10. Ben Bonsall

    Cunning way of MS and adobe to get a license fee out of people looking for a crack... I wonder if you actually get a product key after paying the ransom. Adobe CS6 costs about 2 bitcoin... as does server 2012 with 4 CALs

  11. Franklin

    It's not just P2P. I received a text message yesterday on my phone advertising "free Microsoft Office" and a URL, which I knew instantly had to be either a phish or malware. Visited the site (from a disposable *nix VM, naturally), and yup, shore 'nuf, it downloaded Cryptolocker. No surprise there.

    The advertising it via text messages is new, though.

  12. Ed_UK

    I look forward to reading of the arrest of these crooks

    and what happened to their testicles.

  13. lorisarvendu

    Apart from the author of "Paunch", when has a Malware author ever been tracked down and arrested in recent years? Don't hold your breath.

This topic is closed for new posts.

Other stories you might like