bloody bloody cryptolocker bloody

Discussion in 'Business & Enterprise Computing' started by Joshhy, Sep 12, 2014.

  1. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,420
    Location:
    Narrabri NSW
    None of the free decrypters appear to be usable with the variant we're dealing with today, but Dr Web managed to decrypt a sample file we sent them.
     
  2. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,156
    Location:
    Canberra
    AGL Crypto email is going around this week like wildfire.

    As far as i can tell you get a link, which looks very legitimate and there is a captcha, then you download a zip and then you're fucked.

    5th client this week.
     
  3. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,306
    moar details? I've had a quick look and can't see anything being trapped.
     
  4. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,156
    Location:
    Canberra
    Haven't actually had it pass through my spam filter yet.

    These are clients without spam filtering
     
  5. Sphinx2000

    Sphinx2000 Member

    Joined:
    Sep 16, 2001
    Messages:
    9,510
    Location:
    Brisbane
  6. Sphinx2000

    Sphinx2000 Member

    Joined:
    Sep 16, 2001
    Messages:
    9,510
    Location:
    Brisbane
    ...and one of my customers just got hit by it. :mad:
     
  7. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    42,813
    Location:
    Brisbane
  8. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,498
    got hit with it at two sites today.

    one of which was mine. :)

    in our case the person who clicked the link says she didn't see anything happen.
    and yet, crypto happened.
     
  9. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,745
    Location:
    3350
    You using a perimeter UTM in conjunction with Umbrella or just Umbrella?
     
  10. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    42,813
    Location:
    Brisbane
    Currently just OpenDNS as a forwarder, with all other DNS access blocked. Purely a cost thing at this point (getting dollars towards security falls under the "selling potential to bean counters" problem I keep ranting about elsewhere).

    It's just step one. We're getting more and more requirements pushed down on us from bigger companies and industry groups we work with, so I'm using that as justification for these costs in order to protect these people from themselves.

    I'd love UTM, and a bunch of other stuff. But we've got a long way to go yet.
     
  11. scrantic

    scrantic Member

    Joined:
    Apr 8, 2002
    Messages:
    1,745
    Location:
    3350
    I used opendns for many years at one of our sites. Put in Sophos UTM about 12 months ago but might invest in Umbrella as a second layer of protection.
     
  12. tin

    tin Member

    Joined:
    Jul 31, 2001
    Messages:
    6,420
    Location:
    Narrabri NSW
    3 customers came to join our crypto party this week (while I was away on holidays). Is the AGL one doing some sort of drive-by infection? Or are people still effectively manually installing these viruses?
     
  13. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,156
    Location:
    Canberra
    the email actually looks like a bill...
     
  14. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    42,813
    Location:
    Brisbane
    These crytpo-kiddies are raking in the big bucks now. Wouldn't be hard for them to pay a poor UK/US/AU arts student to spell and grammar check their stuff.
     
  15. mareke

    mareke Member

    Joined:
    Jun 1, 2003
    Messages:
    7,682
    Location:
    Sydney, NSW
    It would only look that way to me if I was with AGL and even then if it contained a zip file I'd delete it as energy billing companies send bills as PDF files not zip files.

    I see a preview of my emails before downloading them using a program called Mailwasher Pro and I probably delete half the emails in the preview that are spam or other garbage that I'm not interested in. If I see any suspicious looking email in the preview I go to my Post Office account at my ISP (TPG) and I log in and have a closer look. Then on confirming that the suspicious looking email with an attachment probably contains a virus I delete it. I haven't used an anti-virus program for a couple of years. If a virus did slip through I have Acronis images and backups of my important files on other hard disks including external ones. The bastards won't get me!
     
  16. Bravs

    Bravs Member

    Joined:
    Feb 13, 2012
    Messages:
    264

    What would happen if you open this on a smartphone?
     
  17. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,498
    try it out and report back your findings.
     
  18. dicer

    dicer Member

    Joined:
    Jul 20, 2003
    Messages:
    1,034
    Location:
    Melbourne
    Just had 2 clients in 2 days ripped by this AGL email cryptolocker.

    edit: Would you believe...3!
     
    Last edited: Jun 2, 2016
  19. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,156
    Location:
    Canberra
    AGL currently requests its users to download bills from the email.

    You're right that they do deliver PDF files (not zips). The actual affected website even pulls content from the real AGL site to draw their fake one.

    This is easily the most convincing Ransomware Phishing email i've seen in my time in IT. It is going to get a *shitton* of people.
     
  20. qwertylesh

    qwertylesh Member

    Joined:
    Aug 21, 2007
    Messages:
    8,884
    Does cryptoprevent still work for these new variants?
     

Share This Page

Advertisement: