1. If you're receiving a message that you are banned from the Current Events or Politics forums, it's not you specifically: those forums have been hidden for all users. For more info, see here.
    Dismiss Notice

bloody bloody cryptolocker bloody

Discussion in 'Business & Enterprise Computing' started by Joshhy, Sep 12, 2014.

  1. looktall

    looktall Working Class Doughnut

    Joined:
    Sep 17, 2001
    Messages:
    26,663
    you should try working with scienticians.
     
  2. Falkor

    Falkor Member

    Joined:
    Jun 27, 2001
    Messages:
    4,095
    Location:
    Sydney
    You say that like it ever stopped? In my experience they are constantly being sent, I see them daily getting blocked to my users same with dodgy supboena emails
     
  3. shredder

    shredder Member

    Joined:
    Dec 26, 2001
    Messages:
    13,969
    Location:
    New Zealand
    Engineers aren't great either.

    I'd wager to say that any given professional fraternity greatly values itself over any adjunct services. That's just the way they are. Their chosen profession evidences that which they decree to be the most important thing in the world.
     
  4. Falkor

    Falkor Member

    Joined:
    Jun 27, 2001
    Messages:
    4,095
    Location:
    Sydney
    Fair enough, I work for a very well known hospitality group so we are targeted quite a bit.
     
  5. rainwulf

    rainwulf Member

    Joined:
    Jan 20, 2002
    Messages:
    4,275
    Location:
    bris.qld.aus
    its back to phishing now, there is a run of telstra "refund" emails and dropbox "authenticate here" emails now.

    An email a customer got had a drop box "sign on" link to a page on a hacked server that had logos for yahoo, dropbox, outlook, google, and probably 4-5 other "services" so you can get your file.

    I mean yahoo right? who the fuck even knows that yahoo is still around...
     
  6. Sphinx2000

    Sphinx2000 Member

    Joined:
    Sep 16, 2001
    Messages:
    9,875
    Location:
    Brisbane
    Not sure if already posted, new Federal Police variant now doing the rounds - looks similar to the AGL one / probably same payload..

    [​IMG]
     
  7. BlueRaven

    BlueRaven Brute force & optimism

    Joined:
    Jul 29, 2010
    Messages:
    5,283
    Location:
    2076
    "You are invited to the presiding judge by the judge because of law violation".

    "Savvy user" filtration techniques in full use I see. Pretty sure that if the AFP want you in court they don't "invite" you, they issue a summons or subpoena.
    Interesting to think about the sort of people this "invitation" might trick, and the likelihood of them following through with payment (or getting brutally skimmed).

    Does the unsubscribe link point to the same URL as the print button, or something different? Could be an effective way of catching a few extra with a different payload.
     
    Last edited: Aug 24, 2016
  8. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    44,855
    Location:
    Brisbane
    Quite fascinating to see them targeting certain groups this way.

    Although I read a great article the other day about some dude who was genuinely computer/security savvy, and fell for one of these just due to sheer distraction. He was moving office over the weekend, and buying and selling a bunch of stuff on eBay. A message came in, he clicked, lo and behold he got stung. It just looked like another message in the noise, and he didn't take the 3 seconds required to think about it.

    Goes to show it's hard to be wary when you're weary (sorry, I couldn't resist that).
     
  9. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,531
    Location:
    Brisbane
    I know of a person who does phishing email testing as a major part of their job completely falling for one. Same story, distracted and just opened it without thinking. Whenever someone says to me "yeah but they're all tech savvy here" I say "yes but they haven't always had their coffee before doing emails." Shit happens unfortunately
     
  10. NSanity

    NSanity Member

    Joined:
    Mar 11, 2002
    Messages:
    18,383
    Location:
    Brisbane
    Rookie mistake imo
     
  11. millsy

    millsy Member

    Joined:
    Mar 31, 2007
    Messages:
    13,531
    Location:
    Brisbane
    :lol: I cannot disagree there
     
  12. ex4n

    ex4n Member

    Joined:
    Oct 5, 2011
    Messages:
    2,202
    Location:
    Perth
    I've been hearing of loads of people in perth getting hit by the crysis ransomware, hacked RDP accounts (brute force) dialing home weeks after being compromised and executing the ransomware overnight. It even encrypted the shadow protect backups of a potential new client :) They don't even want a ransom it's purely malicious. Sadly I've become really quite good at identifying and removing these after a few years of doing it around once a month for somebody.
     
  13. PabloEscobar

    PabloEscobar Member

    Joined:
    Jan 28, 2008
    Messages:
    14,610
    HTTPS inspection FTW.
     
  14. rainwulf

    rainwulf Member

    Joined:
    Jan 20, 2002
    Messages:
    4,275
    Location:
    bris.qld.aus
    Offsite backups!!!

    Recovering data RIGHT NOW of a client hit by the AGL one. Backups are inaccesible to the lan... just copying the data back, problem solved.
     
  15. ex4n

    ex4n Member

    Joined:
    Oct 5, 2011
    Messages:
    2,202
    Location:
    Perth
    haha we have offsite backups for all our clients who are prepared to pay for it (except those poor bastards on ADSL, but i offer them a rotating drive service at least). this client came to us today for advice as they were basically fucked yesterday and their current IT couldn't do anything.
     
  16. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,556
    Location:
    Brisbane
    When the guy who ran cryptolocker last week asks if you can find some files from 1998 (13 years before we had any association with the business) that he has no idea where they might have been located...

    :thumbup::thumbup:
     
  17. sammy_b0i

    sammy_b0i Laugh it up, fuzzball!

    Joined:
    Jun 29, 2005
    Messages:
    4,491
    Location:
    ACT 2913
    Bahahaha. Poor sod.
     
  18. elvis

    elvis Old school old fool

    Joined:
    Jun 27, 2001
    Messages:
    44,855
    Location:
    Brisbane
    1998: "I'm not spending all this money to back up data for 20 years!"

    2016:
     
  19. bubblegoose

    bubblegoose Member

    Joined:
    May 18, 2007
    Messages:
    4,508
    Location:
    Molesworth - Tasmania
    I had a user yesterday create a ticket because they weren't able to open a file attachment that they needed to access.

    It was an AGL email, and we don't even have our power with AGL, why is she trying to open the bill?? Luckily our antivirus was able to nuke it before she could open it multiple times... :(

    My faith in end users is at an all time low...
     
  20. 7nothing

    7nothing Member

    Joined:
    Feb 15, 2002
    Messages:
    1,556
    Location:
    Brisbane
    We typically apply software restriction policies to block executables within userprofile, where requested, we have a local user configured to allow end users to install software.

    One of them was clever enough to follow our instructions on saving an exe to a location outside his profile and running it as the local account. The exe was of course a virus.

    Much worse. Geologist.

    From years dedicated to working with rocks, they inherit a rock like ability for comprehension and decision making.
     

Share This Page

Advertisement: