Skip to main content

It's been awhile

I am glad to announce that we were featured on PCWorld, one of the greatest computer magazines in the world.

My old computer screen is dead, and I am using my phone to reply emails and update this blog. That's why I can't always reply quickly and why I ask for donations. Anyway...

Cryptolocker and CryptoDefense have proven to be a highly profitable business warped around the anonymity of cryptocurrencies and the TOR network. You can expect more of this resurgent type of malware to sweep the Internet and spread as wildfire and, as you are reading this article, someone is writing the next cryptovirus that will enter the scene tomorrow; and I am not joking. The only fireproof measure against these nasty threats is backup using non-rewritable media such as DVD-R's and Blueray disks. Cloud storage such as Dropbox seemed safe at first glance but vĂ­ctims also reported they have lost their files there.

To make matters even worse, some victims also reported being hit by two cryptoviruses. This means that they had to pay twice to get their files back. Can you imagine what will happen when more of these viruses emerge in the near future? Go figure...

There is little (to say the most) Antivirus software can do once your files have been encrypted simply because removing the malware will not return your data to its original form unless you have the key. So, better be prepared than sorry: Backup tour files.

I'll update this blog soon... Keep in tune!

Comments

Popular posts from this blog

Wana Decryptor / WanaCrypt0r

Alright, guys. This is a tough one: However, there's no reason to claim it's impossible to decrypt victims data. These idiots always let something slip through their fingers. Their servers might be found and keys restored to their respective victims. Errors might be found in their code, their key encryption scheme may have some weakness, etc. Let's just let the experts find a way out. By the way, if you want to temporarily protect your PC from this malware, you may do this.

Good News (part 2)

Hey guys! After some -lot of- research and reverse-engineering, I decided to create a video which explains how to recover the private keys via a sniffer. Mind you, in some countries (United States and the United Kingdom and some countries in the European Union), ISPs are requested by law to retain data for over a year or so. Therefore, the authorities are able to retrieve the information (metadata) you sent and received anytime, including the day you got infected. It isn't hard for them to do, but that of course implies a long judicial process. Instead of paying the crooks, try to get in touch with the police and point out the existence of this law. I am also working on a program to to brute-force the key based on  parameters found inside the victim's computer  which I won't disclose right now. It appears that although the 2048 bits is certainly strong, they used a weak seeding which is quite simple and a brute-force attack can be performed within an manageable

Update: CryptoDefense rebranded to CryptoWall

After the fortune they reaped with CryptoDefense, not only did the crooks buy more computers from a bot net. They also rebranded it to 'CryptoWall' and made considerable changes to its website: + Multilanguage Support + Slight color changes in their website. Now it looks nicer, I confess. + Support (You can message them in case you need help)  - Their English sucks, so I haven't noticed any improvement in this area. * Ransomware notes are now named as: DECRYPT_INSTRUCTION.txt DECRYPT_INSTRUCTION.html DECRYPT_INSTRUCTION.url What does it mean to 'buy computers'? Most computers that were hit by this nasty ransomware had been previosuly infected by a botnet. A botnet is a network of infected computers that can be spied and controlled by their masters (those who own the botnet network).  These computer programs are usually used to gather users' credentials to home-banking and to perform DDoS attacks on websites, etc. (Yes, you can pay these croo