CryptoLocker

Discussion of any topic that lifts your mind or your spirit
Post Reply
Message
Author
bwolfsohn
Posts: 648
Joined: Thu Jan 28, 2010 7:07 am
Location: Alachua, Florida USA
Contact:

CryptoLocker

#1 Post by bwolfsohn »

I just saw my first cryptolocker infection on a client's computer..

they couldn't get into our software because the setup.dbf and station.dbf has become trashed (as far as we could tell). We got onto their system remotely, and i started to investigate file sizes, dates, etc... while looking at things in date order, i noticed 3 files .html, .txt and .url all named decrypt_instructions.

i used notepad to look at them and saw they were cryptolocker instuctions.

I advised client that his network and computers were unusable at this time and to turn off and disconnect all machines on the network and call in someone local to review the situation...

we use strange extensions for most of our data files, and those didn't seem to be hit by the malware (yet)..
Brian Wolfsohn
Retired and traveling around the country to music festivals in my RV.
OOPS.. Corona Virus, so NOT traveling right now...
http://www.breadmanrises.com
FB travel group: The Breadman Rises

User avatar
rdonnay
Site Admin
Posts: 4722
Joined: Wed Jan 27, 2010 6:58 pm
Location: Boise, Idaho USA
Contact:

Re: CryptoLocker

#2 Post by rdonnay »

Jon's system in Omaha got bit really bad by that virus about a year ago.

It hit every database that was a .DBF.
We restored from backup and immediately started a program that opened all the databases shared.
We were using ADS.

Cryptolocker can only affect .DBFs that it can open exclusive.

We were able to keep running until their IT department got rid of the virus.
The eXpress train is coming - and it has more cars.

Post Reply