Corrine Posted August 7, 2014 Share Posted August 7, 2014 A lot has happened since I first posted about Cryptolocker last October. Grinler spent a lot of time providing an updated FAQ about the ransomware. Soon thereafter, CryptoPrevent was created by Fooli****. We've had several other topics discussing this ransomware and in June I posted information about the seizure of the servers hosting GameOverZeus and CryptoLocker. Finally, for those victims who were caught by the ransomware, there is relief. The "good guys" at FireEye, in collaboration with Fox-IT, have created a portal for victims to upload an encrypted file, provide an email address, and receive a decryption key. Several of the articles I've seen today: Whitehats recover, release keys to CryptoLocker ransomware | Ars Technica BBC News - Cryptolocker victims to get files back for free Decryption keys are now freely available for victims of CryptoLocker - News 4 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted August 7, 2014 Share Posted August 7, 2014 Very nice, thanks for sharing! 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted August 7, 2014 Share Posted August 7, 2014 Yea! Quote Link to comment Share on other sites More sharing options...
Corrine Posted August 8, 2014 Author Share Posted August 8, 2014 Although this is good new on one front, as Grinler points out in SynoLocker ransomware targets Synology NAS Devices - News, there are other methods and types of ransomware. 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted August 8, 2014 Share Posted August 8, 2014 Yes, this is a bad one for sure. Many can get your nas if it uses a drive letter, but this is a bit different... A new file encrypting ransomware has been developed called SynoLocker that targets Synology Network Attached Storage (NAS) devices. Unlike typical encrypting malware, this one does not infect your computer, but rather exploits vulnerabilities in older versions of Synology's Diskstation Manager (DSM) operating system. Devices running DSM 4.3-3810 versions or earlier are vulnerable and being targeted and exploited via the Internet. Once the device is exploited, you will no longer be able to access the administrative screen and it will be replaced by a ransom screen. This ransom screen states that your files have been encrypted and that you need to pay a ransom of .6 bitcoins, or approximately $350 USD to get your files back. BOLD emphasis mine. Quote Link to comment Share on other sites More sharing options...
Corrine Posted August 14, 2014 Author Share Posted August 14, 2014 Unfortunately, this isn't the end of the story. It didn’t take long for an updated version of GameOver Zeus to make some headway in rebuilding itself. Research published today from Arbor Networks demonstrates that cybercriminals behind GameOver Zeus, which was taken down by law enforcement in early June, have renewed the botnet with at least 12,353 unique IP addresses worldwide. Arbor’s numbers come from five sinkholes it manages, and data collected periodically between July 18 and July 29. NewGOZ Gameover Zeus Botnet Rebuilds 1 Quote Link to comment Share on other sites More sharing options...
Guest LilBambi Posted August 15, 2014 Share Posted August 15, 2014 Sadly true.... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.