Beware!!! If your files are encrypted, there is no known way to de-crypt the files at this time. spear phishing 1.(Internet) phishing against a small group of selected targets who are more likely to be attracted Spear phishing is an e-mail spoofing fraud attempt that targets a specific organization, seeking unauthorized access to confidential data. Spear phishing attempts are not typically initiated by random hackers but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information. The below document provides more details about this type of attack (the link has been verified): securingthehuman.org/newsletters/ouch/issues/OUCH-201307_en.pdf Outbreak of CryptoLocker Ransomware Severity: Medium Affected Systems: All Microsoft Windows systems are potentially at risk. Summary: Solutionary (our 3rd party security vendor) has observed many recent system infections related to a new form of ransomware called CryptoLocker . This infection is spread via a malicious executable posing as a PDF from a trusted source in phishing emails. Affected systems will have a majority of files in an unrecoverable encrypted state, including those on connected network shares. Potential Impact: Ransomware earned its title by effectively holding the infected system’s files for ransom. If the malicious package is executed, it installs itself into the Documents and Settings folder with a randomly generated name. Additionally a registry key is added to load the file every time a user logs on. The malware proceeds to try connecting to a seemingly random list of URLs corresponding to the command and control server. Once a connection is established, a unique RSA-2048 public-private key pair is established. This key pair used to encrypt any files the logged in user has access to with the following extensions (including those on connected devices and network shares): 3fr, accdb, ai, arw, bay, cdr, cer, cr2, crt, crw, dbf, dcr, der, dng, doc, docm, docx, dwg, dxf, dxg, eps, erf, indd, jpe, jpg, kdc, mdb, mdf, mef, mrw, nef, nrw, odb, odm, odp, ods, odt, orf, p12, p7b, p7c, pdd, pef, pem, pfx, ppt, pptm, pptx, psd, pst, ptx, r3d, raf, raw, rtf, rw2, rwl, srf, srw, wb2, wpd, wps, xlk, xls, xlsb, xlsm, xlsx A popup follows requesting payment via prepaid cards or Bitcoin, usually in the amount of 300USD, 300EU, or 2BTC to retrieve the private key. A limited time period is allowed for payment, normally 72 hours. Recent trends have shown that the timeframe is a legitimate threat and the access to the key will be removed after the deadline expires. If your files are encrypted, there is no known way to de-crypt the files at this time.
Posted on: Wed, 30 Oct 2013 01:45:21 +0000