Cryptolocker - Has anyone recovered from it?

[Rathji]

Kind of a related note, but if I was running IT in a lawyers office without a working backup to recover from Cryptolocker (or any other of the dozens of things that can happen to data), I would expect to be looking to a job really quickly.

That's completely irresponsible.

[cKy]

I agree. It doesnt matter how big or small that firm is, any type of sequential backup should be mandatory.

[photon]

Quote:

Originally Posted by Rathji

Kind of a related note, but if I was running IT in a lawyers office without a working backup to recover from Cryptolocker (or any other of the dozens of things that can happen to data), I would expect to be looking to a job really quickly.

That's completely irresponsible.

But, but, IT is an expense that doesn't add to the bottom line of the company!

[Rathji]

Quote:

Originally Posted by photon

But, but, IT is an expense that doesn't add to the bottom line of the company!

Every business owner is entitled to their potentially company destroying budget decisions.

[Inglewood Jack]

the fact that more than one person here has already been ransomed freaks me out a little. is this thing able to slip by your standard run of the mill antivirus software? or were the infections mentioned here cases where there was none or outdated AV?

[Rathji]

Quote:

Originally Posted by Inglewood Jack

the fact that more than one person here has already been ransomed freaks me out a little. is this thing able to slip by your standard run of the mill antivirus software? or were the infections mentioned here cases where there was none or outdated AV?

It really doesn't make much difference. The virus is in active development, and as a result will be adjusting to defense or removal methods. For example, early versions allowed for you to restore from previous versions, but the new versions don't.


You can't rely on AV to protect you from this. You need a cold backup.

[MolsonInBothHands]

Quote:

Originally Posted by Rathji

Kind of a related note, but if I was running IT in a lawyers office without a working backup to recover from Cryptolocker (or any other of the dozens of things that can happen to data), I would expect to be looking to a job really quickly.

That's completely irresponsible.

They were using a cloud backup service. It got to it.

[Mccree]

Is this an executable type virus or does come the pdf's and other type of files?

[Ace]

Quote:

Originally Posted by MolsonInBothHands

They were using a cloud backup service. It got to it.

Even if they had a static back up the evil genius thing here is that it's going to be cheaper for the company to just pay the ransom, rather than restore from back-up.

[Stealth22]

Quote:

Originally Posted by Ace

Even if they had a static back up the evil genius thing here is that it's going to be cheaper for the company to just pay the ransom, rather than restore from back-up.

Exactly.

For most companies, $300 is a drop in the bucket, especially compared to 2 or 3 days worth of hours for the entire IT team to restore from a backup, and then make sure that everything is up and running properly.

[Rathji]

Turns out the new version has an extended pay period in case you didn't make the 3 day cutoff.

Its a bit more expensive, at 10 bitcoins... which is over $3000 by today's pricing.

As for the company in question: The online backup had no versioning or iterative backup? Ouch.

[blankall]

Quote:

Originally Posted by Mccree

Is this an executable type virus or does come the pdf's and other type of files?

I most definitely did not run an exe file. It came on another file and my guess was triggered by my AV when it went to delete it.

[blankall]

A heads up. There is a cure for this now:

https://www.decryptcryptolocker.com/

Managed to get all of my files back! About a year later..but woohoo!