File-trashing Cryptolocker PC malware
- Thread starter Old Man
- Start date
Associate
- Joined
- 26 Feb 2012
- Posts
- 1,763
- Location
- Hokkaido
This may be a stupid question but can't the Police trace these criminals through where they're being paid too?
Depends on what kind of protocol is used. If you have permission to modify files on the fly and the remote location is mounted "live", then I don't see why not. Would take a long time though depending on how much data there is. It wouldn't occur server-side (unless it's the remote server that is infected), so the file would probably have to be downloaded, encrypted locally then re-uploaded.....
However if you have a local<=>remote sync set up (such as a dropbox folder) it will simply encrypt the local file which will then get synced to the remote server and overwrite it.
If you require login/password each time to log in to some kind of web interface with only basic manual operations over HTTP like upload/move/delete (such as skydrive's web interface), then I highly doubt it can cause any damage to the remote files. Actually I'd say impossible.
What would I recommend? Be very cautious if you have any folders which sync, in fact remove sync if viable and limit to manual uploads. If you must have a sync active, keep an eye on the relevant activity icon in the system tray, or monitor bandwidth usage with a tool such as DUmeter, or keep an eye on your router LEDs for any idle activity.
Last edited:
Associate
- Joined
- 3 Jun 2010
- Posts
- 960
Interesting... So do you know if Hubic would be safe, or whether the 'secure transfer' it mentions actually means it does require password access?
https://hubic.com/en/discover-hubic
If you don't know I can email them to ask. Thanks
This is what i was thinking as well. Where does the money go?
Depends where it's being paid to though, if it's some dodgy bank in Russia probably not
it isolates the virus to within the virtual machine, the virus as such cannot see anything outside the OS it is sitting on if set up properly
Only communication from VM to host is the bridged wifi, my virtual shared folders are not persistent and need a password to activate. So the virus could lock down the VM, bit hopefully not move across to the host.
I'll be moving to a Ubuntu host in the near future, which should mitigate the problem further
Soldato
- Joined
- 20 Jul 2004
- Posts
- 3,646
- Location
- Dublin, Ireland
OK, but if the host has any access to the internet then the host can be infected directly. Bridging or Double NATing isn't going to help.
I'm not saying your idea has no merit, I'm just trying to understand it.
Nate
Soldato
- Joined
- 8 Mar 2007
- Posts
- 10,938
I've got something to tell you son.....The Dell 256k isn't your mother
Soldato
- Joined
- 9 Dec 2009
- Posts
- 5,388
- Location
- Bristol
So running is running Chrome with free AV software and as usual watching what I open enough to keep this nasty thing out of my machine?
or just don't open files from unknown sources
Erm, how?
Only if your VM is set up to have no network access, but then it's fairly useless as an everyday OS anyway..
Not sure why you would restrict yourself like that unless you hardly use it.
you do realise computers (a virtual machine is nothing special in that respect) can be on the same network but be invisible to each other through the use of a correctly configured firewall. even the firewall built into windows should be good enough providing you don't use the default settings.
Soldato
- Joined
- 20 Jul 2004
- Posts
- 3,646
- Location
- Dublin, Ireland
Yes, but what stops the virus infecting the host computer directly, if that host has access to the internet? Why does the VM even matter?
Nate
Nate
how? the only way a guest has access to the host is via networking. it goes without saying it would be configured to use a disk image file rather than giving it full access to a hard drive partition.
Last edited: