Difference between revisions of "DBSA:2014-0014"
(Created page with "{{DBSAHEAD | TITLE=Cryptolocker Decryption Available | KEYWORDS=Cryptolocker, Malware, Encryption, Corruption of user files, Data damage, Email, Infection, NCA, Windows, Micro...") |
|||
Line 34: | Line 34: | ||
This tool's page contains instructions on its usage. | This tool's page contains instructions on its usage. | ||
− | The prior advisory's Mitigation/Solution section stands on all counts. It is still strongly advised to maintain offline, disconnected backups of data that cannot be accidently altered or corrupted. It is further advised not to open email attachments or links without confirmation that they originate from the true source. Do not simply "Reply" to such mailings but rather use an alternate communication method or failing that use a known good source for the original sender's email address to confirm. Always be cautious and don't open unexpected attachments. | + | The prior advisory's Mitigation/Solution section stands on all counts as this tool does not work on all ransomware. It is still strongly advised to maintain offline, disconnected backups of data that cannot be accidently altered or corrupted. It is further advised not to open email attachments or links without confirmation that they originate from the true source. Do not simply "Reply" to such mailings but rather use an alternate communication method or failing that use a known good source for the original sender's email address to confirm. Always be cautious and don't open unexpected attachments. |
==References== | ==References== |
Revision as of 00:40, 7 August 2014
Disclaimer: as technology changes, advisories may become out of date or may no longer be relevant, please refer to the "Date" section of the header to be sure the advisory is recent as pertains to your situation.
Contents
Digibase Security Advisory - Cryptolocker Decryption Available
Keywords: Cryptolocker, Malware, Encryption, Corruption of user files, Data damage, Email, Infection, NCA, Windows, Microsoft
DBSA ID: 2014-0014
Regarding: Cryptolocker Decryption Available
Writeup: Kradorex Xeron (talk) 01:38, 7 August 2014 (EDT)
Date: 2014 08 07
Last Modified: 20140807004032 by Kradorex Xeron
Who should take note: All individuals and organizations with outstanding Cryptolocker infections.
Classification
This is unrated as this is an update to DBSA:2013-0008
Description
See DBSA:2013-0008 for the original published advisory.
Cryptolocker is an item of ransomware malware that when installed it covertly encrypted user data and attempted to extort a sum of money through untrackable money transfer methods. Its mode of operation was to trick a user to open a link in an email or via similar measures to install the trojan. From there it would start encrypting user data mostly through a background program, when complete it would transmit the encryption key (password) to a remote server and there would be no local key display a warning message extorting money providing a countdown until the remote encryption key would be deleted permanently. This used to mean that data could not be recovered.
Mitigation/Solution
Users with outstanding Cryptolocker infections or files still inaccessible are strongly advised to attempt utilization of the self-serve web tool located at:
This tool's page contains instructions on its usage.
The prior advisory's Mitigation/Solution section stands on all counts as this tool does not work on all ransomware. It is still strongly advised to maintain offline, disconnected backups of data that cannot be accidently altered or corrupted. It is further advised not to open email attachments or links without confirmation that they originate from the true source. Do not simply "Reply" to such mailings but rather use an alternate communication method or failing that use a known good source for the original sender's email address to confirm. Always be cautious and don't open unexpected attachments.