CryptoLocker, ransomware and holding the internet hostage

Submitted by Charlton Stanley, Guest Blogger

“I am regularly asked what the average Internet user can do to ensure his security. My first answer is usually ‘Nothing; you’re screwed’.”
   – Bruce Schneier

cryptolockerThe quote by Professor Bruce Schneier at the top of this article is the unvarnished truth by one of the leading internet and cryptography experts in the world. Which brings us to the subject of this story. The latest threat to everyone’s computer is a form of malware called “Ransomware.” This is not new, having first appeared years ago. Those first attempts were clumsy, the software codes easily broken, and the perpetrators caught. However, in the past few weeks the threat is back, more sophisticated and more dangerous than almost any malware threat to date. Although often referred to as a virus, it is not a true computer virus, because it does not self-propagate. It is a Trojan. Ransomware does not try to steal your files, passwords or photographs. Rather, it holds them hostage until you pay a ransom. There are several ransomware viruses going around, but CryptoLocker is the one getting the most media attention. How it works is this; you click on a file that may have arrived by email. Sometimes it will arrive by clicking on a web page link. Possibly a PDF of some business letter or report. Shortly after clicking an infected link, the image at the left appears. You will have no warning until it is too late. When the warning box appears, your files are already encrypted.  Follow me over the flip to see the message:

Your personal files are encrypted!

Your important files encryption produced on this computer: photos, videos, documents, etc. Here is a complete list of encrypted files, and you can personally verify this. (it inserts a link to the encrypted files)

Encryption was produced using a unique public key RSA-2048 generated for this computer. To decrypt files you need to obtain the private key.

The single copy of the private key, which will allow you to decrypt the files, located on a secret server on the Internet; the server will destroy the key after a time specified in this window. After that, nobody and never will be able to restore files…

To obtain the private key for this computer, which will automatically decrypt files, you need to pay 300 USD / 300 EUR / similar amount in another currency.

Click <<Next>> to select the method of payment and the currency.

Any attempt to remove or damage this software will lead to the immediate destruction of the private key by server.

RSA is a type of encryption developed by three cryptographers in 1977; Ron Rivest, Adi Shamir and Leonard Adleman. The number following is based on the product of two large prime numbers with an added integer. So far so good, because that is the public key. However, a private key is needed to unlock the encryption, and that can be virtually unbreakable. Adding to the problem of any attempted decryption is the “dead man switch,” which causes the decryption key to destroy itself if any attempt is made to decrypt or lock out the ransomware. Additionally, ransomware usually has a time limit of about 72 hours, and there is a timer counting down showing you how much time you have left to pay the ransom. The countdown clock is on the left side of the warning image. The screengrab above shows fifty-six hours, sixteen minutes and twelve seconds left. When that timer reaches 00:00:00, the decryption key will self-destruct.

The files CryptoLocker infects have the following extensions:

????????.jpe, ????????.jpg, *.3fr, *.accdb, *.ai, *.arw, *.bay, *.cdr, *.cer, *.cr2, *.crt, *.crw, *.dbf, *.dcr, *.der, *.dng, *.doc, *.docm, *.docx, *.dwg, *.dxf, *.dxg, *.eps, *.erf, *.indd, *.kdc, *.mdb, *.mdf, *.mef, *.mrw, *.nef, *.nrw, *.odb, *.odc, *.odm, *.odp, *.ods, *.odt, *.orf, *.p7b, *.p7c, *.p12, *.pdd, *.pef, *.pem, *.pfx, *.ppt, *.pptm, *.pptx, *.psd, *.pst, *.ptx, *.r3d, *.raf, *.raw, *.rtf, *.rw2, *.rwl, *.sr2, *.srf, *.srw, *.wb2, *.wpd, *.wps, *.x3f, *.xlk, *.xls, *.xlsb, *.xlsm, *.xlsx, img_*.jpg

The criminals even anticipated your anti-virus software removing CryptoLocker. You will get a screen instructing you to recover CryptoLocker from your anti-virus software quarantine, or go to an infected site and re-install CryptoLocker. Otherwise, you cannot even pay the ransom and get the private key. Your files are gone permanently. There is now a new twist to the scam, in that if the original decryption subroutine times out and is itself encrypted, for a punitive added fee, they will sell the victim a decryption key that allows access to the now-encoded decryption key. Currently, the going rate is five times the original ransom price.

There is an excellent description of this malware, and some of the ways to deal with it at There is also useful information at the Malwarebytes web site. First of all, look at the information at and Malwarebytes. Other antivirus companies have similar information and research them as well. Install the software you think will work best for you.

The University of Oxford Medical Sciences Division’s IT department has this advice:

“Make the “file extension” (.docx, .xlsx, .pptx) on users’ documents clearly visible on all Windows machines connected to our network. Recent Windows versions hide this by default – the CryptoLocker infected attachment uses this feature to masquerade as a PDF file, when in fact with the file extension visible, we can see that it actually has a double file extension in the format “.pdf.exe” and is therefore an executable program, which runs when you try to open the file.

Users are advised to be even more vigilant than usual when opening emails – and attachments, particularly if they appear to come from a well-known courier company, even one you or your group/department regularly use.”

It is a good idea to reset your computer so you can see the file extensions for the reasons given in this message from the University of Oxford. Instructions at this link.

CryptoLocker can install itself when a computer is in Safe Mode. That is a new twist as well.

Bitcoin_logo.svgWhen the virus first appeared a few weeks ago, the ransom was in Bitcoins, usually about two Bitcoins. At that time a Bitcoin was worth around a thousand dollars, so the hapless victim had to come up with a couple of grand in less than three days to pay the ransom. The price of Bitcoins has fluctuated recently, so the crew holding your computer hostage has come up with other ways for the victim to pay in more stable currency, although they have not abandoned Bitcoins.

The primary targets seem to be small to medium sized businesses and individuals. A few days ago, the Swansea, Massachusetts Police Department computers were hit, and they had to pay the ransom to preserve their database. That raises an interesting legal question. Any evidence stored in the computer system has now been compromised by a third party having access to it. Can it still be used in court?

All major law enforcement agencies recommend strongly against paying the ransom. Paying a ransom just further enables the thieves, enriching them and making them stronger. That can mean only one thing. In order to keep from having to pay to decrypt your files, you must have copies backed up in a separate location where the ransomware virus cannot get to it to infect it.

This is highly sophisticated software, and the people running these operations are not amateurs. Once the virus is on your computer, it spreads to other computers on your network, and even to your backup files. If it can access remote servers or your cloud storage, it will encrypt those files as well.

There are anti-virus programs being developed that help prevent the virus from spreading or getting on your computer in the first place, but there is no software which will decrypt the files. CryptoLocker is based on high level encryption, so it is unlikely any decryption software will ever be written that can undo the damage. Even if the ransomware Trojan is removed completely from the computer, the files are still encrypted, and are impossible to decrypt—they are gone.

After spending the past week researching this threat to all of us, I have one or two suggestions. My suggestions are based on the fact I have experienced both the “blue screen of death” and actual mechanical hard drive failure. When your hard drive suddenly begins to sound like a fifteen-year-old trying to drive a stick shift for the first time, you know nothing good will come of it. As is often said, “It is not a matter of if, but a matter of when.” If one looks at CryptoLocker as just another form of complete hard drive failure, then the alternative to paying ransom is more obvious. Back in the olden days of DOS, our office computer had a tape backup. It took close to an hour to back up the files, so the tape backup always started an hour before everyone left for the day. At my suggestion, we had two tapes, marked “1” and “2”. The odd number tape was used on odd numbered days, and the even numbered tape on even numbered days. That way, if we had a drive failure, we had the tape from the day before. Or as happened one time, the drive failed and the tape broke the same day. We still only lost two day’s work.

Many people back up constantly, or in some cases, several times a day. One of the things Professor Schneier does to isolate files and computers is keep what he calls an “air gap” between machines. I have not yet upgraded our system, because this new threat is so new. However, this weekend, I plan to buy at least one and possibly two large external hard drives for the main office computer. I have an external hard drive for the home computer, but it is over capacity and I need a new one anyway. They will not be plugged into the computer until it is time do do a backup. I will back up once a day. That way, if the computer becomes infected with CryptoLocker or any other virus–or a hard drive failure–I still have a backup. Experts on ransomware seem to be of a mixed mind with regard to cloud storage. Most cloud storage services claim to have strong virus protection, including protection against ransomware. However, as I said above, these crooks are pros, and Murphy’s Law is still operant.

Frankly, if any of my hard drives becomes infected with ransomware, I will never use it again. I am quite aware of the claims of ransomware being easy to remove, but I am also aware virus writers are busy making removal either difficult or impossible.  I will take the hard drive out and destroy it, along with all other installed memory storage. All the top computer security experts are saying that since the current version of CryptoLocker and other ransomware is so profitable, there is no doubt newer, more powerful and more sophisticated versions are being created. The criminals know that every security agency in the world is working on ways to shut them down or destroy the Trojan before it reaches its target. Like every other internet threat, this virus will continue to evolve as long as there is money to be made.

FBI ransomwareCryptoLocker is not the only ransomware floating around. There is an FBI virus. That one pops up with an official-looking warning to the effect the FBI has been monitoring your browsing and have determined you are surfing child pornography sites or violating copyright laws. You are further informed your files are encrypted and you can only decrypt them by paying a “fine” of several hundred dollars within a specified time. Some of these warnings include the threat you will be arrested and jailed if you don’t pay they fine they demand. Different scenario, same kind of ransom extortion.

These threats are still evolving, and as fast as anti-virus software is written to protect the user, the criminals are keeping up. The only safe backup is one you manage yourself, offline. That is why I am getting my own external hard drive backup instead of relying on someone else’s servers in the so-called cloud.

I cannot and will not presume to tell anyone the best way to protect yourself. I have thrown out a few resources, and explained what I plan to do with my own system. If one is not an expert, the best plan is to consult with an expert. Additionally, I am not going to try to tell anyone there is a solution if your files are already encrypted by CryptoLocker or other ransomware. I wrote about encryption recently, mentioning TrueCrypt, a powerful asymmetrical encryption program similar to that used by these criminals. Once your files are encrypted, recovering them seems to be a lost cause other than paying a bribe. Personally, it seems more logical to spend the same amount, or less, on good backup hardware. I have provided several links below which should be a good start on making up your own mind on what will work best for you and your situation. These are current and working links at the time I am posting them.

PC Advisor: What you need to know about CryptoLocker and how to protect yourself from this ransomware

Matthew Hughes: CryptoLocker Is The Nastiest Malware Ever & Here’s What You Can Do

Naked Security: Destructive malware “CryptoLocker” on the loose – here’s what to do

CRN’s Robert Westervelt: Cryptolocker Attacks, Ransomware Target Small Businesses: Cisco

54 thoughts on “CryptoLocker, ransomware and holding the internet hostage

  1. Chuck,
    Very informative article. I will be purchasing a hard drive to back up my computer daily as you suggest. Kind of scary to think that hundreds and possibly thousands could be paying this kind of extortion fee. I have already gotten in the habit of running a security scan twice a day, but your idea of a separate hard drive that is disconnected when it is not backing up the laptop is a sensible response to this criminal activity.

  2. Excellent and timely article. Having lost acres of files to HD crashes in the past -and 1 bug that was a true monster – I use external drives to store files and manually back up what I want to keep. I leave them unplugged until I want to put something on them. I did use one of them as a mirror for a new, clean install of my OS after I had set my preferences though. I accumulate so much crap that when my system starts getting fragile I almost look forward to having a newly installed OS.

    That is the luxury of having a personal computer and terabytes of kitty .jpg’s though. The methodology for protection you discuss is sound for any scale/kind of system as your list of possible data-saving methods illustrates.

    Don’t leave the externals plugged in or updating/saving constantly; backup or transfer stuff you need or want to retain as it is acquired -I plug in a drive and do it 1-2 times a day; Never leave things unbacked up on your computer if you can’t afford to lose them.

    I copied the list of suspect file extensions from the link to “bleepingcomputer” you supplied for further reference because I end up with some pretty funky extensions on parts of files. I’ve seen a couple on that list cross my path.

    I got a file that was a “jpg . exe” (one of the suspect files in the article) and deleted the . exe and clicked to open the jpg. My computer wouldn’t open it saying it was a format that was not recognised. This was last week and I can only offer that I was not in my right mind when I did it because I know better. (It is also the name of a Trojan that renames your jpg files, all of them.)

    I got lucky and nothing happened but deleting it was an itchBay and that kind of extension will have the file deleted immediately upon seeing it in the future. If you get a funky extension open a new tab and google it before you proceed, I always do that (really) except when I don’t like last week. When in doubt, delete. I delete a goodly number of files I end up d/ling without opening them, because they are larger than they should be or some other incongruity I notice. Never wasted a moment regretting it.

    Google and the delete button for banishing doubt about an iffy file is as much your friend as your scroll wheel is for maintaining your personal wa on a contentious blawg.

    Thanks for the heads up on the latest threat.

  3. OS,

    It’s very late for me here, I probable shouldn’t be posting.

    I started this damned PC up , (again, wink,)just to see what special Mike S posted for us & I seen your headline.

    I’ll read your post tomorrow but I’ve spent a few hours in my head already own this topic.

    I’ll say this, those Fools that are using tools to spy on us are complete lunatics thinking we can’t see them & what they are up to!

    Gawd forgive them, because when the rest of We the People see on the dash cams what those terrorist traitor aholes are really up to their own mothers will disown them!!!

    I can’t thank some of you guys enough for your efforts OS, Thank You!

  4. Portable hard drives are so chep now, you are being foolish not to have one..or more. I really like the Toshiba Canvio USB 3.0 series, which doesn’t run unless accessed either by you or your backup software, and shuts down right after operating. Look for 1TB (That’s terabyte, 1000 gigabytes) around $60 or 2TB around $100 on sale.
    Three year warranties!

  5. Y’all might look into any number of Linux distros: free open source operating system. Another IT guru, Brian Krebs, likened running Windows to leaving the front door to your house. BTW , Linux servers power Amazon, Facebook, Twitter, eBay and Google. As well, ninety-eight percent of supercomputers run Linux . It’s been 8 yrs of FOSS bliss for yrs truly.
    – google ‘why linux is better than windows 7’ =About 37,600,000 results
    [ NB-windows8 locks the OS, so any mod is verboten ]

  6. A better option is a better operating system in some cases.

    When or where that is not an option, the security practices OS mentions are very viable alternatives.

    Be careful not to let the “trojan.pdf.exe” or any other malware be copied to the external storage device during the process.

    1) disconnect from networks (wired, and/or wireless)
    2) disconnect from internet
    3) run malware detection software (remove malware if found)
    4) connect external drive
    5) backup to external drive
    6) disconnect external drive
    7) reconnect networks and/or internet

  7. Juliet,
    I read that Macs are currently resistant to the CryptoLocker virus. However, I would not take chances with that either. This criminal operation is one of the most highly sophisticated we have seen so far. My guess is they just have not gotten around to attacking Macs or Linux…yet.

    They seem to be targeting those most likely to pay, which are small and medium size businesses. They have the most to lose, and are less likely to have files backed up. PCs running Windows are the platform of choice for most small businesses. Unlike big corporations with redundant systems and full time IT departments, the smaller business can’t afford a full time IT department, and most of the people barely know how to turn the computer on and off. Like that police department; there was no backup or redundancy, or they would have just thumbed their noses at the crooks instead of paying.

    Of course, a lot of people who cannot afford to pay are losing their files too.

  8. I read an article about this some time back. The author actually wrote the one upside is that once you pay the ransom they give you the key so in that sense they are honest. How sad that living up to their word once you pay the ransom seems like a good thing from them.


    Look out, Apple. Eugene Kaspersky is calling you out.

    The founder and CEO of Kaspersky Labs spoke with Computer Business Review (CBR) about Apple’s slow progress in security at this week’s Infosecurity 2012 event in London.

    “I think they are ten years behind Microsoft in terms of security,” Kaspersky told CBR. “For many years I’ve been saying that from a security point of view there is no big difference between Mac and Windows. It’s always been possible to develop Mac malware, but this one was a bit different. For example it was asking questions about being installed on the system and, using vulnerabilities, it was able to get to the user mode without any alarms

  10. Since I spend years in computer software development, I’m fully aware of the importance of multiple backups. While I don’t back up my entire system, which results in a big pain when the hard drive gets scrogged (been there, done that), I have multiple backups of the files I cannot recreate or where the re-creation would take a huge amount of time, e.g. genealogy research and family pictures. I also don’t use Internet Express and don’t open unknown emails or attachments. So far, so good.

  11. Hookers For Hackers has been my proposed solution to all of these problems. Get these geeks laid on a regular basis and they won’t be doing this stuff. I’m down for $100.

  12. I suggest a target for them…. The NSA….. And all related agencies….. But, could it be a covert of the CIA doing this to start with….

    Thanks chuck for this wonderful information…. Wow….

  13. I saw this one a few weeks ago. A backup drive that is intermittently connected is good. There are also some system settings that can be changed on PCs to reduce the chance of infection.

    Unfortunately all security software will always be playing catch up. These attacks will continue because its very hard to trace these attacks back to specific people and they are commonly in countries that are difficult to extradite from.

  14. There is nothing preventing Cryptolocker from replicating itself to your backup drive, the minute you power it on. What amazes me most here, is that the government, with its vast NSA resources, can’t use its audit trail to find and locate these criminals. But then again, if the NSA itself is behind this trojan, it would explain its inaction. In the same way that the IRS had targeted Tea Partiers, victim demographics or political affiliation could easily point to the perpetrators.

  15. Samantha – You’re right – the NSA could easily take care of CryptoLocker, and it is a threat to national security. But the NSA doesn’t really care about our security; it’s all about their self-aggrandizement.

  16. Most security people writing about this seem to think it is a Russian mafia operation. There has also been speculation it might be originating in China. The awkwardly constructed messages suggest they were not written by anyone for whom English is a first language.

    At any rate, hardly the work of one person working out of his mama’s basement while he munches on Cheetos and cold pizza. Or from one fixed location either.

  17. @Samantha – It would depend on how you are backing up. If you are copying the files then yes you can move unusable files onto the drive. If you use something like Acronis it compresses and manages the archives (files backed up this way are less likely to get encrypted). For instance, its common to just back up the changes nightly and do a full backup every 7th day. More sophisticated tools allow multiple usb drives to be used for backups. For instance, its common in small business environments to back up to a USB hard drives. One is connected, one is next to the server and the 3rd is at home in a safe.

  18. Otteray Scribe 1, November 30, 2013 at 2:37 pm

    Most security people writing about this seem to think it is a Russian mafia operation. There has also been speculation it might be originating in China. The awkwardly constructed messages suggest they were not written by anyone for whom English is a first language.

    At any rate, hardly the work of one person working out of his mama’s basement while he munches on Cheetos and cold pizza. Or from one fixed location either.
    All boogie men, since the incremental fear coup began decades ago, originate in the places the evil eye of Sauron is upon:

    The enemy aggressor is always pursuing a course of larceny, murder, rapine and barbarism. We are always moving forward with high mission, a destiny imposed by the Deity to regenerate our victims, while incidentally capturing their markets; to civilise savage and senile and paranoid peoples, while blundering accidentally into their oil wells.

    (On The Origin of The Bully Religion – 2, quoting 1944 book). You can tell where one’s ideology originates, its DNA if you will, by who they want us to fear.

    Follow the money, follow the fear, and follow the immunity.

    It leads to the sadomasochistic wizard of odds.

  19. nick spinelli 1, November 30, 2013 at 10:17 am

    Hookers For Hackers has been my proposed solution to all of these problems. Get these geeks laid on a regular basis and they won’t be doing this stuff. I’m down for $100.

    Me too.

  20. @Otteray Scribe – My 2-cents (FWIW)? The two most likely suspects are either in Sofia Bulgaria or Pyongyang NK-DPRK (or a blend of both). Both of these uber-hacker groups are very capable of this type of cyber-attack. The Bulgarian one is “Cyber Warrior Invasion” recently busted by the Bulgarian feds in summer 2012 and the Kim Jung Un’s 3,000+ strong cyber unit “Cyber Command” are a force to be reckoned with. They clearly have “US” in their cyber-cross-hairs.

    This is one of the MANY reasons why I think NSA (et al) is listening in so to speak. Not just apparent cyber-threats but other blended-threats not on the US Public’s radar yet. Maybe 60-Minutes will do a piece on it soon and people can start rethinking the NSA’s role in spying on “certain folks”. However, I’m not being an apologist for the CIA yet. They still have way too many complicated loyalty issues for my taste – ever since 1947 at their inception.

  21. Samantha: “…if the NSA itself is behind this trojan, it would explain its inaction.”

    I think it’s more complicated than that. This kind of thing brings up the unexplored concept of cyber-war, what it really is and how would one manage it. It’s easy to think that if NSA, FBI, CIA but really NSA was doing the job it’s supposed to be doing, they would have already localized the origin to some number of server farms, possibly governmental, and fried them by now. Yes, you can destroy equipment with programming as Stuxnet has shown.

    And why not do that since it is war of a sort and could very well be considered an attack on the US’s business security. We have laws giving the above US agency’s a mandate for being in the cyber business that includes just that aim, protecting the national interest by fending off attacks to business (cyber) infrastructure. It’s why the FBI and Treasury Dept. round up hackers and whistleblowers and creative guys like Arron Swartz, RIP.

    How do you manage a cyber-war when, if you fry server farms in NK or Belarus for the cryptowhatever of the day, they then might turn their attention to Wall Street, or your dam operations or your electrical grid or target a few nuclear power plants? I’m just paranoid enough to think that there are a new set of rules of engagement worked out among the worlds nations and just plain larceny is tolerated as background noise, to be handled through less intrusive means. Inaction may be agreed to response.

    If there isn’t a new set of rules there sure needs to be because MADD is a serious consideration if a crypto-war goes hot. You don’t need nukes for other developed countries these days, everything is run by code. Any nation, IMO, could be seriously damaged by another, if not brought to its knees, by another country’s hackers/cyber warriors.

    [ As for Pyongyang, if it was up to a vote i’d vote to turn it into glass, I have grown weary of the Kims. ]

  22. lottakatz, I’ve grown weary of the idjets who go to North Korea as a “tourists” or to sell bibles or something. And sorry, I’m not ready to blow several million little kids to kingdom come in order to get revenge for one incredibly stupid and addled old man.

  23. pdm, no American goes to NK unless our government wants to. No doubt the are given a briefing before they leave on how to take pictures of place and things of interest while appearing to be just clueless tourists. That is how it was done at the height of the cold war when we still had businessmen and capitalist functionaries visiting Russia. That is what I have read in any event.

    The tourist in the above story is insignificant. He just reminded me of NK and the Kim dynasty. Linked below is my beef with NK.

    You are a better person than I am, it’s that simple. I would nuke Pyongyang in an instant if there was a reasonable assurance of cutting the head off that snake of a government. I’d be hoping to get most of its military leaders too.

  24. lotta, first off – I don’t believe you. I don’t believe you would nuke Pyongyang. But if you insist…..what the hell. Is it getting too boring around here that we need to blunder into a war with the Chinese or something?

    Secondly, I hope you will stop reading whatever it is that is telling you that we are sending 85 year old stick out like a sore thumb white men to spy or take pictures as clueless tourists. Just what the hell do you suppose he could take a picture of that drones or satellites or a turncoat Chinese can’t do a million times better?

    Too damn much paranoia around here.

  25. LK,

    NK is a stalking horse/regional proxy for the Chinese. So long as they provide an element of instability to threaten east Asia, they are serving their purpose for the Chinese. Or do you really think the Chinese would let an allegedly rogue nation with nukes on their border to act that way without simply invading them? The Kim family is nuts. No arguing that. Their regime is one of the most oppressive and cruel going, but other than sabre rattling, they keep their abusive nature largely domestic.But if they ever got too far out of line? They’d be out of power and replaced with a Beijing puppet in a metaphorical heartbeat. Personally, I’m more worried about direct Chinese aggression in the region over the Senkaku islands. That could get out of hand in a bad way.

  26. Our government put a man on the moon many years ago. Our government sends drones over Afghanistan to kill tallybandits. Why can our government not find these computer punks and drone them?

  27. Guys, I’m aware of the NK/China politics and the difference between realpolitik and someone handing me the launch codes. Still, if I made a list of places to obliterate in order to effect regime change (and could be fairly certain of doing the job) Pyongyang is right up there.

    Between the ever-filled work camps, previous an lingering famine death and death from disease and chronic malnutrition arguably the population (in numbers) of Pyongyang has already died, and there’s no relief for those folks in sight as long as their pain suits the Chinese politically and the ruling elite in NK can live like kings.

    “more worried about direct Chinese aggression in the region over the Senkaku islands. ”

    Yeah, that’s heating up, they want the natural gas that is now in japan’s territorial waters.

  28. I already had the FBI virus happen to me. It was scary. I hadn’t done anything wrong, but it was scary because NOTHING I did got that damned thing off my screen. I finally got it off by rebooting my computer, tapping F8 until the screen came up that has “safe mode” on it appears and I chose the one that said it was a restore. It ran the restore and my computer was working normally again.

    I knew the FBI thing was hoax almost immediately because it said it gave me 72 hours to purchase some kind of software at a local store and if I didnt pay it in 72 hours, the FBI would come take me away. I thought “if I was really in trouble and doing something illegal, the FBI would not give me a 3 day head start to flee—and I certainly would not be able to pay my way out of it”

  29. Larry,
    By now, most good anti-virus and anti-malware programs can remove CryptoLocker. The problem is, the encrypted files will NOT be decrypted, and without the key from CryptoLocker, they cannot be unencrypted. If you delete CryptoLocker while your files are still encrypted, the crooks tell you to retrieve it from your anti-virus quarantine, or reinstall it from an infected site. At that point, they penalize you by charging five times the original ransom price to unlock your files.

  30. does this mean, even if you back up your files, these crooks will still have all your files and all your personal info, pictures, etc??

  31. Larry,
    No, they don’t have your files. They are encrypted so you cannot access them. Kind of like coming home and finding all the door locks changed. Your stuff is still there; you just can’t get in without buying new keys from the crooks.

  32. As for backing up your files, if you have a full backup on a separate memory module, they didn’t go anywhere. However, the newest versions of ransomware look for shadow drives, so if you are running your backup constantly, it is likely to be infected too. That is why you should not plug the backup drive in until you are actually ready to back up. Lots of good information about that at the links I provided.

  33. OT
    Stallman warns about Bitcoin peril
    It needs to be anonymous
    by Nick Farrell in Rome |
    Richard Stallman, president of the Free Software Foundation warned that there needs to be a new form of electronic currency which is protected from NSA spy agency data mining.
    According to RT Stallman told a London gathering of Bit coin fans that while Bitcoin has its benefits, it is not up to the standard of a safe digital currency that would shield a payer from being tracked by companies and, ultimately, by intelligence agencies.
    He said that an anonymous payment system is also required for us to start “taking control of our digital lives”…

  34. lotta – no question that NK is one of the worst regimes. Maybe The Worst. But your “solution” is no different than the Cheney-Bush solution to Saddam. Wait -, make that a worse solution since you want to nuke ’em. Cheney was willing to let them live so they could greet us with fleurs. And to think that you’ve got a list of such candidates. The mind boggles.

  35. RE:encryption
    safe AND secure?
    Today I found out that during the height of the Cold War,
    the US military put such an emphasis on a rapid response to an attack
    on American soil, that to minimize any foreseeable delay
    in launching a nuclear missile,
    for nearly two decades they intentionally set the launch codes
    at every silo in the US to 8 zeroes…
    Oh, and in case you actually did forget the code,
    it was handily written down on a checklist handed out to the soldiers.
    As Dr. Bruce G. Blair,
    who was once a Minuteman launch officer,
    Our launch checklist in fact instructed us, the firing crew,
    to double-check the locking panel in our underground launch bunker
    to ensure that no digits other than zero
    had been inadvertently dialed into the panel…
    — Karl Smallwood,
    For Nearly Two Decades the Nuclear Launch Code at all Minuteman Silos in the United States Was 00000000

  36. What is the appropriate penalty under the law for these acts, or under any new law that might cover these specific circumstances?

    And should it be applied per victim, or some other means?

  37. @LottaKatz – I too share your “glass” feelings for DPRK but I was just being facisius. I would never want to be part of the wanton murder of indigent collaterals of lil’ Kim. However, lil’ Kim, like his father, has possession of several submarines sold to him by Putin. And they were NOT demilitarized. They are non-nuclear but can be outfitted for vertical tubes. A certain US Republican North Korean-born reverend and news paper owner helped broker the deal with Kim’s dad and Russia. They are 12 FRG class boats. Now what do you suppose they want to do with them. When viewing that “glass” doesn’t look too bad… :rollseyes:

    Now about your Belarus hackers… yes 4 of them got busted (by Belarus feds – division “K”) and they had the “chops” for CryptoLocker as they had done something similar before. It appears that InterPol is looking for 5 more Belarusians. But all totaled they are looking for 40 hackers world wide who have the “chops” for this type of crypto-monster.

    I wouldn’t be surprised if Putin’s fingerprints all all over the Belarus and Bulgarian groups. Microsoft has used the Bulgarians a lot to “Tiger-Team” their software security. The SVR (former KGB) could glean a ton of actionable intelligence on foreign nations (i.e. USA) CryptoLocker. The ransom could just be a red-herring to obfuscate the operation. Even though the data is encrypted doesn’t mean the hacker can’t FTP upload it to an SVR-funded server for later decryption.

    To the guy who wants to know why US can’t catch them and round them up? Because they use cyber-zombies. That means that your PC could be invisibly acting as a server and THEY can access it invisibly whenever they want. The only indication would be that your PC performance would suck badly and your router’s I/O data LED would be flashing constantly. Your PC could also be invisibly sending out Trojan Horse viruses or even acting as an infected web site.

    So they FBI might be knocking on your door think your the hacker responsible for CryptoLocker. Turn your PC off when not using it. That may help a little because you’ll notice performance issues when your using it and get a sniffer software to see what’s going on on your network.


  38. @dobbie606 – For verification of your allegation of “00000000” all we need to do is ask Otteray Scribe as that’s what he used to do back in the day. I personally thought they used an EAM system just like subs in where they get an Emergency Action Message from the POTUS and they have to open authenticator codes from a safe. Also Blouise could speak to this too. As there was a reason they went to the authenticator system due to too many prior FUBAR’s with our nukes.

  39. Just so you’ll know… DPRK (North Korea) has been playing “serious” mind games with US, Japan, and SK. They are playing submarine lost & find games with potential nuke boats with Davy Crockett torpedoes (nukes). We lost track of 5 of their subs recently. They claim their sites are on CONUS west coast and Hawaii (et al). They are underground testing nukes capable of setting off 5.1 seismic readings. PRC (China) is not doing too much to help as they have some serious bones-to-pick with US too. But PRC (President Xi Jinping) is pretty much NOT in control of Kim Jun Un. He’s out of control… as well as his mind (just like daddy was too).

    I guarantee you the USN has orders from POTUS to sink any unidentified submarines loitering in our waters off west coast and Hawaii. Albeit, we got suckered by a PRC/PLA nuke Jin-class sub not too long ago (c. 2010). But they were just playing self-authorized war-games with US (right in the middle of a USN war-game) and just fired an SLBM back to China to just show off that they could do it and get away with it. Obama did respond with the 7th Fleet to their waters to show-off back. Pesky little buztards… :rolls eyes:

  40. CryptoLocker blocked screen is a malware program designed by hackers to block access to personal or important files including videos, photos and documents. As soon as the Trojan finds its way into the computer it changes existing registry entries in the startup folder and in its place adds its own malicious registry entries. Not stopping there it further takes steps to ensure that computer automatically installs and executes malware program each time it is restarts. I request you to find solution at

Comments are closed.