Windows XP How to get rid cryptolockers?

[Mohammad Rahmati]

I have a very important relation about cryptolockers!
It's About uninstalling cryptolockers
Open your task manager, enter the process tab and terminate the crypto's tree.
Open the Run menu and go to the msconfig program.
Enter the services tab and disable the crypto.
Enter the Startup tab and disable the crypto unit.
Enter the Document and settings folder located in your windows drive.
Crypto folder in the folder all users to find and remove it with all its system files.
That was so simple.
ha ha ha ha
they will not destroy us!!

 

[Mike]

If you're talking about BitLocker, I guess so.

 

[Trouble]

http://blog.fox-it.com/2014/08/06/cryptolocker-ransomware-intelligence-report/

They are providing a free service for unlocking the ransomware. The link is in that article.
It has been around for a while and was a very devastating piece of malicious code.

 

[Trouble]

New.... as in brand new, Ransomware in the wild.

CryptoWall 2.0
It kicks CryptoLocker’s @$$.

Makes encrypted copies of all your files and deletes the originals. Then erases all shadow copies so previous versions will not work and then apparently deletes restore points.
It also infects mapped network drives as well as other shares and even you dropbox storage if you have it mapped.

So basically, if you don’t have backups, you’re properly screwed.

Infection Vectors
Since we detected the first CryptoWall 2.0 variant with our WildFire engine on September 29, we’ve seen over 85,000 separate attacks attempting to deliver the malware. The majority of these have come through e-mails with executable attachments, sometimes contained in .zip files. Most of the e-mail attacks used fake invoice, fax and voicemail themes with attachments named like the following:

• Complaint_IRS-Id-12839182.scr
• fax00415741732781728.scr
• VOICE387-778-3454.zip
• CH_Import_Information.exe

In the last week we’ve seen the attack vectors evolve to contain exploit kits as well. On October 19, the Kafeine posted a blog discussing the inclusion of CVE-2014-0556 in the Nuclear Pack exploit kit, which was installing CryptoWall 2.0.

Yesterday we picked up an e-mail campaign pretending to be a fax report that carried a .zip attachment with a PDF inside. The PDF exploits CVE-2013-2729 to download a binary which also installed CryptoWall 2.0.

SOURCE: http://researchcenter.paloaltonetworks.com/2014/10/tracking-new-ransomware-cryptowall-2-0/
AND
http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information

 

[Trouble]

And it seems that they've stepped up their game yet again with CryptoWall 3.0
http://www.csoonline.com/article/28...-new-version-after-two-months-of-silence.html

Backup your files folks, image your systems and keep those on an external drive that is only connected to your system when performing the backups.