Cryptolocker and other encryption locking malware


#1

Take a look at this post…

https://hashtalk.org/topic/32706/just-iceing-on-the-cake/5

I don’t always want to link to hashtalk, but this is a good one to learn a lesson from. It appears that this user had his wallet keys on the main hard drive of his PC that got hit with the crypto blocker ransomware.

Please!!! Keep you wallet keys safe in an offline, off the computer, storage. Thumb drive, sd card, anything but your always connected computers hard drive.

Edit: it was actually his encryption keys for the encrypted back up. Still the same theory. Keep your encryption keys and wallet keys off your main computer. And have multiple copies.


#2

Morale of the story - NEVER run EXEs from within C:\Users

:wink:


#3

I live by this rule when I use a Windows Machine. I only use a windows machine for my 3D Cad programs, and I try my best to keep that off line…only connect to update windows. Better safe than sorry.


#4

Group Policy where I am responsible for it ensures that this isn’t running


#5

Let me fix that for you. There much better.


#6

Halo! Encrypts your multi-sig keys into two images you can store wherever you like…just don’t tell anyone what they are… One key could be my forum avatar and nobody would ever know :wink:


#7

That is pretty sweet! Definitely gonna check it out. Right after I download your avatar and hack your wallet. Cause I’m shifty like that…LOL!


#8

I always keep an image on my internal “storage” drive and an image on my external, back system up aboot once a week, keep previous images until i run out of space. Good lil system, even if i get hit hard downtime is aboot an hour max :smiley: Any funny bidness files/programs/sites I usually test in a virtual machine to keep it better contained.


#9

Hah! Even if my avatar was my first key, you’d still need the 2nd image for the 2nd key. Multi-sig, remember? :wink:


#10

I really need to find a good explanation how this is setup and how it is used. I know the principle but the practicalities escape me at the moment.


#11

Download Halo and we an play some. :wink:

Basically my Halo only works if I either load both keys (images) to the wallet or if I have a USB key inserted in which case Halo will pull both keys needed (one from the stick, one from my system) or, you can set it up to have a key on two different system and it will only work if both systems paired their keys.

Alternatively you could create joint accounts and each person needs to pair his private key with the other persons public key to load the wallet and each person needs to sign (verify) transactions.

Get Halo, it’s the balls :wink:


#12

Sounds a little too complicated for my brain


#13

Grrrrr…it is PC only! Will have to wait till I get home to get on my workstation. On a Mac right now.

I am definitely gonna give it a go this evening, will message you when if I have any troubles. But I should be able to work through it. I may not be able to code to help out crypto, but I can help by learning these softwares and spreading and teaching others about it.


#14

Hmm my google fu has left me yet again. Any link to this Halo stuff.


#15

here you go sir


#16

Ah ok thx.


#17

Pittyful another .NOT product.


#18

Yea I commented on that. I can’t believe how crazy he was to store his Offsite backup encryption key onsite… What is the point of an offsite backup if the key to all the data is onsite… WTF… To make it worse he later says in the thread that he tested the decryption of ONE file for testing which was successful but didn’t think to decrypt his offsite backup key file… He gets the bradmans award for Tech support in my book multiple times over.

@AnimoEsto, I agree about Never running Exe’s from within users c:\users folders but the reality of this is when your a contracted support agency like myself a lot of customers that get hit with these don’t have any type of domain to enforce this rule and also don’t have the funds to put one in place. On top of this they insist on having full access to install and run what they like. We offer offsite offsite backups to our customers which is mounted over a secure VPN tunnel and backed up to a secure data center which is then dismounted to ensure data is safely detached during business hours. We also have an onsite version which happens in the same scheduled to a USB drive using our own custom version of backupninja. This is the best we can do for these customers and most come on board with this idea after being hit with cryptolocker :wink: