Issue 166 - November, 2013 (2nd Edition) - Page 37
'Really Bad Virus' Warning
Circulating social media message warns users about a "really bad virus" that can encrypt your entire computer and show a message demanding that you send $300 to a specified address.
© Depositphotos.com/ Len Neighbors
The message apparently attempts to describe a CryptoLocker Ransomware infection. The core claims in the message are valid. However, the warning lacks clarity and does not provide enough information to help people avoid a CryptoLocker infection or effectively deal with one. In fact, it does not even name the threat. The message's value as a warning is therefore significantly diminished. More information and links to reputable resources about the threat are included in the detailed analysis below.
Hey this is a warning BE CAREFUL ANF BACK UP YOUR COMPUTER. There is a really bad virus out there now that infects though e-mail with or without attachments!!! It slowly encrypts your entire computer with a 200 something bit encryption and then after its done its shows msg on your screen that says to send $300 to an address. Don't try to kill the virus as it will only make it worse. Can cause physical damage!!!
you have to wipe drive and start new. sorry for bad news
This circulating social media post warns users about a "really bad virus" that can "encrypt your entire computer" before displaying a message demanding that you send $300 to a specified address. It further warns that trying to kill the virus will only make the infection worse and can cause physical damage. It advises that, if infected, you will need to wipe your hard drive and start over.
The message is apparently attempting to warn users about a CryptoLocker ransomware infection
. CryptoLocker ransomware can indeed encrypt files on the infected computer and will demand that users pay between $100 and $300 to have the files released.
The introduction to a comprehensive guide to CryptoLocker
published on BleepingComputer.com explains:
CryptoLocker is a ransomware program that was released around the beginning of September 2013. This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.
The malware is generally spread via email attachments in seemingly legitimate emails that claim to be from high profile companies such as FedEx or UPS.
There is currently no way of decrypting the locked files other than to pay the required ransom. And, if users do not pay up within the specified time, the decryption key, which is stored on the criminal's server, will be destroyed and your files will likely remain forever locked.
If you have uninfected backups, you may be able to remove the infection and restore your files. However, depending on how your backup system is configured, it is possible that the malware may have also infected your backup files.
Thus, Cryptolocker is a significant threat and computer users would certainly be wise to make themselves aware of it.
However, the above message actually does a rather dismal job of educating users about the threat and telling them what to do about it should their computers become infected.
The warning does not even name the threat, nor does it describe in any meaningful way how the ransomware is distributed. And, the malware does not encrypt the entire computer as claimed in the mesaage, but rather locks up certain types of files. Computers with the infection are still operable.
The warning does not link to any expert advisories on the topic that would provide recipients with further information. And, the rather cryptic claim that the malware can "cause physical damage" is misleading. If victims do not pay, they may never recover their files, but there is no suggestion that the infection will physically damage the computer's hardware. Moreover, while users may not regain access to the encrypted files, the malware itself can be removed without "wiping the hard drive".
Thus, although the message's creator probably had good intentions, its value and validity as a warning about CryptoLocker is greatly eroded. If you wish to ensure that your friends are aware of the very real threat posed by Cryptolocker, it would be better to send them a link to a reliable and regularly updated article such as that provided by BleepingComputer
rather than pass on the above - rather garbled and ineffective - message.
Last updated: October 30, 2013
First published: October 30, 2013
Research: Joshua Brunson and Brett Christensen
By Brett M. Christensen
Pages in this issue:
- Philippines Typhoon Disaster Scams
- Wedding Invitation Malware Emails
- 'Suspicious Guy Claiming He is You' Spam Emails
- Hunting Family Posing With Dead Elephant Picture
- 'Missing Persons in Australia' Facebook Like-Farming Scam
- Baby Iko Facebook Sick Child Hoax
- 'Young Romanian Woman' Car Crash Scam Warning
- No, Scientists in Texas are NOT Going to Use Sex Offenders for Medical Research
- Facebook Hate Campaign Against Keely Currie
- Chinese Teleportation Road Rescue Video
- PlayStation 4 Like and Share Giveaway Facebook Scam
- Circulating Video of Girl Throwing Puppies Causing Outrage
- 'Bizarre Unknown' Fish Caught in Malaysia Not So Mysterious
- No, The Bitstrips App is NOT an NSA Trojan
- 'Removing An Old Setting' Facebook Notification Message
- Did a Man in China Sue His Wife For Being Ugly?
- '200 Pieces of iPhone' Facebook Giveaway Scam
- Gmail '4 Missed Emails' Pharmacy Spam
- 'Freedom Award Lottery Promotion Agency' Facebook Page Scam
- Spider in Oreo Cookie Photograph
- 'Giant Fukushima Mutant Dog' Picture
- Oprah Winfrey is NOT Dead - Links in Message Lead to Rogue App
- ANZ Phishing Scam - 'We Detected a Login Attempt With a Valid Password'
- 'Microsoft Facebook Yahoo Windows Live Award' Advance Fee Scam
- Chemical Burns From Gel In Diaper Warning Message
- Charles F. Feeney 'Grant Donation' Advance Fee Scam
- False and Damaging Rumour - 'RSPCA Paid to Keep Quiet About Halal Slaughtering'
- 'Apple ID Information Updated' Phishing Scam
- ASDA Attempted Kidnapping Hoax
- Bogus Message Proclaims ' Christmas is banned: IT Offends Muslims'
- False Rumour - Patron at Cosmo Romford Finds Dog Microchip Wedged in Tooth
- Hoax - Picture of 'World's Largest Tortoise'
- Fogg Hill Wolf Kill Warning Poster
- NO, Obama is NOT Opening Free Gas Stations in Poor Neighborhoods
- Marks & Spencer Poppy Sales Three Percent False Rumour
- Westpac 'Login Attempt From Unrecognized Device' Phishing Scam
- 'Really Bad Virus' Warning
- Facebook Surcharge Hoax - £1 Per Month From January 2015
- BMW M5 Giveaway Like-Farming Scam
- 'Baby Andrei Needs Help' Facebook Page Donations Scam
- Beware of Fake Obamacare Websites
- 'Temporarily Blocked From Liking Pages' Facebook Message
- 'Pieces of iPad' Giveaway Facebook Scam
- Hoax - Hacking Group Anonymous Targeting Facebook Users With Giraffe Profile Pics
- Bogus Warning - Canned Fruit From Thailand Contaminated With HIV
- Giraffe Profile Picture Virus Hoax