Warning: CryptoWall is very dangerous !!!
On my end, I am always prepared for the worst. Today it happened.
I am writing to you from my Apple MacBook Pro. VMWare Fusion 8 is always
running up-to-date copies of virtual machines from my main development
machine (Dell Precision Workstation). The Dell machine is running Windows 7
Ultimate Edition and VMWare Workstation 12 with 22 VMs. All my "real" work
is done in VMs. The host is protected by Microsoft Windows Defender and
normally I do not even open Internet Explorer on this machine. But this
morning, I made a mistake (too much coffee or not enough) and checked a web
site from that host. And the damn web site infected my UAC-enabled and
Windows Defender protected host system with a brand new version of
CryptoWall. Ouch! The FBI is right, this thing is dangerous. It
immediately started to encrypt all my files on the host.
I shutdown the system and ordered a new SSD from Amazon (same-day delivery,
should be here in 7 hours). So I'll have a busy weekend installing Windows
10 Enterprise and VMWare on my Dell Precision Workstation.
To the developers of CryptoWall, you can rot in hell and I really wouldn't
care.
And to my friends, "LOOP always always always END" have a current backup of
your data.
Friedrich
Re: Warning: CryptoWall is very dangerous !!!
sorry to hear that Friedrich, happened to me 2 years ago
Dan
Re: Warning: CryptoWall is very dangerous !!!
Mean people suck.
BTW - what host are you talking about? I use FF and I'm not impressed
at all with the new Edge (formerly known as IE).
--
Russ Eggen
RADFusion International, LLC
Re: Warning: CryptoWall is very dangerous !!!
Hi Friedrich,
> site from that host. And the damn web site infected my UAC-enabled and
> Windows Defender protected host system with a brand new version of
> CryptoWall. Ouch! The FBI is right, this thing is dangerous. It
> immediately started to encrypt all my files on the host.
Nasty :-(
Using AVG here but even with that installed I never access the Web
directly.
I use SandboxIE http://www.sandboxie.com/ .
So all Web access changed files, downloaded bits and pieces etc etc
goes into the Sandbox and at the end of a session I simply terminate
all programs running in the Sandbox and delete all files.
If I notice _anything_ suspicious whilst browsing I terminate all
programs from the SandboxIE control window and then delete all files in
the sandbox.
It's called SandboxIE from I(nternet) E(xplorer) but you can set it to
work with Chrome, FireFox etc etc
Graham
Re: Warning: CryptoWall is very dangerous !!!
Hi Friedrich,
> site from that host. And the damn web site infected my UAC-enabled and
> Windows Defender protected host system with a brand new version of
> CryptoWall. Ouch! The FBI is right, this thing is dangerous. It
> immediately started to encrypt all my files on the host.
Those things are nasty! My brother got one of those couple of years
ago. Lost several thousand photos.
> And to my friend, "LOOP always always always END" have a current backup of
> your data.
*AND make sure it can be restored!!!!! *
I have both image and file backups of all important files, as well as
having all code and related data (help files, website, whatever) in
version control, which is backed up in quadruplicates, local, online and
off site!
Best regards,
--
Arnor Baldvinsson
Icetips Alta LLC
Re: Warning: CryptoWall is very dangerous !!!
Hi Friedrich -
Sorry that happened to you.
How could you have prevented this if it were possible to prevent?
Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.
Grammar troll's, are the worse.
Re: Warning: CryptoWall is very dangerous !!!
Interesting!
> Hi Friedrich,
>
> I use SandboxIE http://www.sandboxie.com/ .
> So all Web access changed files, downloaded bits and pieces etc etc goes
> into the Sandbox and at the end of a session I simply terminate all
> programs running in the Sandbox and delete all files.
> If I notice _anything_ suspicious whilst browsing I terminate all
> programs from the SandboxIE control window and then delete all files in
> the sandbox.
>
> It's called SandboxIE from I(nternet) E(xplorer) but you can set it to
> work with Chrome, FireFox etc etc
>
> Graham
--
Russ Eggen
RADFusion International, LLC
Re: Warning: CryptoWall is very dangerous !!!
> How could you have prevented this if it were possible to prevent?
I'd like to understand this better too.
>> morning, I made a mistake (too much coffee or not enough) and
checked a web
>> site from that host. And the damn web site infected my UAC-enabled and
Stupidly, I was wondering "what site"?
Thanks for not posting a link :)
Simon Kemp
Re: Warning: CryptoWall is very dangerous !!!
I wonder if this could also infect the BIOS or UEFI in such a way that
replacing the hard disk is not enough. Kinda like this:
http://www.pcworld.com/article/29480...einstalls.html
Jeff Slarve
www.jssoftware.com
www.twitter.com/jslarve
I'll search help files & Google for you.
Grammar troll's, are the worse.
Re: Warning: CryptoWall is very dangerous !!!
I'm so naive about this stuff. So despite the fact you're running virus
protection (Friedrich mentioned WD) your machine can go tits-up if you
touch the wrong site?
I seem to have got lucky for years...
Simon Kemp