Cryptolocker Virus Question

Just curious if anyone has ever tried using any Linux live cds to try to read Crypto Locker encrypted files?

 

I got an answer from Ken Dwight, the Virus Doctor on Linkedin who said it has been tried many times and encryption trumps the operating system.

 

Trouble I see is that Linux will probably open or access the data but without the 'key' all your going to see is garbled junk.

 

All true I now know.

 

It now depends on which cryptolocker version, if the original I think the FBI sorted them out and then made the unlocking keys public and free. If one of the later versions, you are stuck till they get smashed by the authorities.

However we are back to the advice given out when this thing first started, make backups regularly and keep them disconnected when not actually backing stuff up.
Unfortunately that advice gets ignored till that horrible thing gets into your computer, and by that time it is too late.

 

Seems there is a link between 5½ inch floppy drives and people who understand the importance of backing up files.

 

Well here is the complete update about CryptoLocker as we have passed the first year in existance now and there is still no end in sight...reprinted with permission from virus expert Ken Dwight recently posted at the Linkedin Forum:
"
·

Ken Dwight

Owner, The Virus Doctor

"Thanks for the vote of confidence, Jim! Having said that, I need to correct a statement you made. Nobody has "figured out" CryptoLocker. As a result of some fortuitous circumstances, combined with some fine detective work, two anti-virus vendors gained access to some of the servers that had been used by the producers of CryptoLocker. Those servers contained the private encryption keys that were required in order to decrypt the encrypted files.

Using those keys, it was possible to decrypt some of the files that had been encrypted by the original CryptoLocker. But not because anybody "figured it out," or came up with a silver bullet to recreate those keys. For all practical purposes, those keys are uncrackable.

And bear in mind, we're still in the first generation of encrypting ransomware. This form of criminal activity first showed up more than 10 years ago, but it was not widely distributed and used a fairly simplistic approach to encryption. Those infections left the encryption key on the affected computer, making it possible, if not easy, for a competent tech to find the key and decrypt the files. I'll refer to this as Version 1.0 in this family.

When CryptoLocker first surfaced, just one year ago this month, it was a game changer. It followed best practices in encryption, using a combination of a public key on the affected computer and a private key on the CryptoLocker servers. And they used (or claimed to use) 2048-bit encryption, orders of magnitude beyond the 128-bit encryption that was considered to be the gold standard just a few years ago. Again, uncrackable. And it was very widely distributed, becoming one of the most widespread pieces of malware in recent memory. All things considered, this was a big enough step up from Version 1.0 that I'll call it 1.5.

With the success of CryptoLocker came the imitators -- at least 7 of them, at last count. And some of them are being sold worldwide in exploit kits. So, for a few thousand dollars, you can have your own CryptoLocker knockoff. Most of them follow the same general approach, so I'll keep all of them at Version 1.5.

Then, in July, 2014 CTB Locker (aka Critroni) showed up. It has been described by Fedor Sinitisyn, a blogger and security researcher for Kaspersky, as second-generation ransomware. He lists 5 reasons that he believes it deserves that designation, reprinted in a blog post by Stu Sjouwerman, founder of KnowBe4. Here is a link to that post:http://blog.knowbe4.com/bid/392887/Heads-Up-Second-Generation-Ransomware-In-The-Wild.

I already have some ideas of what encrypting ransomware Version 3.0 and possibly 4.0 could look like, but won't share those ideas here for obvious reasons. But even if we stay at the current level of sophistication for a few more years (which I consider unlikely), there is still a lot of room for them to get much worse.

While most of these strains of encrypting ransomware to date have targeted home and small-business users, with ransom demands in the hundreds of dollars, there is much speculation in the Internet Security industry that the threats will ramp up to target major corporations and demand ransom in the hundreds of thousands or even millions of dollars.

Considering the recent high-profile hacks of Target, JP Morgan Chase, Home Depot, and many others, who can doubt the vulnerability of such organizations?"