1. Welcome Guest! In order to create a new topic or reply to an existing one, you must register first. It is easy and free. Click here to sign up now!.
    Dismiss Notice

New Ransomware CryptoFortress Encrypts Unmapped Network Shares

Discussion in 'General Malware And Security' started by Rich M, May 12, 2015.

  1. Rich M

    Rich M Guest

    Joined:
    Dec 24, 2013
    Messages:
    4,580
    Location:
    NE Pa USA
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    MSI Z97 PC Mate LGA 1150 Intel Z97
    CPU:
    Intel i7 4790K 4.0Ghz
    Memory:
    Corsair Vengeance 16GB (2x8GB) DDR3 2133
    Hard Drive:
    Crucial 256 Gb SSD+ WD Raptor 300 Gb Sata III
    Graphics Card:
    Radeon R9 280 2GB HDMI
    Power Supply:
    Seasonic 750 watt
    Used to be that ransomware only looked at hard drive C:, and then any other mapped drives like D:, E:, F: etc., but now a newly discovered strain called CryptoFortress was discovered yesterday by security researcher Kafeine that has stolen the look & feel of TorrentLocker but is a whole new malicious strain. It would be a bit much to call this a new generation, but it certainly is a powerful new feature.

    CryptoFortress includes the new and nasty feature of being able to encrypt files over network shares even if they are not mapped to a drive letter. Normally when ransomware encrypts your data it does so by retrieving a list of drive letters on a computer and then encrypting any data on them.......

    http://blog.knowbe4.com/new-ransomware-cryptofortress-encrypts-unmapped-network-shares
     
    Rich M, May 12, 2015
    #1
  3. DSTM (Dougie)

    DSTM (Dougie) Registered Members

    Joined:
    May 3, 2009
    Messages:
    8,270
    Location:
    SYDNEY AUSTRALIA
    Operating System:
    Windows 7
    Last edited: May 12, 2015
    DSTM (Dougie), May 12, 2015
    #2
    allheart55 (Cindy E) likes this.
  4. Plastic Nev

    Plastic Nev SUPER MODERATOR IN MEMORY

    Joined:
    May 2, 2009
    Messages:
    2,801
    Location:
    In front of a monitor in Blackburn Lanc's UK.
    Operating System:
    Windows 7
    On a different thread of Tony's, he could have done with installing that Crypto Monitor! :biggrin:
    However, reading up on how Crypto Monitor works, I would think it has a good chance of trapping even that latest one.
    I have taken some notice of it and downloaded the free version, once I install it I can report on my impression of it at some later date.

    Nev.
     
    Plastic Nev, May 13, 2015
    #3
    allheart55 (Cindy E) likes this.
  5. starbuck

    starbuck Rest In Peace Pete Administrator

    Joined:
    Sep 26, 2009
    Messages:
    3,830
    Location:
    Midlands, UK
    Operating System:
    Windows 10
    CPU:
    AMD Athlon II x2 250 Processor 3.00GHz
    Memory:
    8gb DDR3
    Hard Drive:
    500gb SATA
    Graphics Card:
    ASUS GeForce GTX 960 2gb
    Power Supply:
    650w PowerCool X-Viper
    Nathan does say that CM does detect and trap CTB Locker.
    I actually joined 'Nathans' testing team for Crypto Monitor.
    I was testing it on the new Win10.
    We actually went through quite a few changes before arriving at the version you now see.
    Although we did work with the Pro version, I have opted to just install the free version now.
    It actually does what it says on the tin.
     
    starbuck, May 13, 2015
    #4
  6. Tony D

    Tony D Administrator Administrator

    Joined:
    Sep 25, 2009
    Messages:
    5,157
    Location:
    SE Pennsylvania, USA
    Operating System:
    Windows XP Professional
    Tony D, May 13, 2015
    #5
  7. Rich M

    Rich M Guest

    Joined:
    Dec 24, 2013
    Messages:
    4,580
    Location:
    NE Pa USA
    Operating System:
    Windows 7
    Computer Brand or Motherboard:
    MSI Z97 PC Mate LGA 1150 Intel Z97
    CPU:
    Intel i7 4790K 4.0Ghz
    Memory:
    Corsair Vengeance 16GB (2x8GB) DDR3 2133
    Hard Drive:
    Crucial 256 Gb SSD+ WD Raptor 300 Gb Sata III
    Graphics Card:
    Radeon R9 280 2GB HDMI
    Power Supply:
    Seasonic 750 watt
    Tony I am putting Crypto Prevent and Unchecky now on every computer I service and explaining how to update Crypto Prevent. I have to get that into my 6 step memo for success I leave everyone and tell them iof they do all those things faithfully, they will not get reinfected.
     
    Rich M, May 14, 2015
    #6
    allheart55 (Cindy E) likes this.

Share This Page