Comments on: Two cryptolocker ransomware cases in two days

By: JJ Bartholmew

JJ Bartholmew — Fri, 24 Jan 2014 02:58:15 +0000

One of my business customers was attacked by cryptolocker and we saw, fairly quickly, that paying the $300 ransom was the fastest and cheapest way out of this jam.

From just about every report I have heard it was a business that was hit.

By: Lewis

Lewis — Sat, 12 Oct 2013 01:49:53 +0000

In reply to Ron Pate. Our business just got hit and our production data has been recovered but there was one share with some clinical data with no backups. From all I read, the crooks just take your money and do not provide you with a key...Can I contact you or can you email me. Also there was no evidence that our data was transferred out of our server, there was over 300Gig that was infected, our backups saved the day, but we must have some of our staff come in and enter data all weekend. Thanks..

By: Ron Pate

Ron Pate — Fri, 11 Oct 2013 20:56:41 +0000

Excellent written description of this malware ransom. We just went through this 2 days ago. I do believe that there is some algorithm that determines the amount of data that is going to be encrypted, and the ransom fee is based on that number; ours was $300.

We removed the infection, but were left with encrypted files. I actually think we got lucky from the standpoint that a website was provided to re-create the malware so that we could pay the hostage fee and get access to our data. it took about 2 hours for them to collect on the no-tell credit card and approximately 13 hours to decrypt all of the files. I am reasonably certain that a copy of our files are being reviewed by the crooks for additional stealing.