Learning with Cryptolocker

Hi all and thank you for taking the time to read this.

As i've grown better and better with computers over time, i've been entrusted to help others where i once needed help too. By this i mean in way of malware removal, tweaking up machine performance and reinstallations of sofware. I feel proud of what i have achieved and am always looking to learn new things to help me in my quests. So far i have had 100% success rate in the 50 odd occassions i have been asked for help. That is partly thanks to pro's like on this site.

My lastest adventure in my quest to know it all is dealing in ransomware. The obvious one that popped up everywhere on google search was Cryptolocker. I know its malware and so not good under any circumstances, but you have to admit, it was pretty clever. However putting that aside, i thought i would read up a bit about it and what it does compared to other ransomware. Again obviously the encryption of files and the need to have the key from their server to decrypt them stood out. Then i started reading about software to help recover these 'non-recoverable' files, included Panda decryption software and using 'shadow copies' of the files.

So, i made a few files up, cleaned up my computer, took all my personal stuff off it and then decided to uninstall my antivirus. Then i went on the hunt, a hunt to find a link to download it. Yeah i know, it sounds daft, but i learn best that way. I tried looking closely at google images for the link, searching google for the attachment. I went through all 9 of my email accounts looking for the fedex, UPS and other attachments and even went on to the tor network to try and find it. Nothing. Totally nothing. Even on the malware domain list. i saw other ransomware, but they are almost easy to clear as long as you know what your doing. Not a sausage. Any maybes just opened a page that couldn't be opened if you know what i mean.

I really dont expect to be handed it by anyone, its not like people keep a spare hanging about, but how can i put myself in a position to get this infection? I dont want to and refuse to go searching through porn and clicking everything. I want it to be more controlled than that. My machine is up for reinstallation anyway so this is the perfect time to educate myself and gain a better understanding, in which i can then perform my service better to paying customers. I really have searched and search and so here i am.

Again let me please say, i condone malware in any sense when used maliciously. I want to become better, i want to become a pro like you guys and know what im talking about and can pass my knowledge down some day.

Thank you for taking the time to read this post and i hope to maybe here from a few of you soon.

Take care

Andy

 

You condone it??confused

 

Lol sorry. Definitely do NOT condone it

 

Hi there DavidGP. Thank you for your response and certainly thank you for pinging other expert members to my post.

Again to any future posts, I dont expect to be just given Cryptolocker, if ofcourse it even is something that can be 'passed around' to testers. I am more than happy to find something similar and get myself into the same kind of situation.

Also if anybody has any advice on things i may have forgot to do or need to do before testing, then advice is always 100% welcome. Plus any other kind of advice you may think i should know.

Thank you again for your time

Andy

 

I totally understand that and for obvious reasons.

Is there however a way i can put myself in a similar situation that wouldn't involve posting links that would help me to train myself? Or steer me in the right direction of how to self train should these sorts of situations arise? How other members of Majorgeeks learn. as i'm sure i'm not alone in using this method for training.

Thank you in advance

Andy

 

If I wanted to pick up malware for research/testing I'd do it in a virtual machine, not in my primary system.

 

Since you specifically wanted to learn about CryptoLocker, maybe one or more of the links on this page will give you the information you seek. I Googled "learn about cryptolocker".

 

If it's the CryptoLocker type that sends the encryption key to the C&C server:

• Nothing will happen unless it can connect to the C&C, so you'd need a fresh sample.
• Current variants now delete shadow copies.
• None of the decrypters available will recover the files.
• The only method of recovery is to have to have your files or preferably a system image saved to an external drive. Make sure the external drive is disconnected from your system, otherwise there's the risk of the backups being encrypted.

 

Thank you for your information.

Thank you all for your input into my query and advice given

Andy