CryptoLocker Virus, Ransomware, sites being blocked, not entirely a good thing, please review and advise!
Today at 7:46 PM
OpenDNS,
I am contacting you regarding this result:
"OpenDNS has blocked 67.215.66.149 due to a security threat that was discovered by the Umbrella Labs.
If you think this shouldn't be blocked, please email us at security-block@opendns.com "
There is a situation developing on the internet, due to what is known as ransomware, and it uses a file encryption
type virus, known as CryptoLocker and it encrypts the victims hard drives and network drives, and then requests a
ransom be paid to decrypt those files.
Apparently this ip, was one of the servers, which was facilitating the some aspect of this virus.
Yes, stopping the site would be a good thing to prevent further infection, however for those who unfortunately need to
comply with this virus, they are NOT able to interact with it and therefore are unable to retrieve their files.
This issue is being heavily discussed at bleepingcomputer.com
and a support thread is active here:
For both the victims and other supporting infrastructure, this is a catch22.
We need to stop their services from spreading this threat and we need their services to undo the harm.
Can you please advise?
-
Advise as to what? How do you need the services of an infected "good" site or access to a malware server to "undo the harm"? Don't access a "good" site if it is infected until such time the problem is rectified, in which case OpenDNS would unblock the domain(s).
If you want to play around with this, add the domain(s) to your whitelist or turn off filtering.
However, that IP itself is for hit-malware.opendns.com, which is where you were redirected upon requesting the blocked domain.
Any service questions are best directed to the email address you were provided, or to OpenDNS in the form of a support ticket.
Please sign in to leave a comment.
Comments
1 comment