Ransomware infection

[kumar]

pl explain about Ransomware virus.and remedy for the infected drive
safety precaution to get rid  it.

[Sideshow Bob]

Ok let us say well eh.. hmm your "friend" got a ransomware. The first thing I would do if I was your friend. Would be to google Ransomware and ransomeware removal. If your friend is a victim for a encrypting ransomware. He/she most probably will have to accept the loss and move on. For some Encrypting ransomware it may be a "decrypter" software. But do not get high hopes of this. The best way to not get infected will be to be very aware of what you are clicking on. Like clicking on links or open attachments in unsolicited emails. Or accepting and installing software from dodgy web sites. Also for PC use a virus scanner

[towlerg]

If your browser will allow, run NoScript. Scanning AV will cripple your machine and generate endless false positives. External drives for backups left connected will not protect you.

Edit. Avoid Java, only run Java apps (if you really really must) that use local environments eg the most dreadful MpLabX

[pickit2]

The first thing is ask Google:

[Sideshow Bob]

@Kumar You may perhaps find this a little helpful
https://www.allot.com/blog/10-ransomware-attacks-2019/

[kumar]

@Kumar You may perhaps find this a little helpful
https://www.allot.com/blog/10-ransomware-attacks-2019/

Infected by such a ransomware infection and about 2tb data lost.They demanded huge amount by bitcoin payment which is banned in our country.no way to recovery the content.most of the data related to customers wedding photos and videos is unfortunate.

[Sideshow Bob]

I remember in the early days of encrypting ransomware. It could be effective to make files read only. in theory this would stop the encrypting software getting access to your files. But I am quite sure the ransomware of today have found a way around this trick by now. If your friend also hang on to the disk(s) It could be that a decrypting software may show up further down the road. But well I would not bet on it. From what I see your friend have not taken steps to backup data properly. A fatal disk crash would have had the same effect. All files lost

[ron]

Just been hit by it.
What info I can share with you.
Share the _readme.txt you find in each encrypted folder. This will tell us if they have encrypted with a public key or not. Based on the key used and the extension of the encrypted files google can tell you if there is a tool out there to restore it or not.

In my case there is no tool. So I just re-imaged my complete drive from a backup. I lost my latest updates to Protheus and Hightech C. But other than that I got back 90% of my stuff.
They also take over your social media accounts.
The hooks are deep. Down to installing rootkits.
So only safe option is to either image from a backup or format and install a fresh copy of windows.
A good starting point is https://www.nomoreransom.org/

[FTL]

My business got hit about a year ago. A full recovery from backups took a few hours and a rebuild of the infected machine and all was fine. It happened in the morning, so we only lost an hour or so's work when recovering from the 4am backups. The biggest impact was taking most of a day of my time to do the recovery.

The server makes the backups to an extra hard drive. That drive is not shared in any way so even clients that have been rooted cannot access the backup data. It is not that big a business, we only have about 100GB of data. It takes a LOT of spreadsheets and e-mails (even with cute cat videos) to add up to 100GB. Since each client machine keeps its Documents folder on the server, the malware started to encrypt that, but could not access the backups. The backup data is also backed up to cloud storage on a regular basis.

In the end it was a pretty brain-dead virus in that it brought up the "you've been hacked" message before it had finished doing the encryption. Once I heard about it, I told the staff to unplug the infected computer from the network, and it actually only encrypted  about 10% of the shared data. It takes several hours to encrypt 50GB of data over a network. Had there been no backups, not much important would have been lost (I would have been lucky in that case).

I guess it is still possible that a ransomware virus could exploit something on the server to infect the server, but I think in most cases they would not bother since there is so much unprotected low-hanging fruit that can be ransomed off. the requirement there would be completely offline backups. I do that on an approximately yearly basis, but could get caught. In the end we would not go bankrupt if we lost all of our data. It is a retail store, not a bank or insurance company where the data is the company.

Maybe the newer versions are smarter. Still, if the client machines do not have access to the backup data, and you are making regular backups, the impact should be manageable. I am also careful that the client machines all run with non-admin accounts.

Working backups (and tested restores) are the important thing.

One story I always tell when (non-tech) people talk of losing data: I was once replacing a hot water tank. The instructions pointed out that the tank is going to start leaking some day so it is important that there is a drain installed to manage the leak. Any sort of data storage is the same thing - it is going to fail some day. Backup copies of all data is critical. Non-tech people seem to clue into that.

[mexpcb]

I have been experiencing some random attacks recently with the addition that most of the programs you use are "calling home"...

Yesterday I experience a slow down internet connection, and I did notice Chrome was scanning the computer for the programs that I have installed...

So I think the safe way to survive these days is to use a computer for checking emails or navigating the internet and have another dedicated CAD computer that does not connect to the internet, somehow if you are able to get your licenses to work.

i usually use glasswire or some other firewall programs to start checking who is trying to connect and for how long...

regards

[bobcat1]

Hi all.
Window 10 latest update provide some directories protection by setting up ransomware protection in the antivirus setup
the directories are protected against encryption or file manipulation
see the attach picture for direction to setup ransomware protection on window - 10 !!!

All the best

Bobi