The Godfather talking
This is god damn my place! Capisci?
Sonsivri
 
*
Welcome, Guest. Please login or register.
Did you miss your activation email?
November 23, 2024, 02:45:45 02:45


Login with username, password and session length


Pages: [1]
Print
Author Topic: Ransomware infection  (Read 7808 times)
0 Members and 2 Guests are viewing this topic.
kumar
Junior Member
**
Offline Offline

Posts: 76

Thank You
-Given: 14
-Receive: 251


« on: January 15, 2020, 01:08:54 01:08 »

pl explain about Ransomware virus.and remedy for the infected drive
safety precaution to get rid  it.
Logged
Sideshow Bob
Cracking Team
Hero Member
****
Offline Offline

Posts: 1001

Thank You
-Given: 231
-Receive: 983



« Reply #1 on: January 15, 2020, 11:01:31 11:01 »

Ok let us say well eh.. hmm your "friend" got a ransomware. The first thing I would do if I was your friend. Would be to google Ransomware and ransomeware removal. If your friend is a victim for a encrypting ransomware. He/she most probably will have to accept the loss and move on. For some Encrypting ransomware it may be a "decrypter" software. But do not get high hopes of this. The best way to not get infected will be to be very aware of what you are clicking on. Like clicking on links or open attachments in unsolicited emails. Or accepting and installing software from dodgy web sites. Also for PC use a virus scanner
Logged

I have come here to chew bubblegum and kick ass... and I'm all out of bubblegum
towlerg
Senior Member
****
Offline Offline

Posts: 263

Thank You
-Given: 474
-Receive: 104

What is this for?


« Reply #2 on: January 15, 2020, 12:15:12 12:15 »

If your browser will allow, run NoScript. Scanning AV will cripple your machine and generate endless false positives. External drives for backups left connected will not protect you.

Edit. Avoid Java, only run Java apps (if you really really must) that use local environments eg the most dreadful MpLabX
« Last Edit: January 15, 2020, 12:34:02 12:34 by towlerg » Logged

Win 7 Ult x64 SP1 on HP2570p
pickit2
Moderator
Hero Member
*****
Offline Offline

Posts: 4667

Thank You
-Given: 834
-Receive: 4321


There is no evidence that I muted SoNsIvRi


« Reply #3 on: January 15, 2020, 03:57:21 15:57 »

The first thing is ask Google:
Logged

Note: I stoped Muteing bad members OK I now put thier account in sleep mode
Sideshow Bob
Cracking Team
Hero Member
****
Offline Offline

Posts: 1001

Thank You
-Given: 231
-Receive: 983



« Reply #4 on: January 16, 2020, 12:20:09 12:20 »

@Kumar You may perhaps find this a little helpful
https://www.allot.com/blog/10-ransomware-attacks-2019/
Logged

I have come here to chew bubblegum and kick ass... and I'm all out of bubblegum
kumar
Junior Member
**
Offline Offline

Posts: 76

Thank You
-Given: 14
-Receive: 251


« Reply #5 on: January 16, 2020, 02:07:05 14:07 »

@Kumar You may perhaps find this a little helpful
https://www.allot.com/blog/10-ransomware-attacks-2019/

Infected by such a ransomware infection and about 2tb data lost.They demanded huge amount by bitcoin payment which is banned in our country.no way to recovery the content.most of the data related to customers wedding photos and videos is unfortunate.
Logged
Sideshow Bob
Cracking Team
Hero Member
****
Offline Offline

Posts: 1001

Thank You
-Given: 231
-Receive: 983



« Reply #6 on: January 16, 2020, 03:16:26 15:16 »

I remember in the early days of encrypting ransomware. It could be effective to make files read only. in theory this would stop the encrypting software getting access to your files. But I am quite sure the ransomware of today have found a way around this trick by now. If your friend also hang on to the disk(s) It could be that a decrypting software may show up further down the road. But well I would not bet on it. From what I see your friend have not taken steps to backup data properly. A fatal disk crash would have had the same effect. All files lost
Logged

I have come here to chew bubblegum and kick ass... and I'm all out of bubblegum
ron
Newbie
*
Offline Offline

Posts: 26

Thank You
-Given: 12
-Receive: 17


« Reply #7 on: December 16, 2020, 11:45:21 11:45 »

Just been hit by it.
What info I can share with you.
Share the _readme.txt you find in each encrypted folder. This will tell us if they have encrypted with a public key or not. Based on the key used and the extension of the encrypted files google can tell you if there is a tool out there to restore it or not.

In my case there is no tool. So I just re-imaged my complete drive from a backup. I lost my latest updates to Protheus and Hightech C. But other than that I got back 90% of my stuff.
They also take over your social media accounts.
The hooks are deep. Down to installing rootkits.
So only safe option is to either image from a backup or format and install a fresh copy of windows.
A good starting point is https://www.nomoreransom.org/
Logged
FTL
Junior Member
**
Offline Offline

Posts: 83

Thank You
-Given: 170
-Receive: 33


« Reply #8 on: December 16, 2020, 07:08:22 19:08 »

My business got hit about a year ago. A full recovery from backups took a few hours and a rebuild of the infected machine and all was fine. It happened in the morning, so we only lost an hour or so's work when recovering from the 4am backups. The biggest impact was taking most of a day of my time to do the recovery.

The server makes the backups to an extra hard drive. That drive is not shared in any way so even clients that have been rooted cannot access the backup data. It is not that big a business, we only have about 100GB of data. It takes a LOT of spreadsheets and e-mails (even with cute cat videos) to add up to 100GB. Since each client machine keeps its Documents folder on the server, the malware started to encrypt that, but could not access the backups. The backup data is also backed up to cloud storage on a regular basis.

In the end it was a pretty brain-dead virus in that it brought up the "you've been hacked" message before it had finished doing the encryption. Once I heard about it, I told the staff to unplug the infected computer from the network, and it actually only encrypted  about 10% of the shared data. It takes several hours to encrypt 50GB of data over a network. Had there been no backups, not much important would have been lost (I would have been lucky in that case).

I guess it is still possible that a ransomware virus could exploit something on the server to infect the server, but I think in most cases they would not bother since there is so much unprotected low-hanging fruit that can be ransomed off. the requirement there would be completely offline backups. I do that on an approximately yearly basis, but could get caught. In the end we would not go bankrupt if we lost all of our data. It is a retail store, not a bank or insurance company where the data is the company.

Maybe the newer versions are smarter. Still, if the client machines do not have access to the backup data, and you are making regular backups, the impact should be manageable. I am also careful that the client machines all run with non-admin accounts.

Working backups (and tested restores) are the important thing.

One story I always tell when (non-tech) people talk of losing data: I was once replacing a hot water tank. The instructions pointed out that the tank is going to start leaking some day so it is important that there is a drain installed to manage the leak. Any sort of data storage is the same thing - it is going to fail some day. Backup copies of all data is critical. Non-tech people seem to clue into that.
Logged
mexpcb
Active Member
***
Offline Offline

Posts: 123

Thank You
-Given: 35
-Receive: 211


« Reply #9 on: December 17, 2020, 08:26:22 20:26 »

I have been experiencing some random attacks recently with the addition that most of the programs you use are "calling home"...

Yesterday I experience a slow down internet connection, and I did notice Chrome was scanning the computer for the programs that I have installed...

So I think the safe way to survive these days is to use a computer for checking emails or navigating the internet and have another dedicated CAD computer that does not connect to the internet, somehow if you are able to get your licenses to work.

i usually use glasswire or some other firewall programs to start checking who is trying to connect and for how long...

regards


Logged
bobcat1
Senior Member
****
Offline Offline

Posts: 304

Thank You
-Given: 4273
-Receive: 94


« Reply #10 on: December 20, 2020, 08:45:02 08:45 »

Hi all.
Window 10 latest update provide some directories protection by setting up ransomware protection in the antivirus setup
the directories are protected against encryption or file manipulation
see the attach picture for direction to setup ransomware protection on window - 10 !!!

All the best

Bobi
  
Logged
Pages: [1]
Print
Jump to:  


DISCLAIMER
WE DONT HOST ANY ILLEGAL FILES ON THE SERVER
USE CONTACT US TO REPORT ILLEGAL FILES
ADMINISTRATORS CANNOT BE HELD RESPONSIBLE FOR USERS POSTS AND LINKS

... Copyright © 2003-2999 Sonsivri.to ...
Powered by SMF 1.1.18 | SMF © 2006-2009, Simple Machines LLC | HarzeM Dilber MC