PDA

View Full Version : Ransomware



effie c
17-10-2013, 08:20 PM
Hi all,

Our local newspaper ran an article this morning creating an impression the world could end soon,when a malicious program has installed itself into quite a few N Z computers,which in effect freezes the computer until a ransome is paid where-upon a key is sent to release the working equipment----then to make matters worse even after the ransome is paid the initial install is still there-in hibernation to come again,so to speak.

I housekeep every week -sic., today I got two intrusions of low threat value
I use ESET, Super antispyware and Spybot Search and Rescue,and Ccleaner,

The question is is this enough and if not, my back up harddrive E drive,is internal and should I get an external one , as well

My Internal h/d is backed up automatically, every week but I am told that that would be just as vulnerable as the main C drive-- an outside would not be so

Am I panicking?

Effie c

Speedy Gonzales
17-10-2013, 08:41 PM
Ransomnware has been around for a while now. And some of the variants are easy to remove. Rescue cds like Kaspersky rescuecd usually have defs / updates to remove variants of ransomware. But first you have to burn the ISO from the site then boot from the cd you created.

Just be careful what sites you go to, and if you get attachments in email, DON'T download or run them if you dont know who it's from. Also keep windows up to date

wainuitech
17-10-2013, 08:50 PM
The biggest thing is to keep your Antivirus upto date. Seen it happen way to often AV's out of date and visiting suspect , infected sites or porn sites are a big cause as well (on the subject Nod32 has just today done an upgrade from 6 to 7. More on that in a moment)

Some of the bootable CD's will allow you to remove infections BUT the latest batch of Ransom ware actually disable booting from an Optical drive or USB bootable drive.
The fix for those type are so easy as long as system restore is NOT turned off.

Cleaning out once a week --- do it more often. Run Ccleaner when finished every day, only takes a few seconds and can remove any problem files that are sitting in the temp internet folder.

While doing regular backups is good, doing it to an internal drive on the same PC is not good enough.

Heres an examples: What happens if something does get through -- It can infect any attached drives. What happens if the PC gets stolen ( for example) wheres the backup ? --GONE. If something goes wrong with your PSU and puts 240 Volts into the PC -- POOF everything is gone. ( a lot of "what ifs" but seen all of them at one stage or another)

Its always best to back up to either external drives and only have them plugged in when actually being used. OR backup to another computer / NAS on a LAN.

Re the Nod32 upgrade: some of our PC's are popping up with a upgrade available others I'm manually doing it. Open Nod32, go to Updates, on the right click Product Update -- It will install Version 7.

5249

Lawrence
17-10-2013, 08:52 PM
Pays to have a heads up with Cryptolocker Ransomeware though,you can remove the trojan-ransome but your files are still encrypted thats why you need a backup strategy

http://blog.malwarebytes.org/intelligence/2013/10/cryptolocker-ransomware-what-you-need-to-know/

After removing a couple of "Ukash" bogies from family and friends comps you become even more aware of good backup and malware protection
I went from Avira to Nod32 and upgraded malewarebytes free to pro to give full time protection plus getting rid of software that is redundant and upgrading other

Got my backup on an external

pctek
18-10-2013, 07:25 AM
I use ESET, Super antispyware and Spybot Search and Rescue,and Ccleaner,

The question is is this enough and if not, my back up harddrive E drive,is internal and should I get an external one , as well

My Internal h/d is backed up automatically, every week but I am told that that would be just as vulnerable as the main C drive-- an outside would not be so


Ccleaner does not remove malware, just clutter.
Still, you have enough protection - so long as you are updating the definitions on all 3 before the scans.

Backup drives absolutely should not be part of the PC. Let's say you have a power problem and it fries your PC, likely to fry the lot......
Always backup data you need on an external drive and don't leave it on and connected. Backup then turn it off and unplug it.

Paul Ramon
18-10-2013, 08:18 AM
I've been very successfully removing ransomware with Hitman Pro then Malwarebytes - quick & easy. Been seeing so many infections I keep a bootable copy of Hitman on a flash drive just specifically to remove the ransomware then always use a freshly updated scan with Malwarebytes.

wainuitech
18-10-2013, 08:41 AM
I've been very successfully removing ransomware with Hitman Pro then Malwarebytes - quick & easy. Been seeing so many infections I keep a bootable copy of Hitman on a flash drive just specifically to remove the ransomware then always use a freshly updated scan with Malwarebytes. That works sometimes, but as I mentioned earlier on - the latest batch of Ransomware actually disable booting from an Optical drive or USB bootable drive.

Alex B
18-10-2013, 08:42 AM
It's not the removing of ransomware that is the hard part. Have a look at cryptolocker for example. If you're not doing real time anti-malware scanning you could well be in trouble with that one. People that are paying the ransom (because they pretty much have to if they don't have backups and want their files back) are funding better/smarter ransomware.

http://www.reddit.com/r/sysadmin/comments/1mizfx/proper_care_feeding_of_your_cryptolocker/

dugimodo
18-10-2013, 10:31 AM
Someone needs to track these guys down and sort them out, surely if they are demanding money there is a trail back to them that could be followed either through the contact details or the money transfer. I struggle to understand how these things stay around as long as they do.

It would really piss me off if I got this but I have a system image somewhere and failing that can reinstall everything if I need to from scratch in half a day, It'd be a cold day in hell before I paid these guys a cent to recover anything. Edit: reminds me, must reinstall Active@ and create a new image :)

Did any of these stories mention how the ransomware was commonly getting installed? I assume it's the old drive by download on dodgy sites or fake virus warnings on pop up web pages like previous ones and if so I'm confident I'm unlikely to be getting it. Be nice to know what to avoid if possible though.

I'm not particularly vigilant for a few reasons, part can't be bothered, part not that worried, and part can reinstall from scratch if I have to. I'm also generally smart enough not to click things I shouldn't and pay no attention to warings on web pages (except to close them immediately).
What that means is I just use defender for antivirus and scan with some anti malware programs every now and again when I think of it, certainly not regularly. Despite what some of you might say about my casual approach I honestly can't remember the last time I had any virus/malware issues, I'm certain it's been years.

effie c
18-10-2013, 10:34 AM
Hi all,

Many thanks,---I have followed Wainui T advice and upgraded ESET to v 7-it now has a different Icon on the task bar

I am also, now going out to buy an external h/d as advised-bang goes my old age pension ;-)

gone are the good old days where you cranked a wall mounted telephone to get exchange------ sigh !!

Effie c

1101
18-10-2013, 11:48 AM
Someone needs to track these guys down and sort them out, surely if they are demanding money there is a trail back to them that could be followed either through the contact details or the money transfer. I struggle to understand how these things stay around as long as they do.



The countries these guy often operate from, have corruption at all levels, thats how the get away with it.
Add to that, organised crime is now (supposedly) involved it makes it harder to find the real culprits & shut them down
These 'viruses/hacks' are often sold on the open market, so allmost anyone could buy a 'kit' & do this themselves

I have seen analysis of one variant of Fake Av malware, that required the PC user to click on bogus popups 3x !!!!!! for the infection to install.
So yep, user stupidity/ignorance plays a big part in malware infections. The stupidity of some employees, who use a PC 8 hours a day, yet have absolutley no PC
knowledge is frightening.....

Thats why some never get active infections on their PC's, & others have ongoing issues.

effie c
18-10-2013, 12:58 PM
Hi all,again,

Got a 500gb h/d from Warehouse for $89 and am backing up as I write----
gave away a chance of getting 1 Tb for $99. on special , perhaps my pension has not been sucked dry ;-) and I will live another day after all

Thanks to one and all- a good learning curve

Effie c

Slankydudl
18-10-2013, 01:58 PM
Hard drives are cheap now compared to how expensive they used to be. Apparently RAM is likely to get expensive soon due to some for mof natural disaster around the manufactors.

dugimodo
18-10-2013, 02:05 PM
Pbtech have a 1tb for $91 on special. I grabbed one to image my 3 machines on to.

Chilling_Silence
18-10-2013, 02:23 PM
Also, keep in mind, you may be able to boot off a CD or USB drive to remove it, but you're basically up the creep without a paddle when it comes to getting your files back. Once they're encrypted, they're gone for good... So you've *got* to restore from backup.