Jump to content

Hit by Ransomware

Islander

By Islander
in Lounge

 Share

Recommended Posts

  • Replies 84
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

Travis In Austin
Travis In Austin

Does someone have links for disconnect and Tor handy, I know I can google them but would just lije to be sure I am going to what is actually being reccomended.

minermark
minermark

Well it should be obvious never an EXE unless you WANT that command to install something. As far as 1/4 mile viewing, a MeggaPixel cam w/telephoto works well, night vision sucks on t

wvu80
wvu80

I've been following this thread with interest.  The idea of ransomware freaks me out.  It seems unfair that Islander had to go through that so the rest of us can learn.  Like many of you, I am a

whatever55 Forum Veteran

whatever55

Posted
Posted

Last week, I got a popup telling me that my Ad-Aware program had an urgent security update that had to be installed right away.

I checked the certificate and it looked right, so I clicked for the download.

Within a minute or so, a big official-looking popup appeared, telling me my files have been encrypted using an RSA 2048 something, and they have the key to decrypt them. I should click on the link in the big popup to see how to pay.

There were none of the usual spelling or grammar mistakes you'd seen in a scam bit. It looked official and even polite.

I checked and found I couldn't access any of my documents and about 2/3 of my photos.

I shut down the computer and did some research on my smartphone. That's how I'm typing this.

There was no good news. The decryption key is so long that it's not feasible to try to crack it. The crooks usually want to be paid in bitcoin, and the price increases with every missed deadline.

I started the machine the next day, but it was still the same, so I shut it down. I have not clicked onto any of the "how to pay" links. The computer has now been shut down for six days, and I don't want to start it until I have some idea how to solve this.

It seems that even if you do pay, you may hear nothing from the scammers.

Have any of you encountered this kind of malware, and do you know of any solutions that will restore my computer? I should mention that the malware seems to have deleted my Restore Points, so System Restore is unavailable.

I'm running Windows 7. I hope someone has some good news or useful ideas.

 

 

Any idea what site you got this from ?

Link to comment
Share on other sites
Marvel Klipsch Forum Lifer

Marvel

Posted
Posted
Also, I've never heard of ransomware, even being in I.T. Scary stuff.
It is scary! One of my co-workers (we do IT for a small, private college) told me his sister's work computer got the dreaded cryptolocker/ransomware. This was a couple of years ago, and he spent a couple of days trying to figure it out. She finally paid $400 to get it unlocked. At the time, they were directed to tet a prepaid card at a Walgreens or other store and do an online transaction. The bitcoin business was just taking off so he didn't want to get into that.

 

Bruce

Link to comment
Share on other sites
Jeff Matthews Klipsch Forum Lifer

Jeff Matthews

Posted
Posted

One way is to have an external hard drive that you connect/backup/disconnect every time you do a backup to that drive. Apparently any drive that stays "connected" is at risk from this kind of attack.

 

I'd be okay with that.  But what about speed?  It seems like it would take quite a lot of time to do even an incremental (file date-stamp) back-up that way.

 

I really need to do something, though...

Link to comment
Share on other sites
Jim Naseum Forum Veteran

Jim Naseum

Posted
Posted

In heading in the following direction:

1. An online device, like a Chrome laptop for web surfing and shopping. It will have no data of any significance. Just a simple browsing machine.

2. Desktop for word processing and graphics and real computing programs with big disks and backups. This machine is never put online.

3. Mobile devices for email, networking, messaging, etc. I've never had a mobile device hacked yet.

Sent from my SM-T330NU using Tapatalk

Link to comment
Share on other sites
twk123 Forum Veteran

twk123

Posted
Posted

I have a 1TB backup disk I use and once a week or so I format it and use Windows backup to create a system image. I figure if I get something catastrophic I can manage a weeks worth of files and my important work stuff is all on Dropbox anyway. You can get good ones on Amazon that are pretty bomb proof for about $80. Anything important like family photos etc goes on an archive external disk and is backed up on the backup as well with a partition so I always have at least 2 copies of every file. So in all I have:

 

Computer hard drive (500gb)

External HD1 (Partitioned to 500gb each): System image of laptop and backup of archive.

External HD2 (1TB): Archive disk for photos as I have quite a few.

 

Also- always put tape over your laptop camera as they are easy to hack and XBOX ONE kinect cameras are EXTREMELY easy to hack and are always on. I have a friend that is part of the hacking community (White hat guys) and he has some "interesting" stories about the Xbox ONE cameras getting hacked.

  • Like 1
Link to comment
Share on other sites
Islander Klipsch Ultra Fanatic

Islander

Posted
  • Author
Posted

When the attack occurred, I think the only sites I was viewing were Facebook and a mainstream news site.

I generally avoid the obviously dodgy sites, since I've had some more conventional attacks in the past. Some were more annoying than others, but none were as sophisticated as this one. I believe it's described as a "Trojan", so it's a bit different from more typical malware.

As I mentioned in one of the first posts, it was impersonating a critical security update for Ad-Aware, a protection program I've been running for years, always with good results. The credentials looked authentic, with none of the usual malware grammar and spelling mistakes. The only suspicious part was that the update requests seemed a bit too eager, but obviously they were not so eager that I realized I'd be attacked if I accepted the "update".

I'm still looking into solutions. I checked with a computer shop yesterday, and was told that the usual ransom is $150-250 for the first 3 days, then it goes up, and up again with every missed deadline. At this point, it's been about 12 days, so it may be pretty high by now.

I was dubious about clicking on any of the popup's link, not wanting to step any further into malware Hell.

Another shop told me that just paying up is the simplest solution, and that they had walked a few customers through the process.

The good news I heard yesterday is that while the original encryption program is uncrackable by normal computers, some of the later variants are crackable some of the time, and at least one local tech knows how to do it.

He'll check it out, and if I'm in luck, the data may be savable.

Once I get through this, I WILL be buying an external drive and getting into the habit of making regular backups. It would have turned this possible disaster into a minor annoyance. Lesson learned!

On the bright side, instead of spending 3-4 hours every day checking and responding to Facebook and Klipsch forum posts, I've had time to view the big backlog of TV shows recorded on my PVR, while the smartphone allows me to do some Web browsing. It also lets me use the Chromecast unit to watch lots of YouTube videos on the 65" Panasonic plasma TV in the living room.

I have more toys than I have time to play with them. I suspect that many Forum members can relate to that.

Link to comment
Share on other sites
Pete H Forum Ultra Veteran

Pete H

Posted
Posted

These people should be publically beaten when they are found.  I hope they can recover your data.  If I can be of any assistance regarding your future back up plan and disk recovery software, just shoot me a PM and I'll get you in direct contact with my IT guy (personal friend for 25 years) and he can assist you if it would help.

Link to comment
Share on other sites
minermark Klipsch Ultra Fanatic

minermark

Posted
Posted (edited)

Any camera with 1.2 megapix and up, here are a few.

I shop, i shop like hell, this ebay link is just a sample: http://www.ebay.com/sch/i.html?_from=R40&_trksid=p2050601.m570.l1313.TR0.TRC0.H0.Xcctv+megapix.TRS0&_nkw=cctv+megapix&_sacat=0

 

My nomal guy's i will find their link and be back to post it.

 

 

These are my goto guys for people that wish to do things themselfs, customer support is

THERE, use it. a live person that knows their chit and does NOT charge you for asking.

 

http://www.securitycamerasdirect.com/

Edited by minermark
  • Like 1
Link to comment
Share on other sites
minermark Klipsch Ultra Fanatic

minermark

Posted
Posted

Yet another perk of running a few cameras, everyone in you're hood will know it.

You dont think the bad guy's know? it's the first thing they look for and the last place they will hit.

 

A simple system you see at Costco, 4, 6, 8 cameras, with DVR, wireless is cool as long as you can power them with a wall wart.

Wireless has come full circle as far as "Ease of install", just remember you will need a monitor/keyboard/mouse with most packaged systems.

 

Let's face it, cameras are ugly, SO WHAT, when i install them i let people know right up front, one goes here/there.

Customer say's something like "Can we hide it a little better?"

I say i can make the system invisable.

Then i ask, would you mind signing this Disclaimer? so when the bad guy(s) come and do damage trying or getting in, and then realize there are cameras and run off, im covered.

They might not have stolden anything, but now you have damage to deal with. 

Link to comment
Share on other sites
wvu80 Klipsch Forum Lifer

wvu80

Posted
Posted

I've been following this thread with interest.  The idea of ransomware freaks me out.  It seems unfair that Islander had to go through that so the rest of us can learn.  Like many of you, I am also re-thinking my anti-virus programs, and backup strategies.

 

The one thing I do that I have not seen mentioned here, is that I have ALL the automatic updates turned off.  NOTHING pops-up and gets me to click on it.  If my computer is working OK, for the most part I leave it alone, like video card updates.  I use Firefox and I do allow it do automatically update if a newer version is available, but it's the only program I let do that.

 

If I want software or security updates I go to the site and update it myself.

  • Like 2
Link to comment
Share on other sites
  • 2 weeks later...
Paducah Home Theater Klipsch Fanatic

Paducah Home Theater

Posted
Posted

I've been sweating bullets this weekend but I think I just figured it out.  It seems that AVG can install Web TuneUp, which can then wig out and try to copy the entire hard drive to a cache folder, and eat up all your available space.  Best part is, it won't uninstall.  You have to download a removal tool to get it out.  Not real happy with them right now.  

Link to comment
Share on other sites
Jeff Matthews Klipsch Forum Lifer

Jeff Matthews

Posted
Posted

I keep all automatic updates OFF all the time. I no longer download any sw except from adobe of other major supplier.

Sent from my ALCATEL A564C using Tapatalk

 

Just FYI, but I have heard that Adobe is used by hackers as a host to carry malware.  I think this is one of the reasons why Apple had a long-standing policy of not handling pdf's on their machines.  Public demand, despite the risk, made Apple change its policy.

Link to comment
Share on other sites
prerich Forum Veteran

prerich

Posted
Posted

When the attack occurred, I think the only sites I was viewing were Facebook and a mainstream news site.

I generally avoid the obviously dodgy sites, since I've had some more conventional attacks in the past. Some were more annoying than others, but none were as sophisticated as this one. I believe it's described as a "Trojan", so it's a bit different from more typical malware.

As I mentioned in one of the first posts, it was impersonating a critical security update for Ad-Aware, a protection program I've been running for years, always with good results. The credentials looked authentic, with none of the usual malware grammar and spelling mistakes. The only suspicious part was that the update requests seemed a bit too eager, but obviously they were not so eager that I realized I'd be attacked if I accepted the "update".

I'm still looking into solutions. I checked with a computer shop yesterday, and was told that the usual ransom is $150-250 for the first 3 days, then it goes up, and up again with every missed deadline. At this point, it's been about 12 days, so it may be pretty high by now.

I was dubious about clicking on any of the popup's link, not wanting to step any further into malware Hell.

Another shop told me that just paying up is the simplest solution, and that they had walked a few customers through the process.

The good news I heard yesterday is that while the original encryption program is uncrackable by normal computers, some of the later variants are crackable some of the time, and at least one local tech knows how to do it.

He'll check it out, and if I'm in luck, the data may be savable.

Once I get through this, I WILL be buying an external drive and getting into the habit of making regular backups. It would have turned this possible disaster into a minor annoyance. Lesson learned!

On the bright side, instead of spending 3-4 hours every day checking and responding to Facebook and Klipsch forum posts, I've had time to view the big backlog of TV shows recorded on my PVR, while the smartphone allows me to do some Web browsing. It also lets me use the Chromecast unit to watch lots of YouTube videos on the 65" Panasonic plasma TV in the living room.

I have more toys than I have time to play with them. I suspect that many Forum members can relate to that.

I manually update everything.  I don't believe any of the balloon bubbles when I see em.  What I will do is do updates straight from the program itself. I cancel all balloons with Task Manager. 

  • Like 1
Link to comment
Share on other sites
Thaddeus Smith Klipsch Ultra Fanatic

Thaddeus Smith

Posted
Posted

 

I keep all automatic updates OFF all the time. I no longer download any sw except from adobe of other major supplier.

Sent from my ALCATEL A564C using Tapatalk

 

Just FYI, but I have heard that Adobe is used by hackers as a host to carry malware.  I think this is one of the reasons why Apple had a long-standing policy of not handling pdf's on their machines.  Public demand, despite the risk, made Apple change its policy.

 

 

links?

Link to comment
Share on other sites
Jeff Matthews Klipsch Forum Lifer

Jeff Matthews

Posted
Posted

 

 

I keep all automatic updates OFF all the time. I no longer download any sw except from adobe of other major supplier.

Sent from my ALCATEL A564C using Tapatalk

 

Just FYI, but I have heard that Adobe is used by hackers as a host to carry malware.  I think this is one of the reasons why Apple had a long-standing policy of not handling pdf's on their machines.  Public demand, despite the risk, made Apple change its policy.

 

 

links?

 

 

I just provide a starting point of information where people can do whatever research they want.  Here's a link from 2010:  http://www.pcmag.com/article2/0,2817,2362351,00.asp

 

Here's another from 2012: https://nakedsecurity.sophos.com/2012/07/17/adobe-reader-vulnerability-pdf-malware-video/

 

As far as Apple's politics, I don 't care.  The information is probably easy to find, though.  I think it had to do with Flash.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...