| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 143754 | 2017-04-02 05:09:00 | Ransomware questions | Tony (4941) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1433696 | 2017-04-07 00:06:00 | Even the FBI recommended just paying for those who desperately needed data back. :badpc: One option is to try a full data recovery of deleted files. Theory being that each original file will be deleted after the encrypted version is made. Again, dont expect much via data recovery , but worth a try if willing to put in the time. Of the 6 or so ramsonware encrypted PCs Ive looked at in the last year, none were recoverable. Worth a try for sure, but dont expect too much. Yes, Onedrive & Dropbox also get encrypted (seen it) , but was just a matter of rolling back to previous version Also USB HD's, NAS, any network shares or mapped drives can & do also get encrypted. If your backup drive is connected (often is) , that can get encrypted as well. Most people dont have backups , and dont TEST their backups. Thats just the way things are . Even some companies take a very lax attitude to backups , all you can do is recommend proper backup regimes. If they arnt interested, thats as far as it goes . Thats the world we live in most people dont backup, criminals dont get caught, countries look the other way or do the absolute min to stop cyber-criminals. Arrest them and another will pop up anyway . |
1101 (13337) | ||
| 1433697 | 2017-04-07 00:21:00 | Yes, Onedrive & Dropbox also get encrypted (seen it) , but was just a matter of rolling back to previous version Also USB HD's, NAS, any network shares or mapped drives can & do also get encrypted. If your backup drive is connected (often is) , that can get encrypted as well.Thanks for that - that's useful info. I suspect his daughter will end up getting him an external hard drive with some easy-to-use backup software - any recommendations? Of course he is still going to have to (a) remember to do it and (b) remember to disconnect it when not in use, but there is only so much one can do. I guess for the photos just copying them to DVD may well be sufficient. |
Tony (4941) | ||
| 1433698 | 2017-04-07 00:26:00 | I did 2 things for a not very comp literate person I know. Imaged her c: onto the external. Set up a profile in Syncback for her. She does get it out and run it every now and then. Easy as, free and no hassle. |
pctek (84) | ||
| 1433699 | 2017-04-07 00:47:00 | With Window 10 I use it's Backup File History along with backing up every folder as well just to have another copy Also keep a recent Windows 10 ISO for a clean start and sometimes take a image but more inclined to go with a new build if ever presented being totally locked out www.howtogeek.com |
Lawrence (2987) | ||
| 1433700 | 2017-04-07 02:12:00 | File history is useful but will not help against ransomware, and an ISO is awesome but only if it's stored somewhere the ransomware can't get to it. I store everything on my NAS and keep a daily backup on another PC that has file sharing disabled and is dedicated to that one use. More effort than most would go to I suppose. | dugimodo (138) | ||
| 1433701 | 2017-04-07 07:09:00 | Any backup is kept totally disconnected from comp on another Drive after backup | Lawrence (2987) | ||
| 1433702 | 2017-04-07 12:55:00 | Maybe one of these could be useful: Emsisoft offers many decrypter tools for download. Most techs will need one or more of these so rather than have numerous listings we here at MajorGeeks took the time and zipped all the Emsisoft Decrypter Tools into one convenient zip package for you. To date, there are over 25 decrypters included with this package - almost everything you to combat some of the common ransomware variants. The one you need can be found by looking at the word after decrypt_. In other words, if you needed the decrypter for Autolocky, then you would use “decrypt_autolocky.exe" see below for what's included. Decrypter for AutoLocky Decrypter for Nemucod Decrypter for DMALocker2 Decrypter for HydraCrypt Decrypter for DMALocker Decrypter for CrypBoss Decrypter for Gomasom Decrypter for LeChiffre Decrypter for KeyBTC Decrypter for Radamant Decrypter for CryptInfinite Decrypter for PClock Decrypter for CryptoDefense Decrypter for Harasom Decrypter for FenixLocker Decrypter for MRCR Decrypter for Marlboro Decrypter for OpenToYou Decrypter for OzozaLocker Decrypter for Philadelphia Decrypter for Apocalypse Decrypter for Al-Namrood Decrypter for Globe, Globe2, Globe3 Decrypter for Fabiansomware Decrypter for 777 Decrypter for Xorist Decrypter for Stampado Decrypter for CryptON Decrypter for Damage Emsisoft Decrypter for Cry9 www.majorgeeks.com |
zqwerty (97) | ||
| 1433703 | 2017-04-08 02:57:00 | Thanks for that.I still don't know what flavour of ransomware is involved, but I'll pass this on to my friend. | Tony (4941) | ||
| 1433704 | 2017-04-09 22:46:00 | Maybe one of these could be useful: Emsisoft offers many decrypter tools for download. Looking through their tools, as I wondered how they managed to crack them (given the keys dont allways stay constant, even on the same type of ransomware) "To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version" "Due to a bug in the malware's code, the malware will truncate up to the last 7 bytes from files it encrypts. It is, unfortunately, impossible for the decrypter to reconstruct these bytes" "To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version" "To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version" I see a pattern emerging here . Better than nothing but somehow I doubt they will be of much help to most of us The chances of recovering data with a downloadable tool are minimal. More interesting.. at least one of these ransomware's gets in through RDP, it just brute forces to find a user/password for RDP access. Might be a good idea to make sure RDP ports are closed on you routers. If you need RDP, use a non standard port and dont use a guessable Win login name . Disable Remote Access if you dont need it use an adblocker,popup blocker,scriptblocker . "Malicious code is hidden in the page’s code, often in an advertisement (malvertisement), which redirects you to the exploit kit landing page, unnoticed by the victim. This was the case when the New York Times and the BBC were hacked and thousands of readers were redirected to an injecting site." blog.emsisoft.com |
1101 (13337) | ||
| 1433705 | 2017-04-09 22:57:00 | Looking through their tools, as I wondered how they managed to crack them (given the keys dont allways stay constant, even on the same type of ransomware) "To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version" "Due to a bug in the malware's code, the malware will truncate up to the last 7 bytes from files it encrypts. It is, unfortunately, impossible for the decrypter to reconstruct these bytes" "To use the decrypter, you will require a file pair containing both an encrypted file and its non-encrypted original version" "To use the decrypter, you will require an encrypted file of at least 128 KB in size as well as its unencrypted version" I don't understand that. If you need an encrypted file plus the same file unencrypted, why do you need the decrypter? |
Tony (4941) | ||
| 1 2 3 4 5 6 7 | |||||