| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 142569 | 2016-07-25 22:21:00 | The fight against Ransomware | Lawrence (2987) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1423654 | 2016-07-27 22:29:00 | Good work blanco. Have you come across any site that can un-encrypt files that have been removed from the infected machine and are sitting alone on a flashdrive? Oh, I've just looked at that site, which I think may have been mentioned before, but notice zepto is not mentioned? I think zepto is a derivative of locky? |
B.M. (505) | ||
| 1423655 | 2016-07-27 22:49:00 | The issues are, the programs they used to encrypt your stuff often isnt malware,can be legit programs doing the encryption. So it wont be detected as malware. This will surely must change in future Only the initial entry point via email or website would be detected, not the encryption process itself, unless you have a program that monitors for exactly that. Add to that , the days of finding the decryption key are pretty much gone now. Most of the available keys will be for old varients . New variants with new keys are popping up continuously . I'd expect the next gen to have individual keys generated on the fly, just to stop decryption keys being shared via sites above . |
1101 (13337) | ||
| 1423656 | 2016-07-27 22:56:00 | I think zepto is a derivative of locky? Yep , it is. I had one a few weeks back to look at. Recycle bin wasnt encrypted & email file wasnt encrpted . All other docs etc were gone, no key available Pretty sure it came in through email. IT company hadnt bothered to install AV . MSE wont scan emails, just bad as thats where alot of this starts NOD isnt perfect , but detecting 1/2 of the email malware is better than not detecting any. Thats why MS AV is a waste of time. It wont scan incoming email. |
1101 (13337) | ||
| 1423657 | 2016-07-27 23:08:00 | What I can’t get my head around in the incidence I had to deal with, is how did so few files get encrypted and the virus wind up in the MSE quarantine vault? The only explanation I can think of is MSE noticed the encryption process, killed it, and then quarantined the Virus. :confused: |
B.M. (505) | ||
| 1423658 | 2016-07-27 23:08:00 | The prob is the user not a program, thats why you get it in the first place. It's been said over 1000 times. Dont open emails with attachments. Unless you know you're going to get one with an attachment That's why these idiots send ransomware as an attachment. They know there are naive and gullible people that'll open them. To see what is it, and when it's too late, their system has been infected It's exactly the same for these idiots who pretend to be from MS and ring you and suck you into letting them into your computer. To screw it up completely. How many times do people have to be told, before it sinks in? |
Speedy Gonzales (78) | ||
| 1423659 | 2016-07-27 23:20:00 | Wise comments from Speedy as usual. Also ensure frequent full backups to an external storage device. |
blanco (11336) | ||
| 1423660 | 2016-07-28 05:25:00 | Wise comments from Speedy as usual. Also ensure frequent full backups to an external storage device. But make sure the ext device is not online when not needed as I have seen Macrium backup files on an ext disk encrypted. But, like others have said, the above case was because the owner invited the NSW police Notice server in via email! |
linw (53) | ||
| 1 2 | |||||