| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 142569 | 2016-07-25 22:21:00 | The fight against Ransomware | Lawrence (2987) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1423644 | 2016-07-25 22:21:00 | Something to bookmark,a few here have been caught and it's good to have some new tools to deal with Ransomware Dutch police, Europol and a coalition of cyber security firms launched a new website Monday to fight a surge in "ransomware" malwaretips.com www.nomoreransom.org |
Lawrence (2987) | ||
| 1423645 | 2016-07-26 01:55:00 | Thanks for that Heads-Up Lawrence. As it happens I have just had to deal with a deceased mates wife’s computer that had a lot of files encrypted by the .zepto virus. I couldn’t find the Virus using Malware Bytes, Hitman, or Eset Nod online scanner. However, I couldn’t believe my luck when eventually I found it in Microsoft Security Essentials Quarantine. :thumbs: 7323 Yes MSE caught it before it locked all her personal files. Having dealt with the Virus, I transferred all 372 encrypted .zepto files to a Flash Drive in the hope someone may find a way to un-encrypt them one day. 7324 |
B.M. (505) | ||
| 1423646 | 2016-07-26 03:11:00 | As it happens I have just had to deal with a deceased mates wife’s computer that had a lot of files encrypted by the .zepto virus. I couldn’t find the Virus using Malware Bytes, Hitman, or Eset Nod online scanner. However, I couldn’t believe my luck when eventually I found it in Microsoft Security Essentials Quarantine. :thumbs: The fact that it still got encrypted, in bold - means MSE actually didn't stop it from running, only got it after it had done its damage. The problem with the software listed in bold is they are all "after the fact / Cleanup" types of software. The reason MSE caught them is because its installed and active all the time, but didn't stop the damage. I just took back a persons PC yesterday that was finished fixing after a W10 upgrade, Nod32 was set to scan as it does on installing here in the workshop (and setting up fully-not just its defaults) it found nothing, BUT when opening her mail program and new mail that came in on site, Nod32 went damn nuts stopping at least 12 pieces of mail with various forms of ransomware in attachments, instantly quarantined the attachment so it couldn't do any damage. (noticed their names in the report window) as well as some spamming mails. |
wainuitech (129) | ||
| 1423647 | 2016-07-26 03:47:00 | The fact that it still got encrypted, in bold - means MSE actually didn't stop it from running, only got it after it had done its damage. The problem with the software listed in bold is they are all "after the fact / Cleanup" types of software. The reason MSE caught them is because its installed and active all the time, but didn't stop the damage. I just took back a persons PC yesterday that was finished fixing after a W10 upgrade, Nod32 was set to scan as it does on installing here in the workshop (and setting up fully-not just its defaults) it found nothing, BUT when opening her mail program and new mail that came in on site, Nod32 went damn nuts stopping at least 12 pieces of mail with various forms of ransomware in attachments, instantly quarantined the attachment so it couldn't do any damage. (noticed their names in the report window) as well as some spamming mails. Yes, I take your point Wainui, but whilst the Virus got some, it didn’t get the others which were XL, Word, jpg, mp3’s etc. The guts of the matter is that whilst it got 370 files, they only amounted to 22meg in a sea of over 100GB available to it. In fact, she has only been able to find one Spreadsheet missing. I therefore assumed that MSE must have caught the virus in the act and made the arrest as it were. :D Either that or her particular virus version didn’t target all the types of files that it is reported to. However, what contradicts that though is the missing XL spreadsheet was in the same folder as dozens of others which are still there and unaffected. Beats me. :confused: |
B.M. (505) | ||
| 1423648 | 2016-07-26 04:48:00 | Looks like when you get zapped you can enter the ransom note you get on the website under Crypto Sheriff and they find a solution if one Probably won't help in your situation but looks like a good Tool for the future before blindly trying to find a fix |
Lawrence (2987) | ||
| 1423649 | 2016-07-26 05:02:00 | Yes, I take your point Wainui, but whilst the Virus got some, it didn’t get the others which were XL, Word, jpg, mp3’s etc. The guts of the matter is that whilst it got 370 files, they only amounted to 22meg in a sea of over 100GB available to it. In fact, she has only been able to find one Spreadsheet missing. I therefore assumed that MSE must have caught the virus in the act and made the arrest as it were. :D Either that or her particular virus version didn’t target all the types of files that it is reported to. However, what contradicts that though is the missing XL spreadsheet was in the same folder as dozens of others which are still there and unaffected. Beats me. :confused:The good thing is that yes MSE did eventually stop it, but the big question why didn't it pick it out from the source, which the majority of the time is some sort of attachment ? While nothing is perfect, MSE hasn't really had a good rate of success. The newer version in W10 seems to be a little better. As I pointed out before, the programs mentioned doing scans afterwards are really useless, damage already done. You may also find that if MSE had already quarantined them the basic scanners cant read inside other programs Quarantine files. I know for example the online Nod32 is no where as good as the installed version when its setup better than the defaults. Did a test years ago, scanned with the online version, found a few, then installed a trial, set it up, and it found quite a few more. BUT that site linked may come in useful for decrypting tools :) |
wainuitech (129) | ||
| 1423650 | 2016-07-26 05:19:00 | This is another Tool which is very useful as it groups all software that is needed when malware/virus strike malwaretips.com http://www.windows-repair-toolbox.com/ Saves people going to dubious sites and getting more infections |
Lawrence (2987) | ||
| 1423651 | 2016-07-26 08:32:00 | The good thing is that yes MSE did eventually stop it, but the big question why didn't it pick it out from the source, which the majority of the time is some sort of attachment ? While nothing is perfect, MSE hasn't really had a good rate of success . The newer version in W10 seems to be a little better . As I pointed out before, the programs mentioned doing scans afterwards are really useless, damage already done . You may also find that if MSE had already quarantined them the basic scanners cant read inside other programs Quarantine files . I know for example the online Nod32 is no where as good as the installed version when its setup better than the defaults . Did a test years ago, scanned with the online version, found a few, then installed a trial, set it up, and it found quite a few more . BUT that site linked may come in useful for decrypting tools :) I agree Wainui . It would be nice to catch these things before they happen, but that isn’t life . It’s a little bit like it would be nice to catch the burglar before he entered your home, but there is still satisfaction in catching him after he has . ;) As for MSE, I was as shocked as you that it found anything and there is no bad reflection on the other programmes because the problem had already been taken care of by MSE . What interests me now is what is in the 370 encrypted files, that make up the 22 meg? I can’t help thinking the 22meg may just be the one missing spreadsheet . Dahhh, all character building stuff . :) |
B.M. (505) | ||
| 1423652 | 2016-07-26 08:42:00 | What about ransomware protection/detection tools ? There are a few available. Here are a couple of free versions. I wonder how effective they are:- www.foolishit.com www.bleepingcomputer.com Also the latest HitmanPro has a crypto detection feature. |
blanco (11336) | ||
| 1423653 | 2016-07-27 20:58:00 | Since my previous post on this subject I have learned more. Intel, Kaspersky and Interpol joined forces to defeat ransomware *******s and have issued a website from which you can get Free help to decrypt files if you have been a victim of an attack. The project was named "The no more ransom project" and the idea is let the attackers know that whatever they encrypt can be easily decrypted and that will destroy their business. I still say that prevention is better than cure but it is worth noting and bookmarking the website, just in case you are ever held to ransom. Either search for yourself or go here:- https://www.nomoreransom.org/ |
blanco (11336) | ||
| 1 2 | |||||