| Forum Home | ||||
| PC World Chat | ||||
| Thread ID: 141874 | 2016-03-14 13:06:00 | Ransomware- Scary ****. | baabits (15242) | PC World Chat |
| Post ID | Timestamp | Content | User | ||
| 1417477 | 2016-03-14 13:06:00 | A client (barrister) turned on his computer this morning and all of his files were gone. As well as that, there was a new desktop wallpaper: 7029 The Wallet ID was invalid, so either they screwed up on the script or their typing, but this is still scary as hell. All PC's were running WebRoot and somehow this has floated by. Should have been a farmer... >_< |
baabits (15242) | ||
| 1417478 | 2016-03-14 18:15:00 | Backups. Always keep backups. | pcuser42 (130) | ||
| 1417479 | 2016-03-14 19:03:00 | Webroot used to be a good Antimalware, then years back they included an antivirus - it went down hill from that point onwards, looks like it hasn't improved any :( | wainuitech (129) | ||
| 1417480 | 2016-03-14 19:27:00 | Son got an email a week or so back. From documents@orcon.net.nz. I checked and it seemed to originate from orcon. documents though? Uhuh. We took a look at the zip contents and no .doc as claimed, instead a .js. He deleted it. But. I have an image of my PC. In addition I have all important stuff backed up, docs, pics, install files for things I can't live without and don't have a disc. Etc. So it would take me no time at all to re-image my PC and copy back my importnat stuff. |
pctek (84) | ||
| 1417481 | 2016-03-14 19:58:00 | So it would take me no time at all to re-image my PC and copy back my importnat stuff. Like ... your spell-checker ... :) |
fred_fish (15241) | ||
| 1417482 | 2016-03-14 21:23:00 | hmmn : barrister & a threat to release his clients files into the hacker underworld. should he risk not paying the ransom ? All from opening a bogus email I'd bet ..... something that AV products dont seem able to protect against . I get plenty getting through NOD, but they are obvious enough to just delete them manually. These encryption viruses are getting nastier, they now also encrypt shared network files (the early versions just encrypted local files) |
1101 (13337) | ||
| 1417483 | 2016-03-14 23:03:00 | I have had two suspicious emails this morning. One offered me a job paying up to $70,000 and another saying that my payment had been declined. In these situations your reaction can be 'What the hell is this all about' so you click on the file to see what they are talking about. The job offer email suggested that I click on a link to watch a video. I have even in the past had an email about a parking offense that I allegedly committed in New York. I have never been to New York but it was very tempting to find out what they were talking about. I have trashed all these emails. |
Bobh (5192) | ||
| 1417484 | 2016-03-14 23:27:00 | You can't just rely on an AV anymore these days, in a business, you need multiple layers of protection. 1st step is a good AV program like Eset. 2nd step have a good virus/spam filter on your email account before it reaches your computer (EG: Google Apps and Office 365 include this) 3rd step have a good edge appliance that also does virus/malware scanning, EG: Untangle, or Sophos appliance. 4th step have some common sense and don't open email attachments from people you don't know, and especially not a zip file attachment. <--- this should probably be step 1 actually |
CYaBro (73) | ||
| 1417485 | 2016-03-14 23:30:00 | hmmn : barrister & a threat to release his clients files into the hacker underworld . should he risk not paying the ransom ? couldn't even if he wanted to - wallet ID not valid Here’s a rundown of Locky’s ugly side . Ransomware’s Macro Malady According to Naked Security, this new strain of ransomware typically arrives as a Word document . If opened, the text looks like random garbage, but it comes with a helpful message: Enable macro if the data encoding is correct . Of course, turning on macros doesn’t fix the data (since it’s all nonsense anyway) but instead saves a file to the hard drive . The file is a downloader that fetches Locky from its command-and-control (C&C) server . Once on board, the ransomware scrambles and then encrypts all files, tagging them all with a * . locky extension . What’s more, any external media drives attached to a desktop are also compromised . The malware also deletes any Volume Snapshot Service (VSS) files or shadow copies made by Windows in site backups . Finally, a new wallpaper pops up that directs users on exactly how to reclaim their lost files — either through specific Web addresses or by using the Tor browser . Right now, decryption keys run between 0 . 5 and 1 bitcoin, or $200 to $400 . So far, the ransomware has focused its efforts in the U . S . , but it has also targeted firms in Canada and Australia . Open Sesame! So how can organizations stay safe from Locky? Regular off-site backups always help, along with the use of Microsoft Office viewers that let users see attached documents without actually opening them first . It’s also a good idea to limit login power and restrict the number of admin users on a system since the malware can only reach as far as user privileges allow . By enabling user account control (UAC) and keeping permissions to a minimum, it’s possible to limit the damage of a ransomware attack . As noted by CSO Online, however, there may be another way to solve the problem of already-infected users: disrupting its key exchange . Unlike similar malware, which generates a random encryption key on the compromised computer and then sends this data back to base, Locky does it the other way by generating a key with its C&C infrastructure that is then sent to victim PCs . If infection is caught early enough, it may be possible to interrupt this process and prevent the encryption of critical files . Bottom line? Locky is riding the macro-driven malware trend and can mean big disruptions for unsuspecting companies . Don’t let the name fool you — this one is out for blood . . . this new threat has already been detected in more than 400,000 sessions . com/news/locky-ransomware-cute-name-ugly-consequences/" target="_blank">securityintelligence . com |
bevy121 (117) | ||
| 1417486 | 2016-03-15 00:10:00 | A buddy here had his company lose all their tax records to ransomeware - the records for the past 10 years are being held. The boss said they can have it, but it better not happen again. My friend -who's their company IT guy - said it's not the fault of the Barracuda-thing or the servers they have - it's because the boss lets people bring their own laptops to work - ergo: malware of all sorts. This ransomeware was traced to an iPoo unit and the local FBI branch told the IT guy that they couldn't help - but to just pay the ransom and don't do it again. Hopefully, the Infernal Revenue Service has a sense of humor and will let the records go b/o the ransomeware ---- once. Crazy as it might sound, when my wife and I filed our taxes these past two years, a full IRS Proof Of Identification for both my wife and I, was performed before we could hit the SEND button on the electronic filing we did. |
SurferJoe46 (51) | ||
| 1 2 3 | |||||