Ransome ware is worrying me!!

[PEV]

I read in the Mirror today that thousands of people are being forced to pay £200 to get their PC files released after encryption via dodgy emails. So this can happen to anyone and although I would never open an attachment or a link on a suspect email my system OE7 means I do have to open the emails to deleat them---or do I?

Also I already have been wiped out by ransome ware earlier this year after visiting a website.

That cost me dear! Of course I never paid the ransome only a fool would believe they would only take the requested money.

So I ended up needing a new hard drive and luckily had backed up (not very well)

This is the question...... Is there any defence against this scurge and how do you remove it wnen your PC is locked?

I dont want to be in this situation again!!!!

Ray

[KenB]

Hi Ray

 

Is there any defence against this scurge and how do you remove it wnen your PC is locked?

I am sure Pete or Gene will be able advise you far better than I - but until one of them posts I will try to answer your question.

 

Is there any defence ?

You should, as you probably do, make sure that your anti-virus is up-to-date.

 

Ransomware is a nasty infection and you are quite correct when you say that

Of course I never paid the ransome only a fool .....

This is for the benefit of others reading ......... DO NOT pay them anything.

 

You will find that your machine is "locked" with an intimidating notice - IGNORE THIS.

Even if you pay - they will not unlock your machine.

 

So I ended up needing a new hard drive

This is an extreme case ( in my opinion )

The security guys here would - I am sure - be able to get around the "locked" screen.

 

You need to be very careful which sites you visit.

This is probably your best defence.

 

Also - as you suggest - do not open emails with attachments that are from people you do not know.

 

Sometimes, it could be that your friend or family member has had their email account hacked.

You then receive a "legitimate" email

If you, in any way, suspect that an email is "suspect" then DO NOT open it - and certainly do not open the attachment.

Contact the sender and ask if they had sent you the recent email.

 

I am sure that our security guys will be able to add more to this :)

[RandyL]

The latest ransomware here in Nebraska comes as an attachment in the emails so be very wary of those. A few businesses had to actually resort to a backup as the only solution according to KLKN TV news.

[PEV]

Thanks Ken and Randy.

Problem is if I only have the one PC and it is locked up how to I contact you guys for help?

Anyway the problem does not exist - touch wood but any more suggestions welcome.

Ray

[Starbuck]

Hi Ray,

 

I did see this topic while at work today, but as i only had my phone.... i was unable to get the information needed.

 

These are very good questions Ray and Yes you are right to be concerned.

Ransomware has come along way in a short time and the latest version is particularly nasty.

As well as the typical lock screen, the latest variant will encrypt your files.

 

This ransomware will encrypt certain files using a mixture of RSA & AES encryption. When it has finished encrypting your files, it will display a CryptoLocker payment program that prompts you to send a ransom of either $100 or $300 in order to decrypt the files. This screen will also display a timer stating that you have 96 hours, or 4 days, to pay the ransom or it will delete your encryption key and you will not have any way to decrypt your files. This ransom must be paid using MoneyPak vouchers or Bitcoins. Once you send the payment and it is verified, the program will decrypt the files that it encrypted.

Yep, they will actually decrypt your files.

 

The malware itself is reasonably easy to clean, but the chances of getting any encrypted files back after removing the malware.... is pretty slim.

This is because the encryption used to encrypt files matching these masks is a mix of RSA and AES.

Essentially the malware will generate a new AES key for each file it is going to encrypt. The key is then used to encrypt the content of the file.

The AES key itself is then encrypted using the public RSA key obtained from the server.

To recover the AES keys used to encrypt the files, you will require the private half of the RSA key that was generated by the server.

Without access to the server, decryption is impossible.

 

Most ordinary AV's and AM programs won't be able to prevent this malware.... but at this time there are a few that can prevent it... or at least stop it from encrypting your files.

It seems that adding a HIPS based software like COMODO or Online Armor is highly recommended to prevent the cryptor to do it's job.

The HIPS based software will be added to Emsisoft AntiMalware .... so this will help to protect your files as well.

Unfortunately this is only true of the 'paid' versions though.

 

The link below will be able to answer most of your questions and is a MUST read for everyone.

Cryptolocker Ransomware Information

 

We can't stress the point enough about making sure you have backups of your files.

Make sure you have these saved on something like USB sticks so they can be stored off your system.

If they're stored in a drawer they can never be encrypted...... this way you always have a backup plan.

 

This is quite a serious subject and i could post a lot more.... but the above link will be easier for everyone to read and understand.

 

Any questions you have.... just shout out and we'll do our best to help answer them.

[Armageddon]

I not been a victim of this but | have friends that have I even came here for help from my fellow staff as Starbuck says shifting the lock screen is pretty easy , but getting stuff back is nigh on impossible one friend of mine lost irreplaceable data so I have to agree back up back up back up use USB sticks cloud based storage whatever you have too , were not here to scare you were here to promote safe and happy computing and try to stop the mindless few hurting the many

[Plastic Nev]

I will add that there are many ways to back up your data safely and in fact the entire operating system itself so that you can be back up and running in a short time should you become a victim.

 

System images stored on an external hard drive, provided the system is proven clean of any malware before creating that image is one.

 

A full system clone onto a spare hard drive, that can be swapped over with the infected drive removed, again created from a fully clean system are two of a few fully failsafe ways. (with the latest UEFI instead of the old BIOS, now not quite so foolproof due to some security features of UEFI by the way)

 

If not too bothered and have no fears about doing a reinstall of the operating system, then ordinary back up by copying all data to an external hard drive, which is at the moment the only safe way when faced with a UEFI and not the older BIOS system.

 

Some but by all means not all System imaging software's available are supposedly able to work with the newer UEFI, though I found one that is at best poor and requires an operating system repair after installing the previously created image if using the free version of that software.

 

Whichever system of backup is chosen, it should be done on a regular basis so that not too much recent work is lost is a main priority though.

 

Nev.

[etavares]

+1 for what Starbuck said. He beat me to it. The new one is not fun. The only surefire way is to backup your files frequently and in a way that's not connected to your network (e.g. flash drive, external hard drive that is unplugged, etc.)

[Starbuck]

The developers behind the file encrypting ransomware called CryptoLocker launched yesterday a dedicated decryption service that allows you to purchase the decryption key for encrypted files.

The price for the decryption key, though, has been significantly increased from 2 bitcoins to 10 bitcoins. With the current price of bitcoins at around $212 USD the ransom has increased from around $400 USD to over $2,100 USD.

 

We can only urge you once again to do a frequent backup of all of your files and keep this backup off your system.

[Starbuck]

Prices for the digital cryptocoin Bitcoin soared today as its value reached over $300.00 per coin.

This is great for bitcoin miners and early adopters, but for those who are dealing with the CryptoLocker infection, their ransom price just increased significantly if they pay using bitcoins.

If a user does not pay the ransom within 72 hours they are then forced to pay an increased ransom of 10 bitcoins using the new CryptoLocker Decryption Service that was created by the malware developers.

With Bitcoin prices currently at $315, this puts the late ransom at a hefty price of over $3,000 USD.

 

http://www.bleepingcomputer.com/forums/t/513390/soaring-bitcoin-prices-hurt-the-wallets-of-users-paying-cryptolocker-ransoms/