NBC Nightly News Coverage on "Ransomware"

[us3rnotfound]

http://www.nbcnews.com/tech/securit...u-should-never-pay-ransomware-hackers-n299511

This shows how behind the average person must be on Windows PCs. The video features a victim of ransomware who was given a countdown of 24 hrs to either pay up the ransom, or lose all files. She took the latter, bought a new computer, and went on with life (hopefully never opening suspicious email attachments).

Are we really going to accept this BS? The crappy virus probably could have been remediated with Malwarebytes. This hacking news is so stupid.

 

[cabri]

The average PC user knows nothing about Malware, firewalls, etc.

They trust that the Windows Security will provide protection on what they have heard about virus's

Even people here at AT Security at times get hit; and these may be "professionals"

 

[Ketchup]

Some of this malicious software is very good (and by good I mean bad). The one I removed for a couple last year blocked any executable from running, as well as ability to access running applications, thereby blocking any hope of any removal from within Windows at that state. In that instance I was able to interrupt a shutdown after the app let loose, and take care of it from there.

 

[MustISO]

The crappy virus probably could have been remediated with Malwarebytes. This hacking news is so stupid.

Real ransomware can be removed easily but your files are still encrypted and unrecoverable without paying the ransom. So in many cases malwarebytes will do nothing for the users data.

 

[mmntech]

It's certainly getting more vicious. Was reading on Ars today that scammers are now using 0day exploits in Adobe Flash to hijack ads to deliver crypto ransomware.

Malwarebytes has found these exploits being used on sites like Dailymotion and NY Daily News. Not exactly the seedy underbelly of the web. Right now it's just affecting IE and Firefox users on Windows. Chrome is safe so far.
http://arstechnica.com/security/201...h-new-level-of-meanness-what-are-users-to-do/

Flash really needs to be purged ASAP. I remember Apple getting a lot of grief for refusing to include it with iOS. In hindsight, it was one of the best things to happen to the internet. Forced web developers to start using other tools that achieved the same results, without the overhead or security issues. Unfortunately, there's still far too many stragglers.

Now, I'm definitely not a security or coding expert, so this may be a dumb question. Is there a way Windows (and other operating systems), maybe at kernel level, could block third party software from encrypting drives?

 

[PliotronX]

Real ransomware can be removed easily but your files are still encrypted and unrecoverable without paying the ransom. So in many cases malwarebytes will do nothing for the users data.

This. I was involved in helping a user who typically didn't have any backups and we had to reinfect the system to pay out and decrypt the files.

 

[ControlD]

Seems like a good reason to run your web browser sandboxed doesn't it? I got one of those viruses that takes over your desktop a few years back on my work PC connecting to a customer's internal website. I lost a solid day of work trying to get that removed. I have been running all of my browser sessions sandboxed (with sandboxie) ever since.

 

[fleshconsumed]

Malwarebytes has found these exploits being used on sites like Dailymotion and NY Daily News. Not exactly the seedy underbelly of the web. Right now it's just affecting IE and Firefox users on Windows. Chrome is safe so far.
http://arstechnica.com/security/201...h-new-level-of-meanness-what-are-users-to-do/

Would running a browser in a sandboxie prevent these 0-day flash attacks, or any attacks from within the web browser?

 

[Chiefcrowe]

Great question about 3rd party programs being able to encrypt. I'm guessing there could be a way to block it on the drive level but I think most of these malware programs only encrypt certain files, so that is trickier. Once it has admin access, then it's tough to do anything.

I think running your every day account in one that doesn't have administrator rights could help as well as group policy blocking running of executable and zip files in certain temp folders.

It's certainly getting more vicious. Was reading on Ars today that scammers are now using 0day exploits in Adobe Flash to hijack ads to deliver crypto ransomware.

Malwarebytes has found these exploits being used on sites like Dailymotion and NY Daily News. Not exactly the seedy underbelly of the web. Right now it's just affecting IE and Firefox users on Windows. Chrome is safe so far.
http://arstechnica.com/security/201...h-new-level-of-meanness-what-are-users-to-do/

Flash really needs to be purged ASAP. I remember Apple getting a lot of grief for refusing to include it with iOS. In hindsight, it was one of the best things to happen to the internet. Forced web developers to start using other tools that achieved the same results, without the overhead or security issues. Unfortunately, there's still far too many stragglers.

Now, I'm definitely not a security or coding expert, so this may be a dumb question. Is there a way Windows (and other operating systems), maybe at kernel level, could block third party software from encrypting drives?

 

[MustISO]

Would running a browser in a sandboxie prevent these 0-day flash attacks, or any attacks from within the web browser?

In theory it should keep anything from being able to run if the sandbox is isolated. I'm more curious about viruses that are able to run completely in memory and whether or not those could run outside the sandbox.

 

[mmntech]

I think running your every day account in one that doesn't have administrator rights could help as well as group policy blocking running of executable and zip files in certain temp folders.

Getting users to do that would be an uphill battle. A large number don't know how, or just can't be bothered. Also, it does seem to be impacting corporate environments as well, which shouldn't have admin level access on workstations. I wonder if that's just sloppy IT work, or if the viruses have found away around it.

If you had asked me about this five years ago, I would have said that by 2015, consumer versions of Windows and OS X would have adopted a Walled Garden approach similar to iOS. No root access by default, and will only run approved software from the official App Store. It's far, far from being an ideal situation. However, iOS has never really been affected by malware despite being widely used for eight years now.

 

[Chiefcrowe]

I agree, it is pretty tough to get people to do that, although you can more easily in a business environment.
AFIAK these kinds of malware can get around some of these security methods like running as a normal user account by installing into user profile folders - but group policy can block that for some.

Getting users to do that would be an uphill battle. A large number don't know how, or just can't be bothered. Also, it does seem to be impacting corporate environments as well, which shouldn't have admin level access on workstations. I wonder if that's just sloppy IT work, or if the viruses have found away around it.

If you had asked me about this five years ago, I would have said that by 2015, consumer versions of Windows and OS X would have adopted a Walled Garden approach similar to iOS. No root access by default, and will only run approved software from the official App Store. It's far, far from being an ideal situation. However, iOS has never really been affected by malware despite being widely used for eight years now.

 

[John Connor]

Would running a browser in a sandboxie prevent these 0-day flash attacks, or any attacks from within the web browser?

It can help using Sandboxie along with NoScript. Scan downloaded files with TotalVirus and never open attachments in E-mail you are suspicious of.

 

[fleshconsumed]

It can help using Sandboxie along with NoScript. Scan downloaded files with TotalVirus and never open attachments in E-mail you are suspicious of.

I'm not worried about downloading and running unknown files, I'm cautious like that, I do not download stuff from sketchy websites and I do scan most of the files I download unless they come from a trusted source like Microsoft.

However, I am worried about 0 day exploits in flash or whatnot that can infect you by just going to a website. Plus my gf sometimes goes to streaming websites when a show is not available on amazon prime and that also worries me a lot. It's just HTPC without anything important on it, and it has limited read only access to the network drives, but I'd still rather be safe than sorry.

So is there value to purchasing sandboxie license? Would it help protect my PC from exploits that utilize some sort of browser/flash vulnerability to infect a computer?

 

[Chiefcrowe]

Yes, I'd say so esp if you have someone visiting streaming websites which may be shady.

I'm not worried about downloading and running unknown files, I'm cautious like that, I do not download stuff from sketchy websites and I do scan most of the files I download unless they come from a trusted source like Microsoft.

However, I am worried about 0 day exploits in flash or whatnot that can infect you by just going to a website. Plus my gf sometimes goes to streaming websites when a show is not available on amazon prime and that also worries me a lot. It's just HTPC without anything important on it, and it has limited read only access to the network drives, but I'd still rather be safe than sorry.

So is there value to purchasing sandboxie license? Would it help protect my PC from exploits that utilize some sort of browser/flash vulnerability to infect a computer?

 

[corkyg]

And, there is also a browser equivalent to the age old practice of being "street smart."

 

[John Connor]

You don't need to purchase a license.

 

[fleshconsumed]

You don't need to purchase a license.

Really? From what I've read the "trialware" version starts nagging to buy full version after 30 days. I'd imagine it would be kind of annoying.

 

[master_shake_]

and this is why ads need to be purged completely to have a safe journey through the internet.

adblock plus + no script = safer.

also, in 2015 who doesn't have a backup?

c'mon external drives are cheap these days.