Ransomewear

[Perryg114]

I keep hearing about ransomewear and I wandering how bad this gets and what is the mode of transmission? Can this stuff get into your network and erase all of your stuff including what is on servers or does it just take out the one infected machine? If it erases all your backups, you are really screwed.

Perry

 

[seepy83]

The answer is "it depends". It depends on how exploitable your network is, and how determined the attacker is, and what their goal/motivations are. You can reference the recent breach at Sony Pictures, where the attackers were able to move laterally throughout the network, and steal/destroy data on many systems. http://blog.trendmicro.com/trendlab...-the-destructive-malware-behind-fbi-warnings/

 

[JuliaQualls]

Ransomeware is a type of malware which restricts the access to the computer system that infects and demand a ransome paid to the creators of the malware to remove the restrictions. I think it will work on a half duplex mode of transmission.

 

[John Connor]

Ransomeware may come from an E-mail attachment, a program you download or a script on a website. There are many ways to prevent it, but can be cumbersome. One way to prevent ransomeware is by using HitmanPro.Kickstart. http://www.surfright.nl/en/kickstart

HitmanPro can also remove Crypotlocker.

I would use Sandboxie. I wrote an entry on my blog about Sandboxie here. http://blog.systechforum.net/?p=42

Why Sandboxie? because normal anti-virus software is definition based and if there isn't a definition for a certain malware you are SOL.

 

[MustISO]

I've seen it in action and depending on the variant it can be pretty devastating. In the cases I saw, users received an email with a link to the virus or the email had an infected attachment. The virus then encrypted all of the files on the local system as well as any network locations the user had access to. The options for recovery were to pay the ransom (never a good idea) or restore from backup.

While most AV programs can remove the virus, they don't remove the encryption which is really the problem.

 

[Blackjack200]

The options for recovery were to pay the ransom (never a good idea) or restore from backup.

While most AV programs can remove the virus, they don't remove the encryption which is really the problem.

Why is it not a good idea? My roomate had this happen at his office, they paid the ransom and recovered their data. There was just an article about this in the NYT with the same solution.

These guys are thugs, but they are trying to build the repuatation of unlocking systems when they get paid. If they don't, then people will stop paying the ransoms.

http://www.nytimes.com/2015/01/04/opinion/sunday/how-my-mom-got-hacked

 

[MustISO]

Why is it not a good idea?

While this may be the best option for some people, all is does is keeps the criminals coming back for more.

Giving them a credit card and not cancelling it right after would also be a bad idea.

 

[1sikbITCH]

Why is it not a good idea? My roomate had this happen at his office, they paid the ransom and recovered their data. There was just an article about this in the NYT with the same solution.

These guys are thugs, but they are trying to build the repuatation of unlocking systems when they get paid. If they don't, then people will stop paying the ransoms.

http://www.nytimes.com%2F2015%2F01%2F04%2Fopinion%2Fsunday%2Fhow-my-mom-got-hacked

Hackers sell lists of people who will pay ransoms.

Your roommate is likely going to be targeted repeatedly going forward.

 

[Blackjack200]

While this may be the best option for some people, all is does is keeps the criminals coming back for more.

Giving them a credit card and not cancelling it right after would also be a bad idea.

I personally wouldn't pay them because I'm not that worried about losing the few photos and documents on my computer. But I definitely understand someone that has their business compromised by something like this being willing to pay.

Yes, if everyone refused to pay the ransom, these attacks would stop, but that's just not realistic. For any individual, their decision to pay or not pay will not affect the viability of ransomware.

Hackers sell lists of people who will pay ransoms.

Your roommate is likely going to be targeted repeatedly going forward.

Well, my roommate wasn't targeted, the office he works in was. It's a small law firm. His boss, the managing partner, is the one who paid. I hope he also paid someone to provide network security.