Hit by RansomWare

[BumbleBee]

I thought I'd create a new thread for this, I didn't intend on derailing @kimbo's thread.

Somehow my laptop picked up some malware, not the tracking stuff or the advertising stuff but rather something called Ransomware. What this stuff does is encrypt your files and then demand payment in Bitcoins for the key to unlock or decrypt them. Some variations can be removed with anti-malware/antivirus software and decrypters are available for some variants for you to unlock your files, but the one I picked up is known as CryptoWall, there is no cure for this sonofabitch and even the FBI recommends paying the ransom if you want your files back.

People, don't think this can't happen to you, make sure you have a good antivirus application as well as a good anti-malware app running at all times and make sure it's updated and your subscription is also paid up. This sh!t is real!

I am thank you .. alone at home .. Metallica doing what they do best and i am enjoying good music and a long lost passion

You're definitely having more fun than me right now, my pc was hit with ransomware

 

[kimbo]

You're definitely having more fun than me right now, my pc was hit with ransomware

Eina

 

[Eequinox]

You're definitely having more fun than me right now, my pc was hit with ransomware

holly crap i thought that was a myth can you do anything about it ? suppose format is outta the question there are plenty pc fundies on here

 

[BumbleBee]

holly crap i thought that was a myth can you do anything about it ? suppose format is outta the question there are plenty pc fundies on here

Definitely not a myth, it was one called CyrptoWall, there is no fix other than to pay the ransom which starts at $500 and doubles every 48 hours. Oh and it got my backup drive too. I'm still busy reinstalling everything on a freshly formatted hard drive. So much data lost

 

[Christos]

Definitely not a myth, it was one called CyrptoWall, there is no fix other than to pay the ransom which starts at $500 and doubles every 48 hours. Oh and it got my backup drive too. I'm still busy reinstalling everything on a freshly formatted hard drive. So much data lost

You could have tried booting from a Linux live cd, mounting your drives and copying your data.
Try clean the drives later after your workhorse is secured.
What or where do you suspect the randsomware came from?

 

[Eequinox]

Definitely not a myth, it was one called CyrptoWall, there is no fix other than to pay the ransom which starts at $500 and doubles every 48 hours. Oh and it got my backup drive too. I'm still busy reinstalling everything on a freshly formatted hard drive. So much data lost

so formatting is possible at least i heard it locked everything drives ssd drives etc

 

[blujeenz]

You pretty much need a shadow copy of your HD that is not permanently connected to your pc.
I also have Hiren's boot disc on a 4g flashdrive that only gets inserted once the pc is unbootable, ie I dont plug it in daily for file storage etc

A quick google turned up this howto

 

[Wyvern]

*huge hugs* - Do me a favour and message @Nimatek - he has dealth with this a lot.

 

[BumbleBee]

You could have tried booting from a Linux live cd, mounting your drives and copying your data.
Try clean the drives later after your workhorse is secured.
What or where do you suspect the randsomware came from?

That wouldn't have worked as all my files have already been encrypted. Each file is individually copied and encryped with 2048 encription and the extention .ccc is added. Instructions for getting your data back is included in each and every folder on your system in the form of txt, bmp and html files.

As to where it came from I have no idea, I never put alien usb devices in my pc and am very careful when it comes to email, but I suspect email would be the most likely method of infection.

 

[BumbleBee]

so formatting is possible at least i heard it locked everything drives ssd drives etc

It doesn't lock everything up, just your user files. They still want you to be able to use your computer to pay them.

 

[Eequinox]

That wouldn't have worked as all my files have already been encrypted. Each file is individually copied and encryped with 2048 encription and the extention .ccc is added. Instructions for getting your data back is included in each and every folder on your system in the form of txt, bmp and html files.

As to where it came from I have no idea, I never put alien usb devices in my pc and am very careful when it comes to email, but I suspect email would be the most likely method of infection.

thats is a serious mind @##$ just there thats for sure

 

[BumbleBee]

*huge hugs* - Do me a favour and message @Nimatek - he has dealth with this a lot.

Thanks, but I've already cut my losses and wiped everything. All my artwork, years of drawings, recipes, labels, countless spreadsheets etc all moertoe. It's like having your laptop stolen but they leave you the laptop, so at least I still have my hardware.

 

[kimbo]

No Problem and thx @BumbleBee ,hope you sort your stuff out

 

[TheLongTwitch]

Sorry to hear about your predicament @BumbleBee

2-3 months ago when I was away in Zimbabwe the company I work for got hit with a ransom too!!!
To make it so much worse; Our entire admin system and all documents (Quotes, invoices, price lists etc.) were locked up with a 4096-bit military grade encryption
..."just" 5 bitcoins for the ransom/decryption

Needless to say: We didn't bother but our poor admin/HR guy got stuck with recreating EVERYTHING that we had lost!
(I think he only managed to finish up a few days ago)

We are living in a digital age and this is the new gunpoint!
As BumbleBee said: DO NOT, FOR A SINGLE SECOND THINK THIS CAN'T AND WON'T HAPPEN TO YOU!!!!!

In closing I'll leave some wisdom that one of my lecturers preached daily:
"There are so many storage mediums available; If you DO NOT have 3 backups, then you DO NOT have a backup!"
(I typically use a RAID 2 external (Double backup), a ghost gmail account with google drive(Cloud), a 2nd HDD on another PC and CD's if need be)

....Can never be too cautious!

 

[BumbleBee]

Sorry to hear about your predicament @BumbleBee

2-3 months ago when I was away in Zimbabwe the company I work for got hit with a ransom too!!!
To make it so much worse; Our entire admin system and all documents (Quotes, invoices, price lists etc.) were locked up with a 4096-bit military grade encryption
..."just" 5 bitcoins for the ransom/decryption

Needless to say: We didn't bother but our poor admin/HR guy got stuck with recreating EVERYTHING that we had lost!
(I think he only managed to finish up a few days ago)

We are living in a digital age and this is the new gunpoint!
As BumbleBee said: DO NOT, FOR A SINGLE SECOND THINK THIS CAN'T AND WON'T HAPPEN TO YOU!!!!!

In closing I'll leave some wisdom that one of my lecturers preached daily:
"There are so many storage mediums available; If you DO NOT have 3 backups, then you DO NOT have a backup!"
(I typically use a RAID 2 external (Double backup), a ghost gmail account with google drive(Cloud), a 2nd HDD on another PC and CD's if need be)

....Can never be too cautious!

Yeah man, this stuff is no joke. But I was careless as far as protection and backups go. I would do the occasional backup of important stuff to a usb flash disk every few months, and I was somehow convinced that Windows 7 built in security measures would be enough if I was careful about handling emails and external media, boy was I wrong.

I hear you on the multiple backups, but so much moola

I need to find a way to do backups of important files and folders automatically, maybe a wireless drive, and on a very very tight budget. Will an external WiFi hard drive be secure?

 

[Silver]

Yeah man, this stuff is no joke. But I was careless as far as protection and backups go. I would do the occasional backup of important stuff to a usb flash disk every few months, and I was somehow convinced that Windows 7 built in security measures would be enough if I was careful about handling emails and external media, boy was I wrong.

I hear you on the multiple backups, but so much moola

I need to find a way to do backups of important files and folders automatically, maybe a wireless drive, and on a very very tight budget. Will an external WiFi hard drive be secure?

Hi @BumbleBee

I tried a WD Wifi external drive and it was way too slow for backing up large files over the Wifi
I may not have configured it correctly, but I followed all the instructions and it worked - but jeepers, it was so slow.
So I connected it via USB and it went super fast.

So before you invest in a Wifi drive, just check out the speeds or better still, test it out before you buy somehow.

 

[Eequinox]

Hi @BumbleBee

I tried a WD Wifi external drive and it was way too slow for backing up large files over the Wifi
I may not have configured it correctly, but I followed all the instructions and it worked - but jeepers, it was so slow.
So I connected it via USB and it went super fast.

So before you invest in a Wifi drive, just check out the speeds or better still, test it out before you buy somehow.

surely it cant be slower than my current storage

 

[TheLongTwitch]

Not if it is connected to the same network 24/7.
....not saying that it is definitely @ risk, but if your PC is constantly syncing to it then there is possibility that it could be infected/locked as well.
Networks are NOT safe unless you KNOW exactly what is coming in and out, with control of it.
(And Windows safety is definitely NOT safe)
As a gamer and IT Audio specialist; Once I have a stable system I don't ever allow windows to update!
I also typically turn off all windows safety & go with much heavier Anti-Virus control (Kaspersky, Full Avast, E-Secure etc.)
You shouldn't ever run 2 sets of defence, as they confuse and fight eachother.

And you don't need much moola in order to be savvy

If you have a spare HDD; Partition it exactly in half and create a RAID-1 drive.
Have this drive secured in your PC box, but not actually connected with power or SATA etc.
...Then once a week shedule a boot-time virus scan, disconnect from all networks & interwebs, shut down your PC and hook up the cables to the drive before powering your PC back on (Which will then trigger the boot time scan).
The boot time scan will check everything that gets loaded into your RAM before Windows is up, ruling out any root-kit viruses or auto startup infections etc.
WARNING: Depending on how much space you have, this can take 6+ hours!!!
(But I do have 5 Terabytes on my machine....hence the excruciating time)

Once you're through the scan and safely in windows, do your backup onto the RAID-1 drive.
Shut down after, disconnect the cables from the drive again and resume life knowing you have a double backup
P.S. You can also set your windows restore to that drive for safety. (and recover your last working system from there if ever need be)

That is just 1 example off the top of my head...but seriously there are loads of simple and cheap/free options you can utilize.
I'm also happy to chat or help with idea's or brainstorming etc.
(Sure the more hardcore I.T. guys can also give great advice)

 

[TheLongTwitch]

@Eequinox ....That's some ancient backup you got there!

@Silver The wifi thing is VERY dependent!
As you would need your PC's connection, router, ethernet connection and/or ports and the drive to all be 1 gigabit (for example)
And this is also risky in cases of dropout, electricity (Thanks Eskom) as well as trustworthy copy. (Windows copy is NOT trustworthy!!!!)
...Many a time I have thought I had files that I had copied, only to encounter them broken or corrupted
I personally love "TeraCopy" as I can check every files success, recopy single or multiple files and it has accurate transfer times.

"Oh....windows says only 5minutes to copy"
1 HOUR LATER
"How do I still have 5 minutes to copy!?!?!?!?"


P.S. For interest: Most secure and longevity-proof storage to this date is old magnetic tape, because it can be stored for 100years + without degradation (As long as stored correctly)

 

[Eequinox]

@Eequinox ....That's some ancient backup you got there!

@Silver The wifi thing is VERY dependent!
As you would need your PC's connection, router, ethernet connection and/or ports and the drive to all be 1 gigabit (for example)
And this is also risky in cases of dropout, electricity (Thanks Eskom) as well as trustworthy copy. (Windows copy is NOT trustworthy!!!!)
...Many a time I have thought I had files that I had copied, only to encounter them broken or corrupted
I personally love "TeraCopy" as I can check every files success, recopy single or multiple files and it has accurate transfer times.

"Oh....windows says only 5minutes to copy"
1 HOUR LATER
"How do I still have 5 minutes to copy!?!?!?!?"


P.S. For interest: Most secure and longevity-proof storage to this date is old magnetic tape, because it can be stored for 100years + without degradation (As long as stored correctly)

yup all 4 megs of it so i cant get no nasty bugs

 

[BumbleBee]

Not if it is connected to the same network 24/7.
....not saying that it is definitely @ risk, but if your PC is constantly syncing to it then there is possibility that it could be infected/locked as well.
Networks are NOT safe unless you KNOW exactly what is coming in and out, with control of it.
(And Windows safety is definitely NOT safe)
As a gamer and IT Audio specialist; Once I have a stable system I don't ever allow windows to update!
I also typically turn off all windows safety & go with much heavier Anti-Virus control (Kaspersky, Full Avast, E-Secure etc.)
You shouldn't ever run 2 sets of defence, as they confuse and fight eachother.

And you don't need much moola in order to be savvy

If you have a spare HDD; Partition it exactly in half and create a RAID-1 drive.
Have this drive secured in your PC box, but not actually connected with power or SATA etc.
...Then once a week shedule a boot-time virus scan, disconnect from all networks & interwebs, shut down your PC and hook up the cables to the drive before powering your PC back on (Which will then trigger the boot time scan).
The boot time scan will check everything that gets loaded into your RAM before Windows is up, ruling out any root-kit viruses or auto startup infections etc.
WARNING: Depending on how much space you have, this can take 6+ hours!!!
(But I do have 5 Terabytes on my machine....hence the excruciating time)

Once you're through the scan and safely in windows, do your backup onto the RAID-1 drive.
Shut down after, disconnect the cables from the drive again and resume life knowing you have a double backup
P.S. You can also set your windows restore to that drive for safety. (and recover your last working system from there if ever need be)

That is just 1 example off the top of my head...but seriously there are loads of simple and cheap/free options you can utilize.
I'm also happy to chat or help with idea's or brainstorming etc.
(Sure the more hardcore I.T. guys can also give great advice)

This sounds solid but way too technical for my little brain, and to be honest if I actually got this running I would probably only do it once. I need something automated because I will forget to do it or just put it off till later because I can't spare the time, then life happens and you realise that you haven't done a backup in the last year....

 

[Ravynheart]

Just wanting to add my 2 cents. I believe in ye olde backing up to CDs. (yes, I have bags full of the stuff and don't mind the time it takes) and its still serving me the best as I've had my computer and laptop repeatedly stolen. I don't even bother with USB flash disks because they get stolen and corrupted too. Hearing about this Ransomware just proves that someone will always find a new way of creating evil and chaos for those of us that are just minding our own business.

 

[TheLongTwitch]

hmm...I think your best bet would then be to clone your system drive.
Either onto an external or another hard drive secured within your PC box (Which you can unplug and just leave until you need it)
and then make use of a free cloud storage solution for the stuff that is really important to you.

This way you have a folder that is sync'd to cloud storage and anything you place within that folder has an automatic cloud backup and therefore easy retrieval (though you need constant net and big files may be tedious) and if anything happens to your system drive, you just unplug and boot from your clone.

If you can remember to update the clone once every 2 months or so, you have a relatively sure system drive with all programs, settings etc.
and the important stuff would always be in the cloud. (by "Cloud" you can also use your own "Cloud-drive" like the wifi one Silver mentioned)
***I would just advise that it doesn't stay on 24/7 for safety sake.
Turning it on once a week would sync and backup everything and afterwards you can turn it off
...and then you could even do a backup of your cloud drive should you need or want to

P.S. If you go with the personal cloud drive....IT MUST HAVE A SURGE PROTECTION PLUG!!!!
or honestly it would be futile to rely on and trust that it is fullproof.

 

[TheLongTwitch]

Agree with @Ravynheart CD's and DVD's are chips cheap and relatively great, as long as they are stored correctly.

P.S. Always protect the TOP of your disc's!
If the top gets scratched, the data is useless...if the plastic gets scratched you can easily polish thousands of scratches out of the plastic

Another note: Keep an eye out for small "water-droplet" type spots that may occur.
They look like tiny round air bubbles or droplets but are in fact a living organism that eats the storage coating of discs
...and no I am not joking!!!
If you have 1 disc that gets this then immediately remove it from close quarters of any other discs or it will slowly spread through a whole spindle or CD-case of discs

 

[BumbleBee]

hmm...I think your best bet would then be to clone your system drive.
Either onto an external or another hard drive secured within your PC box (Which you can unplug and just leave until you need it)
and then make use of a free cloud storage solution for the stuff that is really important to you.

This way you have a folder that is sync'd to cloud storage and anything you place within that folder has an automatic cloud backup and therefore easy retrieval (though you need constant net and big files may be tedious) and if anything happens to your system drive, you just unplug and boot from your clone.

If you can remember to update the clone once every 2 months or so, you have a relatively sure system drive with all programs, settings etc.
and the important stuff would always be in the cloud. (by "Cloud" you can also use your own "Cloud-drive" like the wifi one Silver mentioned)
***I would just advise that it doesn't stay on 24/7 for safety sake.
Turning it on once a week would sync and backup everything and afterwards you can turn it off
...and then you could even do a backup of your cloud drive should you need or want to

P.S. If you go with the personal cloud drive....IT MUST HAVE A SURGE PROTECTION PLUG!!!!
or honestly it would be futile to rely on and trust that it is fullproof.

I like the idea of a clone drive, my main pc is a laptop so an external would be the way to go. Maybe one of those 2.5 drives that doesn't need external power. I will bolt it to the underside of my desk and just plug it in every time I think of it. I will also look into this cloud thing, I'm way out of touch with technology these days.

What I have noticed though is downloading all your photos off your cell phone is bad mojo. A few months ago my wife put all her photos on her laptop, soon after it was stolen, all photos lost. Just last week I did the same, the last 6 years worth of photos moved to my laptop and kerpow. So, won't be doing that sh!t again