Ransomware solutions....

[mojo]

Was thinking to call Kim Comando, 'the digital goddess,' to see what she would say. Ransomware drops a downloader on your computer to deliver the payload. Is there a solution for people that have slow wifi that makes backing up to the cloud unreasonable time wise? If you have an external hd hooked up the ransomware it would likely decrypt those files as well. Would your antivirus catch it?
Here's a newer video that made me wonder how to protect computers against ransomware.

PS; Heard from experts to never pay the ransomware...

Source: https://youtube.com/watch?v=YHGBUeGIkDQ

Only if the program for encrypting and locking down your computer is inside a file on your computer. Then your anti-virus would detect it. This particular ransomware just references a downloadable executable that does the nasty

Both McAfee and MBAM have software that monitors for read/write/delete activity since this is the fastest way the ransomware can do the nasty to your files. It works on any system that does this en-mas so it's designed to work with systems using MS encryption (no false positives when you actually want to encrypt files).

I use Norton so not sure....

[regnak]

I got a virus it encrypted my hard drive I search for key no luck

I had a backup drive encrypted that as well
I formatted my hard drive or tried to computer would not boot
Solution I ordered new computer from dell bad Windows 10 which sucks I asked dell for windows 7 they refused sucks

I could have got old one fixed at computer shop but it was dying on its feet I had tried to upgrade said need dell parts so expensive it was easier just get new one .

I had three back up old emergency of backup but I drive corrupted not used in years so I did lose some data but I had most important stuff on pen drive just in case I saved 90 percent of my data I had some PDFs from work but I have printed copies I lost 1 document I think because I never printed it . I had copies of some stuff in my email so I recovered some stuff there .

Advice back up but leave backup not connected to your computer or you might lose it

[TargeT]

Posted by mojo (here)
Is there a solution for people that have slow wifi that makes backing up to the cloud unreasonable time wise? If you have an external hd hooked up the ransomware it would likely decrypt those files as well. Would your antivirus catch it?
.

Get into the habit of backing up your system weekly with an external hard drive that is only connected for the backup (I have 2 externals, 1 for backing up, 1 for additional bulk file storage).

Don't run random programs (this is generally how ransom ware works).

Get GOOD antivirus & a firewall.

I suggest Bitdefender (antivirus) and ZoneAlarm (firewall) both are free & perform better than norton / mcafee.

Make sure you have windows update set to patch... having the most recent patches will fix ~80% of your vulnerabilities. There are tools to help with that, I suggest Secuna.

[petra]

Webroot SecureAnywhere (formerly Prevx) is a great antivirus too. It is built (supposedly) to work along with other antivirus and not conflict, it scans for patterns and other suspicious looking things, and you never have to update it either. The trial version is fine if you're tech-savvy enough to remove anything manually which it reports.

https://www.webroot.com/us/en/home/products/trials

EDIT: This will not fix ransomware....

Best tip I can think for that is make limited user account, and use that one. Don't be using the Admin account to browse the web.

Ransomware come from running software on the machine, so as long as nothing tricks you into running it you should be ok.

[Bob]

I've successfully used Spybot SD 1.6.2 from Safer-Networking LTD. It did require starting in safe mode and running it from a USB stick I believe (caught a drive-by from a website visited), a long time ago from not having updated AV files, and not having Spybot SD realtime monitor.

It's free for non-commercial use according to their webpage. I suppose different ransom-warez may have a way to prevent Spybot SD from removing them..

What the program apparently does is go into the backup system restore copies and clean them too, thusly allowing one to restart using a previous system save point. Running it after restored is then highly recommended. On a clean system they have a feature called "immunize" which will do an everything snapshot so that it can tell when something has been changed. That's what it says looking at how it works on their webpage.

[dim]

Install and run windows from a VHD: WinNTSetup
and have some VHDs as backup as well
the system is thereby isolated inside a single file on your hard disk and whatever happens to it stays in there
you can always delete it and use another VHD

Alternatively use grub4dos to load the vhd on ram and boot form there
for a totally indestructible OS: run windows 7 from ramdisk
too technical, not for everybody.

Never a good idea to browse the web without uBlock
go to advanced settings and select just about everything

Always update your Hosts file

Always download executables from trusted sources like: Freeware
If you absolutely have to run something you don't know about it: virustotal

If you're paranoid use: peerblock
development has stopped long ago but still works fine, update your lists through
block lists

Obviously always backup sensitive data on an end to end encrypted cloud drive
use your encyption and steganography if you must
and everything else on a disconnected external hard disk.

I never used any AntiVirus or Firewalls, after awhile one realizes they are part of the problem.

[TargeT]

Posted by dim (here)
I never used any AntiVirus or Firewalls, after awhile one realizes they are part of the problem.

I highly suggest against this practice.

ZoneAlarm (Most firewalls) will block any incoming or outgoing connections that you did not initiate (it very intuitively helps you build a white list after you first install it by asking if you want to allow connections or not, then remembering your answers)

Bitdefender takes known signatures of malware and looks on your computer for those signatures, that's how antiviruses (AV) function (and also why it is so important to keep them updated).

If you suspect you area already "infected" there are a lot of "removal tools" out there, MalwareBytes is one of my favorite for cleaning up a system (though I think it's best to completely reload the operating system).


Those two things are a minimum for any internet connected computer that you don't want to have problems with.

I am paid to attack systems (penetration testing), nothing makes me smile more than a system with out AV (or really old signatures) and no firewall...

[Gurudatt]

Tips for not getting ransomware on your computer.

1. Do not download stuff arrived in your email or visit links in your email that looks suspicious. Check the email header to verify sender original email id. Files used to download ransomware are generally PDF, MS Office docs, Javascript files masquerading as text or image files, Video/Image files.
2. Do not visit warez and crack sites or spurious hack/adult, torrent and gaming sites.
3. Take a regular (I do monthly) backup on portable hard drive with internet switched off
4. Take twice a week backup on a portable pen drive with internet switched off.
5. Start using Linux. One suggestion is using Linux from a bootable USB Stick. I use Porteus linux distro on a 8GB Pen Drive which is also my backup drive.
6. If you are using Windows, before starting and closing browser use ccleaner to clean all traces and junk from your computer. Also keep you anti virus updated. I use AVAST which has stood the test of time thus far.
7. Do not insert a third party/CD or USB Drive on your computer without first checking for viruses. Sometimes we share our own with other computers and the malware can creep in.
8. Install a strong WiFi router password to prevent dropping of malware using your Wi-Fi connection. If you are using a Public Wi-Fi make sure you have the requisite firewalls / VPNs installed.
9. Try and avoid keeping your most important documents on your computer.

[lucidity]

Posted by TargeT (here)

Posted by mojo (here)
Is there a solution for people that have slow wifi that makes backing up to the cloud unreasonable time wise? If you have an external hd hooked up the ransomware it would likely decrypt those files as well. Would your antivirus catch it?
.

Get into the habit of backing up your system weekly with an external hard drive that is only connected for the backup (I have 2 externals, 1 for backing up, 1 for additional bulk file storage).

Don't run random programs (this is generally how ransom ware works).

Get GOOD antivirus & a firewall.

I suggest Bitdefender (antivirus) and ZoneAlarm (firewall) both are free & perform better than norton / mcafee.

Make sure you have windows update set to patch... having the most recent patches will fix ~80% of your vulnerabilities. There are tools to help with that, I suggest Secuna.

Or... simply get a Mac or Linux,
... viruses are rare on these platforms.

[norman]

Warning folks !

Malwarebytes have updated their malware database 16 times today and the day's not even over.

That's an unusually high number of updates. My guess from this, is that there is a lot of fresh malware going around today.

[mojo]

They are using a new scam sending people package delivery attempt notices... just click on it and instant delivery of the downloader which delivers the payload to your system...very nasty...

[Rocky_Shorz]

Where these things get everyone is they can be dropped on your computer 6 months before activating, it gets copied across to every backup you will try to restore from...

They have moved to enterprise now, these files are part of the system and have been for several years...

[mojo]

Sometimes they just want to infect your system.

Source: https://youtube.com/watch?v=b5Dx2J-gOwo

finding solutions.

Source: https://youtube.com/watch?v=IgOCROM_gP8

[norman]

Here's a change dot org petition to remove the spyware and adverts from Windows 10:

https://www.change.org/p/board-of-di...ail_responsive

[Mad Hatter]

I've quoted them before and I'll quote them again...
There are only two rules to computer security -
1) Do not buy one.
2) If you do do not turn it on.

As an aside I deal with this on a regular basis and although its based on the same core code the variants are getting even more annoying to deal with. The very latest flavor is now actually encrypting sections of the OS(windows) that are not relevant to letting the thing run. This effectively means that cleaning is no longer viable so a complete rebuild is required in each case. The ultimate solution is two machines. One that does all your work but is never connected to the interwebz and another for when connection is necessary. Removal - try this - download run Malwarebytes (Free version but turn on pro trial mode helps prevent re-infection for 30 days at least), ADWclean, CClean, then you have the tedious task of removing files/notification messages. HTH

[mojo]

here's a new threat... Goldeneye is nasty so please be careful, you should not ever click on any part of the page instead go to the task manager when a pop up or other strange page is visited or in email especially unknown. The reason to be more careful is that anytme you click the program can install the downloader without being noticed having something under 300kb of data.

Source: https://youtube.com/watch?v=UDuJ8tEgg18

[norman]

Google Chrome Users Are Being Baited



Spora Ransomware Targets Chrome Users

A new ransomware campaign is targeting Google Chrome users. If Chrome users visit a compromised site, an alert will pop up prompting the user to “update” a Chrome font extension. The false update claims it need to execute because Hoefler Text is not found. Although this text font is legitimate, the update is not.

According to Forbes, researchers have found after users execute the fake update, they become infected with the ransomware variant, Spora. Although this ransomware variant is similar to other variants, it does have a few features that set it apart. First, it is able to function while your PC is offline. Spora also leaves certain critical data files untouched, solely to keep the PC somewhat functional in order to receive payment for the encrypted files.

Decryption options are also a bit different than traditional ransomware variants. Most variants make a lump sum ransom demand to get your files back. Forbes reports Spora has alternative payment options. Victims can pay $30 per file for decryption or $79 for complete decryption. In order for the infection to be removed from the PC, victims also need to pay and additional $20. And, for the low price of $50 you can prevent any future Spora infections


http://techtalk.pcpitstop.com/2017/0...-users-baited/