for display only
Big Blue Interactive The Corner Forum  
Back to the Corner

Archived Thread

NFT: RansomWare

CMicks3110 : 2/15/2017 9:36 am
Has anyone ever heard of this? So bizarre story, my parents business' computer system was infiltrated by hackers. The hackers locked them out of all their files and business documents. They won't let them back in unless they pay a ransom of $4000. The whole enterprise is called ransomware (that's not the actual name of the hacker but just the tactic)

We called the FBI and they said they are aware of these sorts of incidents but their is not much they can do. Apparently these groups charge a nominal amount that it ends up costing more money to pursue or remedy the situation then to just pay the ransom.

Happened to me a few years back.  
Rob in Rockaway : 2/15/2017 9:40 am : link
They actually took control of my computer. Didn't matter what I did. The only saving grace was that I had all my stuff backed up on a separate drive I bought while I was browsing through Costco. I ended up having to wipe the hard drive of the PC that was infected.

Good luck to your parents.
Do they have a back up system ?  
superspynyg : 2/15/2017 9:40 am : link
If not, they might have to pay, which sucks.
Piss poor work by the FBI.  
section125 : 2/15/2017 9:46 am : link
Too bad. If they don't chase the POS's down, they will keep doing it.
Pay the ransome and then they come back for more.

I got something similar once and used a program called spyhunter that cleaned it up. Not sure if the same thing, I wasn't completely locked out, iirc.
Happened to me once  
pjcas18 : 2/15/2017 9:46 am : link
go to a different computer and download kaspersky virus removal tool to a USB, put the USB in your infected computer and then run kaspersky. you might need to play around with booting in safe mode (maybe safe mode with networking) once you load the kaspersky tool, it needs internet and ransomware usually takes over your browser. If you google it there are good instructions. I think I had to clean the registry too.

I was able to get rid of it then I downloaded malwarebytes and cleaned a bunch of other shit.
Happened to us here at work multiple times  
antdog24 : 2/15/2017 9:52 am : link
it encrypts specific files like word documents and pdfs. We had backups and shadow copies of the data which isn't effected. If you don't have a backup paying really is the only option to get those files decrypted and you're relying on the fact that these bastard will actually follow through and give you the decryption keys.
and definitely  
pjcas18 : 2/15/2017 9:52 am : link
do not pay the ransom and don't call any numbers on any screens they present . it's a piece of malware, in mine they hijacked my camera took a picture of me working at my computer and locked my browser with a message with my picture on it saying the FBI had evidence I was running a child porn ring and I had to pay the ransomware to unlock my computer. Now how does that make sense?

it's unnerving at first, to see how easily they can access your computer and prevent you from doing so, but obviously I knew I wasn't running a child porn ring.

this is assuming it's locker ransomware (they lock you out of the computer/files) not encrypted ransomware (they have encrypted your files) - encrypted is harder.

in either case, backing up important files should be a standard practice for everyone.

Tell your parents to buy a Firewall  
Ben in Tampa : 2/15/2017 10:02 am : link
They start as little as $399 from the biggest security players in the world - Check Point, SonicWall, Fortinet, etc and they protect against that stuff.

Just having Anti-Virus does nothing to protect advanced threats like this. Ransomware is 20 years old, but it has grown in popularity the last 12 months. I think its a result of the massive shift to digitizing personal information in healthcare without also increasing security precautions.

Also, they will most likely have to pay to get their files back but that is no guarantee the files will actually be accessible.


... Actually that's good advice for anyone reading this. I have a Check Point 730 firewall on my home network, running all sorts of advanced threat prevention and detection.
sux how common these are....  
Italianju : 2/15/2017 10:03 am : link
depending on the skill of the hacker will depend on whether you can just use malware removal or whether you will have to pay. This happened to a hospital not that long ago if i remember correctly.

Backing up is key, but if you are backing up to an external device (Flash drive, external hard drive, etc..) you probably shouldnt leave it connected a 100% of the time. I know a lot of people who do external drive backups just leave the drive connected. Its not 100% the case, but many times these ransomware attacks can easily infect external devices.
RE: Piss poor work by the FBI.  
Jim in Fairfax : 2/15/2017 10:36 am : link
In comment 13361537 section125 said:
Quote:
Too bad. If they don't chase the POS's down, they will keep doing it.
Pay the ransome and then they come back for more.

I got something similar once and used a program called spyhunter that cleaned it up. Not sure if the same thing, I wasn't completely locked out, iirc.

These ransomware attacks usually come from overseas. Even if you can track down the hacker (which is often impossible), the FBI has no jurisdiction. They can work with overseas law enforcement, but these guys often are from places like Russia, China, Iran, etc -- places that won't cooperate.
Yes, use something like Backblaze  
Stan in LA : 2/15/2017 11:02 am : link
Backs up your entire computer(minus programs) and it has saved me many times.
Mattering on which version  
Existenz : 2/15/2017 12:39 pm : link
of the ransomwhere, there are ways to decrypt the data. Kaspersky and other anti-malware/virus companies have done work on this.
Been going on for several years now  
WideRight : 2/15/2017 12:50 pm : link
Were targeting bigger fish. Hospitals were excellent targets because they could not admit to losing patient data without exposing themselves to liability violating patient confidentiality. So they would settle quickly and quietly

So quite a few got hit. Georgetown Med Center was one. I can only imagine what the cash settlement was.

That they are hitting smaller organizations means the big ones have wised up.
You said "business documents"  
NoPeanutz : 2/15/2017 1:01 pm : link
maybe they have insurance that will pay for this? For the repair, the recovery or the ransom?
Yes, have heard of this.  
81_Great_Dane : 2/15/2017 3:45 pm : link
Have even read an article about someone downloading an Android app to their smart TV and having it turn out to be ransomware. That person to go to the manufacturer to get the reset code, which the manufacturer didn't want to give them at first.

It's a real problem, this thing. Part of the cyber-security training for employees at my office includes a ransomware warning. But it's easy to get caught up in a phishing scam or something similar and boom, you're screwed.
RE: RE: Piss poor work by the FBI.  
jcn56 : 2/15/2017 9:27 pm : link
In comment 13361608 Jim in Fairfax said:
Quote:
In comment 13361537 section125 said:


Quote:


Too bad. If they don't chase the POS's down, they will keep doing it.
Pay the ransome and then they come back for more.

I got something similar once and used a program called spyhunter that cleaned it up. Not sure if the same thing, I wasn't completely locked out, iirc.


These ransomware attacks usually come from overseas. Even if you can track down the hacker (which is often impossible), the FBI has no jurisdiction. They can work with overseas law enforcement, but these guys often are from places like Russia, China, Iran, etc -- places that won't cooperate.


Above and beyond that, much of the ransomware is toolkit based, where teams sell configurable packages to other miscreants who end up creating their own variety of a basic ransomware package. The net result is very tricky to attribute to a specific group before you even get down to jurisdiction.

The only way to protect yourself is through good cyber behavior - keep your machines up to date patch wise, make sure you're running antivirus, keep your network firewalled off appropriately and try not to visit sites that obviously host malicious software or content, and never install software that you aren't 100% sure came from a legitimate source. Even if you follow all those rules, you aren't 100% safe, but you're a hell of a lot closer than you might be otherwise. Law enforcement really can't serve to do much until it becomes a local matter (e.g. cyberbullying) or there's a financial loss.
Back to the Corner