Posted on 01/02/2017 6:41:30 PM PST by GYPSY286
Believe it or not, most of these criminal outfits will provide a decryption key when the ransom is paid. If it became public knowledge that they weren’t providing the keys, at some point their income stream would stop. End users are not complete idiots. If it’s publicly known a ransom won’t produce results, why pay?
It’s also important to note that more than half of ransomware victims are reinfected within a year of the initial hit. You HAVE to educate your users. They are the first line of defense and often the reason for the infection to begin with.
We found that some of the ransomware bandits had already changed contact info and couldn’t be reached.
bfl
Report your experience to the FBI. They catalog this stuff and should be involved. They can publish entities known to not provide a key which can save companies a lot of money if they get infected.
If the FBI knows they can provide a key, they also know how to find them.
bookmark
Did you do a complete drive back up, or at least company (versus system) files?
Do you have a restore disk for your operating system?
Where are the back ups located?
Not true. You’re missing a step here. If a company pays the ransom and the criminals provide a decryption key, then there’s “good faith” that the criminals will make the exchange.
If a company pays the ransom but the criminals cut and run with the money, there’s precedent that paying the ransom doesn’t make the situation better. If this is disseminated, then companies will stop paying the ransom and live with the fact that their data is lost. Eventually, the criminals lose. All they’re doing is inconveniencing someone. They’re no different than a virus writer or spammer.
The FBI acts as a central point for dissemination of that information. They don’t have to know where the criminals reside, just who they are, the ransomware variant, and whether or not they provide the decryption key upon payment.
I paid for Carbonite and had an attack after a couple of years. They were unable to retrieve anything because I could not come up with a password they required.
My company is attacked by cryptolocker all the time. We’re an enterprise with 2000+ PC’s though. We fortunately have daily commvault backups and snapshots taken multiple times a day. We can quickly restore the network file locations from earlier backups. We end up just re-imaging the actual PC though to get rid of it.
Sorry, to take so long and answer. Haven’t been on computer much.
You can put the image anywhere you like. You could put it on an external drive that you leave disconnected for times like this.
I would first reformat the HD using a Windows 10 iso on disc or whatever Windows version you have.
Then use Macrium USB or DVD to start the re-imaging of your C:Drive to restore the image and “valuables.”
Wow. Do you have another act on the machines. You may be able to log in from the other act and clean it that way.
I paid taxes. All Charity.
Get malwarebytes for the next time.
They say they can stop ransomware.
https://www.malwarebytes.com/premium
“Four layers of malware-crushing tech. Smarter detection. Specialized ransomware protection”.
I back up everything on a secondary internal hard drive and a series of flash drives. Important files I email to myself as an attachment.
I got hit with ransomware once.
Hoepfully, you backed up all your files somewhere, so that you can presumably either format your hard drive or replace it, then load the unencrypted files back onto it.
Nah. I let my son do it with his digital magic. He reset something inside the box and regained control of the keys and from then it was his fingers and skill. I don’t know where he comes by that. There is nothing like an engineer in the family lines and he has had no training beyond his own fiddling.
Hmmmm ..?? I’ve never had malware or ransomeware, etc. I also have a program that signals me whenever I receive a “phishing” email.
It’s awesome.
Thanks to all for the info/suggestions. Went to work today and all files were recovered without paying those &^^&^*% a dime. Apparently Carbonite techs used a backup. Around 10:30 am I received an “unknown name” email notification. Didn’t touch it and email was not found in my list of unread emails.Guess they won’t stop.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.