Ransomware: Pay it or fight it?

Network World ^ | Mar 16, 2015 | Colin Neagle

[knarf]

I got hit with a ransomware from the "FBI" and they threatened me with further inquiries on my activities and a few other very scarey et cetera's, which ... when called ... the FBI had no idea ... it wasn't from them

My geek friend said yeah ... it's a virus and he somehow re-formatted (I had lost my back-up CD) and got me back on track

I thought of this last night for no known reason (the event was about a year ago) and I thought ... the FBI or anyone that is named as a ransomware deliverer, should protect their own name and reputation by figuring out a patch and give it away free.

Ironic this thread shows up after I had thought of that klast night.

[rockrr]

Good points all.

At this point just about everybody has a newer machine and an old one gathering dust. I made it a point a long time ago to use a “throwaway” laptop for all my internet browsing. It has no data on it and with a Ghost snapshot I can restore it in 20 minutes if I get a bug.

There’s no excuse for losing your stuff anymore.

[CriticalJ]

On the side, it would seem every piece of evidence touched by the encryption would be invalidated. It was out of the chain of custody while encrypted and subject to manipulation while the pc was infected.

[Squawk 8888]

Both are overpriced bloatware. AVG and Malwarebytes both publish free versions and the paid versions are reasonably priced for what they offer; there are other good free ant-malware packages as well.

[Squawk 8888]

I run an image with Odin on a weekly basis. Runs in the background and takes rougly 18 hours. This is in addition to my nightly backup.

[minnesota_bound]

Something similar happened at work where one person’s pc was infected but they put a file on a shared drive which infected all those files and some other people had their pc’s infected who used files from the infected drive.

The company has backups for the network drives and was able to use them but anything new added to those network drives was lost and the other pc’s infected were wiped and a new image of Windows was put on as they could not remove the virus.

Copy your photos separate off the pc or you may lose all those memories.

[ThunderSleeps]

I routinely backup, and verify the backup. I have multiple backups in case the latest one is compromised. That’s at home. At work. ..

[xzins]

That’s a good point.

The safest route is to back up your file and get an entirely new system, writing off the old equipment and old files.

[virgil283]

When you get the ‘fbi’ screen don't click on it or the pop up box. Instead go down to the lower tool bar and right click, scroll down and select ‘Start Task Manager’ and click on the item to stop. Wait 30 seconds or so for it to stop. Do this on each item until they are all cleared and your browser closes all windows.

This can stop the takeover.....Some people say to unplug form the Ethernet first but I don't know if that helps.

[IronJack]

If your backup device -- external drive or memory stick -- is connected to the machine when it is corrupted, the files on that device will also be encrypted.

However, if you take regular backups then disconnect the backup device and only reconnect it to restore a file or to do the next backup, then yes, you can restore from there.

I back up regularly to a memory stick that I immediately remove once the backup is done. I NEVER leave it in the port.

[MeneMeneTekelUpharsin]

Bump for reference.

[dayglored]

> If your backup device -- external drive or memory stick -- is connected to the machine when it is corrupted, the files on that device will also be encrypted. However, if you take regular backups then disconnect the backup device and only reconnect it to restore a file or to do the next backup, then yes, you can restore from there. I back up regularly to a memory stick that I immediately remove once the backup is done. I NEVER leave it in the port.

Excellent point. I do that also (unmount the backup drive), but I took it for granted that of course people do that.... you're right, they don't.

[Impala64ssa]

Bump

[xzins]

That’s a very good point. Back up and remove back up device. Too easy to get sloppy and just sign off.

[moehoward]

"There are great programs that can even give you hourly incrementals (like Apple's Time Machine) and you can go back to just before you got hit."

Roger that. I'm a belt and suspenders guy. Mirror raid with a time machine backup on the Mac Pro home server. Macbook Pro for browsing and preliminary work. Then a business workhorse desktop, another older Mac Pro, with no internet connection. This machine is Super Duper cloned periodically to an external HD. Then the kids use a PC desktop for homework. If that blows up, who cares…dime a dozen

I realize the bigger issue is for those with offsite servers. The secret here is backing up. And maybe it's a good idea to eliminate web browsers from employees machines.

[molson209]

Download Kaspersky Rescue Disk 10 ,boot computer from it clean out Ransomware ,D’oh

[xzins]

An earlier poster pointed out that the ransom originators could have changed your files, and they should not be used again.

The suggestion it’s better to back up and start over completely. That seems logical to me.

[xzins]

An earlier poster, criticalj, pointed out that the ransom originators could have changed your files, and they should not be used again.

The suggestion it’s better to back up and start over completely. That seems logical to me.

[Riley]

Agree with your recommendations, and would add one.

I use Firefox with an add-on called ‘No Script’. It blacklists all scripts unless you explicitly allow them. You can white-list known-good sites and it will remember them.

Keep much of the stuff from getting in in the first place, so you don’t end up having to dig it out of your OS.

[cotton1706]

I had Dr. Spyware, which did a great job.