Ransomware: Pay it or fight it?

Network World ^ | Mar 16, 2015 | Colin Neagle

[gibsosa]

Cannot even remember how many people have come into my shop, “my computer won’t boot!!!!”
The hard drive is toast, and they had pictures and such that can’t be replaced....

[wally_bert]

Those are two of the 3rd party things I use first.

[upchuck]

Run a daily backup and it’ll never be an issue.

True. Just be sure the backup device is not left connected to the computer. Ransom-ware attacks all devices connected to the computer.

I have found storing backups off-site to be a best practice. Yes it's more trouble.

[Svartalfiar]

You don’t need to do either. It a scam. Shut down your computer, sign in as the administrator and run your antivirus scans to remove the virus. It’s a clever virus but it can be removed. It just needs to be removed outside before you “sign in” to your computer, and that’s through administrator mode. I’ve had this happen to me and resolved it.

Yes, but many people run their base account as the only account on the computer, and it is the administrator. Same permissions as your root admin.

However, even if it is just a local limited user, yes, you can do what you suggested but all the files that are on that particular user, as well as any shared/public folders, will still be encrypted and inaccessible. New files will be ok, but anything pre-virus is locked.

[Svartalfiar]

Download Kaspersky Rescue Disk 10 ,boot computer from it clean out Ransomware ,D’oh

There are several ways to get rid of the virus. But that won't fix your computer, that just prevents anything more from becoming infected. All the old files that are now encrypted aren't decrypted when you remove the virus, so you have unreadable access to all your pictures, movies, music, documents, etc etc. So unless you're ok with basically wiping your computer clean, simply removing the virus doesn't really solve the problem. It's just step one.

[CodeToad]

Easy enough to defeat it. Paying it never works.

[grobdriver]

Back up your hard drives frequently and if this ever happens, format and reinstall the machine, then restore.

I would never pay a penny to these people.

[TNoldman]

Ransom ware

[LowOiL]

I don’t think so, it has encrypted files that can not be decrypted. You probable got something else, but not this.

[Dalberg-Acton]

An ounce of prevention:

http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#prevent

[Carry_Okie]

Organizations that employ real-time backup and frequently test their tools typically survive a ransomware attack unscathed – they can simply wipe the infected device and restore the backed-up files.

I prefer the "physically disconnected backup," a hard drive that I connect periodically and refresh when things are peachy. I want the time to detect the malware before accidentally putting it on the backup too. I know that some malware comes with 'long fuses' so that they can go farther before unpacking to do their damage, but this at least gives the IT guy (me) time for the antivirus people to get the word out. At most I'll lose a week's work.