Yep, good idea.
Malware, ransomware, etc. ... PING!
Thanks to raybbr for the ping!!
Posted on 01/02/2017 6:41:30 PM PST by GYPSY286
Has anyone been attacked by Cerber Ransomware? I work at a small non-profit and was attacked last week. Most people who work here are volunteers and since we are a small non-profit, not much money is available to pay the ransom. What to do, what to do....
Also, if you are lucky enough to still be using Windows 7, right clicking folders and then navigating to properties -> previous versions can bring back the last set of files before you were hit with the ransomware.
sometimes you can go right for high-level folders like My Documents and get everything back. just be sure to use the Copy option and not the Restore option to restore to a separate, new folder, and then manually copy the restored files back to the old folder. You’ll also have to manually delete the encrypted *.cerber files as well.
Using a cerber decrypter tool is the best and easiest way to go, though.
The only answer to this crap is to find and kill the people doing this. This includes whoever the virus refers you to in order to purchase the “fix”.
A decent government would be doing this for us.
No real description of how the infection occurs. Sounds like it doesn’t attack Linux.
Does it hit apple systems?
Black Ice.
Then catch them and pull their intestines out through their mouth.
From posted links upstream, apparently not.
Ransomware usually attacks through email. “Click here” is all it takes to unleash the ransomware software.
Good, frequent, complete backups can stymie ransomware.
Image the system disk using Macrium Reflect or Todo Backup.
I sent ~99.9% of email to the bit bucket. Being retired has its time efficiencies. Besides, I now only run Windows in cloned VirtualBoxes that can be deleted and a new clone generated in minutes.
I got an early ransomware some years ago when I had never heard of such a thing. I went through every tool in the Windows toolbox and finally called in my son when the popups were making it impossible to access anything at all. He worked the mouse and keyboard for over an hour but he cleared the crap out and loaded Malwarebytes. I haven't had any virus or exploit, at least not one that has interfered with my use of the computer (I'm sure NSA has a continually updated mirror of my hard drive) since then.
When I got the ransomware I was unable to restore an image.
I got Cryptowall on a business PC. There was nothing I could do but scrap the system. They had disabled access to all external media and the DVD. Couldn’t reinstall anything.
Some volunteer clicked on something they shouldn’t have
“3.) As a last possibility, negotiate a price you can pay with the bastards that stole your data. If you can take the time (weeks?) keep in touch with them and offer them what you can and they may eventually decide to accept your offer.”
I’m not sure about this version, but some ransomware has hard deadlines - if you don’t pay up the key is automatically deleted. There’s not a lot of incentive for the bad guys to wait around...
Where does Macrium store the image? I have a secondary hard drive on my PC but wouldn’t the malware encrypt that, too?
” I have a secondary hard drive on my PC but wouldn’t the malware encrypt that, too?”
Me too and I use Cobian backup. I’m thinking I’ll connect my external, make a weekly backup and then disconnect it.
Yep, good idea.
Malware, ransomware, etc. ... PING!
Thanks to raybbr for the ping!!
A little harsh isn’t it? You know nothing about what they do and you’re labeling them as a scam! If it was sarcasm it lacked the /s. Otherwise get your head out of your a$$ and tell us how much you gave to charity last year.
Happy New Year /s
More than likely not “hacked” but someone was traversing porn sites
If you get one of these, just open the task manager and kill all your web browsers.
EVERY FREEPER SHOULD HAVE AVAST ANTI-VIRUS, MALWAREBYTES, and CCLEANER installed
The same thing you would do if the hard drive just died. Paying the ransom does not ensure you will get the key.
Many modern ransomware attacks are present in a network for an extended period prior to execution. This ensures that even the backups have a copy of the ransomware tucked away somewhere. If you don’t have regular backups, there’s really nothing you can do outside of paying the ransom.
If you have any server operating systems in your environment, follow published hardening guides, and use the built-in backup utilities (Rsync for Linux, Windows Backup for Windows). Windows Desktops can use Folder History, System Restore, or even wbadmin if they’re stored on replicated network storage. Otherwise, the workstations are likely unrecoverable.
The most you can hope for is to store the infected disks away in a locked cabinet on the off chance that the criminal ring is caught and the decryption key is published.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.