Ransomeware attack, need advice

self | 07/16/15 | fwdude

[fwdude]

I have recently had the unpleasant experience of having one of the new variants of the cryptolocker malware infect our computer servers at work. In case someone doesn't know, its a computer worm that encrypts all the standard-format files on a system so that the use can't open the file without a "key," supplied by the hacker for a ransom.

My question, which I have researched extensively over over the internet, is whether it is advisable consider paying the ransom, if there is enough "honor among thieves" to trust that the files will be unlock if I pay, and if there might remains some residual malware that might reinfect our computers.

And, no, there are no backup files that were untouched, the backups were infected as well.

Some of the files are critical, or at least would take an enormous amount of work to recreate or recover otherwise. Do you consider the risk worth the reward?

[Flash Bazbeaux]

I have always heard that you don’t get a key. You just lose your money.

[fwdude]

I’ve heard the opposite, that most people do get back their data.

[bcr100]

I would think if you pay, they will always come back to do it again.

[Ouderkirk]

The obvious of paying the “ransom” only encourages them and I doubt that the “key” will remove the malware permanently, and that they will keep coming to the well for more $

[Yosemitest]

NO!
Dump WINDOWS, and get a different Operating System !

[wally_bert]

Had a similar problem with an overseas branch. Never heard of the outcome.

I’m about to the point of running linux live such as Ubuntu for internet stuff and using windoze on line as little as possible.

Other than routine browsing, email, and FTP there is nothing else.

[Lazamataz]

Pay the money, then take your backups off-net every time you backup.

Expensive lesson, but now you've learned it.

[mountainlion]

I have heard that paying the ransom goes form bad to worse as you give up your banking or credit card information. I am struggling with Marc's cyber page pirating Waterfox. I am using programs form Download.com and have removed Trojans and other virus files but not the pirate page. I expect things to get worse as the government gives our information to China.

[Bernard]

“Hitman” worked for the DOJ page-locker. I don’t know about this one.

[wally_bert]

Totally agree. Give a wolf a taste and he’ll be back for more - Kerim Bey.

[Lazamataz]

Oh, it definitely does not remove the ransomware.

1) Take the machine off the intranet IMMEDIATELY.

2) Pay the money, I have never heard of someone not getting a key.

3) Unlock the data you want. Take the data off onto a USB, and on a computer you do not care about, insert the USB and run about 100,000 virus and rootkit scans.

4) Factory re-image the infected computer.

5) Factory-reset all the peripherals around it (I was once infected with a rootkit that flashed the firmware in a router, to reinfect my computer even after I factory-reimaged).

6) From that point on, all backups go on to one of several devices, and each device is taken offline after the backup.

[fwdude]

Okay, I need a solution to the CURRENT problem. Leave your hatred for Windows at the door for now.

[Tamzee]

Massachusetts police department pays $500 CryptoLocker ransom

http://www.networkworld.com/article/2906983/security0/massachusetts-police-department-pays-500-cryptolocker-ransom.html

[fwdude]

The transaction is done with bitcoins, so there is no exposure to your bank account.

[Lazamataz]

I have heard that paying the ransom goes form bad to worse as you give up your banking or credit card information.

That's why God invented one-time-use debit cards!

Load the card, spend 6 bux on the fee, and boom. Done.

[keat]

Pay the money, then take your backups off-net every time you backup. Expensive lesson, but now you've learned it.

+1

[TomGuy]

You have to determine whether reconstructing the data would cost less than paying the ransome and possibly getting nothing in return.

==

Horse-barn door.

Why were backups on the same server(s) as the data files?

Why were servers not backed up/imaged?

==

How did the perps get the malware planted onto the system?

==

Even with my home computers, I have 4 or 5 backups on USB disks for data that is important.

==

[Delta 21]

The time you have spent on this problem could have made you basically proficient at another OS and more immune to this attack in the future.

The victims complacency is a powerful weapon to the hackers.

[Yosemitest]

Think what you like, but the UNSECURE WINDOWS Operating System allowed the their access to your computer.
Don;' keep putting money into a bad system.
Most times you can simply do a "Power OFF" reboot of your computer, and when the internet comes up, immediately shut that window down before it has time to load.
Then start your internet from your home page.
Good luck with your THEFT RIDDEN SYSTEM.
WINDOWS is built to RIP YOU OFF, and keep you buying more programs to "FIX" a broken system !