HiFlyer

An NSA Cyber Weapon Might Be Behind A Massive Global Ransomware Outbreak

Recommended Posts

Help AVSIM continue to serve you!
Please donate today!

I read that earlier, that's why it is always a good idea to create a system image regularly and have the drive  disconnect from your network. 

Share this post


Link to post
Share on other sites

In another scare article I read, a Microsoft spokesperson provided the following comment:

“Today our engineers added detection and protection against new malicious software known as Ransom:Win32.WannaCrypt. In March, we provided a security update which provides additional protections against this potential attack. Those who are running our free antivirus software and have Windows updates enabled, are protected. We are working with customers to provide additional assistance.”

I also use the Malwarebytes software.  Ransomware is a mess but I was able to help a friend remove the virus by following guides I found on the Internet.  But realistically, the best thing to do is to reformat your HDD and reinstall everything.  I keep a backup of My Documents and My Pictures folders on another drive because those drives are not damaged by Ransomware.

Best regards,

Jim

  • Upvote 1

Share this post


Link to post
Share on other sites
38 minutes ago, Jim Young said:

I keep a backup of My Documents and My Pictures folders on another drive because those drives are not damaged by Ransomware.

My ex-girlfriend called me up a few months ago, frantic that years of family pictures and other important documents had been locked up by one of these. We were unable to save anything, and unfortunately the infection did indeed manage to spread to all of her drives and essentially lock up everything. It even encrypted a connected usb stick.

All gone.

By the way, the MS patch that should address the Eternal Blue infection is MS17-010

 

Share this post


Link to post
Share on other sites

Ransomware does not spread to all of your drives unless it is the encryption ransomware.  My friends computer had the other type which just locks up your computer.  So, if you shutdown your system and reformat and reinstall everything, any other drives should not be harmed in any way.  What happened to your "ex-girlfriend's" (uh, sorry to hear it did not work out) computer was the more devious ransomware that encrypts your files.  Still, I would think that after reinstalling Windows on the main drive, you probably could find some software that could unencrypt the files on the other HDD's.

In any case, it's a nasty, nasty malware.

Best regards,

Jim

Share this post


Link to post
Share on other sites
1 hour ago, Jim Young said:

Ransomware does not spread to all of your drives unless it is the encryption ransomware. 

Yup, the ransomware in the posted article that's causing the current issues (eternal blue) definitely encrypts your drives. The thing about these particular ransomwares is that the only real way to break the encryption seems to be to find an identical file that has not been encrypted, and then run a comparison software that may be able to find a key.

My ex was hoping that I had enough old pictures around that I might have a match for some of hers and thus be able to decrypt the drive she sent me, but sadly If absolutely all files have been encrypted and you have no unencrypted examples to be examined (I had no matching files since I gave everything to her) you really are up the creek without a paddle.

People on forums like this might have a slightly better chance since digging around in CFG files and whatnot may create a higher computer familiarity, but your average person would likely have no idea where to even begin to figure out how to address stuff like this.

Unfortunately.

Probably something that might be done is save important documents and photos to the web, but if this ever happens to me, I'm probably toast, since I trust "the cloud" about as far as I can throw it. :blush:

Share this post


Link to post
Share on other sites

I was a victim of ransomware sometime ago and I was able to fix and unlock my computer. Rebooted in safe mode and searched for any files that had been added or modified on the day the attack took place. Once those files were deleted I rebooted normally and that got things back to normal. Not saying this will work for all ransomware but that help me get back to normal. Ransomware can be very frustrating that's for sure.

I should mention this attack was probably 10 years ago when ransomware was just making an appearance, I'm sure it has gotten a lot more sophisticated over the years!

 

Martin

Share this post


Link to post
Share on other sites
1 hour ago, MartinRex007 said:

Ransomware can be very frustrating that's for sure.

I haven't been hit with a virus in years and years, but I'm the guy people bring their busted computers to.

I've sent out warnings to friends and family so hopefully I don't get drowned in pleas for help over the next few weeks.

Share this post


Link to post
Share on other sites
1 hour ago, HiFlyer said:

Yup, the ransomware in the posted article that's causing the current issues (eternal blue) definitely encrypts your drives. The thing about these particular ransomwares is that the only real way to break the encryption seems to be to find an identical file that has not been encrypted, and then run a comparison software that may be able to find a key.

My ex was hoping that I had enough old pictures around that I might have a match for some of hers and thus be able to decrypt the drive she sent me, but sadly If absolutely all files have been encrypted and you have no unencrypted examples to be examined (I had no matching files since I gave everything to her) you really are up the creek without a paddle.

People on forums like this might have a slightly better chance since digging around in CFG files and whatnot may create a higher computer familiarity, but your average person would likely have no idea where to even begin to figure out how to address stuff like this.

Unfortunately.

Probably something that might be done is save important documents and photos to the web, but if this ever happens to me, I'm probably toast, since I trust "the cloud" about as far as I can throw it. :blush:

Uh, no.. what you're supposed to do is take reglar backups to a removable drive that you only connect to take the backup...

Share this post


Link to post
Share on other sites
1 hour ago, MartinRex007 said:

I was a victim of ransomware sometime ago and I was able to fix and unlock my computer. Rebooted in safe mode and searched for any files that had been added or modified on the day the attack took place. Once those files were deleted I rebooted normally and that got things back to normal. Not saying this will work for all ransomware but that help me get back to normal. Ransomware can be very frustrating that's for sure.

I should mention this attack was probably 10 years ago when ransomware was just making an appearance, I'm sure it has gotten a lot more sophisticated over the years!

 

Martin

No, it won't and you were lucky. Had they done the "encrypt your files" attack, you would not have had access to those files anymore without paying...

Share this post


Link to post
Share on other sites
43 minutes ago, Raven9000 said:

Uh, no.. what you're supposed to do is take reglar backups to a removable drive that you only connect to take the backup...

You realize that the vast majority of human beings have the one drive that comes with their machine, and never ever get more than that? The better option for them might be the cloud.

I myself have tons'o drives and my files are backed up and decentralized. but I also realize that's not the norm.

Share this post


Link to post
Share on other sites

Don't keep anything on a computer that you can't afford to lose.

We live in a disposable society now. In the future this time period will be a big blank :) There will be no archaeology for anyone to find.

Share this post


Link to post
Share on other sites

Cyber security is joke, it's a vast problem driven by user ignorance and fear. A vast majority of end users know absolutely nothing about what goes on beyond the monitor they are staring at! It's also a problem that is going to get much worse as the younger generation of computer savvy criminals realise that the large majority of their peers are living and working in blissful ignorance in a society that relies more and more on the power of cyberspace. If you want total protection from cyber attacks then don't connect to the Internet or at least train end users and make them aware that opening that unsolicited email might be a bad idea.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now