ransomware

[pineywoods]

Got my first exposure to this nasty type of computer virus last week. Neighbor brought me his desktop computer asking if I could recover all his family pictures and videos (grandkids)..plus some business files. Classic ransomware, files are scrambled and message demands credit card number or bank account number to provide a key to unscramble them..Ran a virus scan and found the culprit, but that won't recover the files. It came in as an attachment to an e-mail..He had done a back up to an external hard drive but after the virus had done it's thing, leaving the backup files corrupted.
With these beasts, the best fix is prevention. Never open an e-mail from someone you never heard off, especially if there is an attachment. An external hard drive is cheap insurance, $60 at walmart. Back up everything, unplug the external drive and store it someplace safe. If you don't know how to do a backup, learn how. It sooner or later will save a lot of grief.
I'm a gentle soul, but if I could get my hands on anyone who did this to me...well, hammers, pliers and dull knives come to mind..

[Kbeitz]

I'm with you....

[WV Sawmiller]

Piney,

   I know the feeling and you sound more tender-hearted than me. I got tagged several months ago. Message came in by e-mail in my Spam folder saying it was from FedEx. I had a lost shipment and our county had just re-mapped our Physical Addresses and the delivery driver had told me a couple days before it was causing them problems finding the customers. Everything fell into place and they got me. To make it worse it crossed over to my wife's files and infected her files too. She has a photography business and has way more files than I do. Fortunately for her she also does a much better job of back-ups and we were able to restore nearly all of hers. I was remiss in backing mine up and lost 5-6 months worth of my business files. Had to go back to my credit card statements and e-mails to reconstruct as much as possible but you never get it all. I had a small drill break on me a couple days ago and realized I had paid cash for it and saved the receipt so was one of the ones lost. Fortunately my local dealer made good on it but I suspect these things will keep cropping up for years.

   Your are correct on the back up and making sure the back up is disconnected so they can't get to your primary and back up at the same time.

[drobertson]

Yep, back up with external,

[clearcut]

In addition to an external hard drive, consider using an automatic, off-site, online backup or file syncing service. Carbonite, BackBlaze, Mozy, and CrashPlan are some of the major players. They cost a few dollars but store all of your important files on secure, redundant servers. Depending on settings they can store older version of documents so that you have a record of changes.

File synchronizing services such as DropBox, Google Drive, and Microsoft OneDrive have a free tier (if you have MS Office for OneDrive). Just putting files in a designated folder automatically syncs with the cloud and you have an automatic, off-site back up. These services make it easy to share documents with co-workers, friends, and family. They store older versions of files for 30 days or so. It can be a challenge to recover many files.

Google Photos will store an unlimited amount of photos and videos using some compression. You can have uncompressed images stored unto the amount of storage on your account. They have an application that you load on your cell phone and/or desktop that will automatically upload photos to the cloud. The search feature works incredibly well.

Flickr offers 1 terabyte of free photo storage. I'm sure there are others.

While an external hard drive should be a part of everyone's back up strategy, you have to remember to copy files to the drive regularly. If the external drive is stored on-site, then a fire, flood, or theft could result in the loss of all copies. Also if you timing is poor, a ransomware app could encrypt both the main and back ups.

All of the major anti-malware companies like Avast, MalwareBytes, Kaspersky, etc. have usually free tools that can help identify and recover from some ransomware attacks.

It's really not that difficult or expensive. I'd rather pay the back up people than the _______!(fill in the blank)

[George Zarifis]

Luckily, I run Ubuntu (linux) on my computer and I don't have to worry about viruses (after all, who would make a virus that would work with only 2% of computers?). For someone who uses windows, it is a good idea to run suspicious programs and files through a virtual machine (e.x. virtualbox).

https://www.virtualbox.org/wiki/Downloads

[Magicman]

Piney, send me the computer and $300.  I'll fix it for you and send it back......or not.   ;D

[George Zarifis]

I'll do it for $299.

[pineywoods]

This one has a new twist, at least I never heard of it. It appears that the malware managed to clobber the firmware in the hard drive itself. Probably not a coincidence that the hard drive quit at the same time the external files were corrupted. I'm still chasing that possibility. Western digital 60 gb

[4x4American]

This got my mother, too.  It was a message from "FedEx" saying there was a problem with a package being delivered.  It was right around Christmas time, and she did have a package or too coming, so she clicked on it, and bye bye.  So instead of paying the crooks, she had one of those computer people, maybe geek squad or similar do the thing where they bring the computer back to scratch, start over pretty much

[pineywoods]

Yeah, the fedex ruse seems to be quite common. But, how would fedex get your e-mail address  ???

[4x4American]

I just got a box of sample blades, and fedex emailed me the tracking number and billing information and all that jazz.  Didn't have to click on nothing, just opened the email and took a look at it.  And it told me there was a problem sending it.  But there really was a problem, because the shipper left out a number on my address.  Luckily the fedex driver was able to overcome this setback, only taking one extra day, partially due to heavy snowfall.  And I completely forgot about the ransomware thing...durr

[Ianab]

This one has a new twist, at least I never heard of it. It appears that the malware managed to clobber the firmware in the hard drive itself. Probably not a coincidence that the hard drive quit at the same time the external files were corrupted. I'm still chasing that possibility. Western digital 60 gb

Not heard of that one (yet). But it would certainly be possible to clobber a disks partition table so thoroughly that windows wouldn't recognise it, and wouldn't even let you delete / recreate partitions.  I've seen that happen accidentally, and had to wipe the disk using a Linux based utility. Then Windows setup recognised the blank disk and let me reinstall.

[pineywoods]

Ianab, that's what i'm hoping. I have a couple of bootable linux cd's that have a bunch of hard drive utilities for specific brands of drives. I've heard some rumors that some of the larger sata drives are microprocessor controlled. Also, If I can find a copy of one of the encrypted files that is not encoded, I might take a shot at unscrambling.  I have some connections that do that sort of thing..

[KirkD]

A 60gb drive has to be pretty old don't you think? Is it worth the time and effort to try to save it and inexpensive as a new one is? How many logs could you saw in the time it takes to rebuild a Windows machine with all the apps installed and updated?