Ransomware

245

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.

Share tech news, updates, or what's on your mind.

Sign up to Post

When a tech company stops servicing a particular program, software, or piece of hardware, consumers still using the outdated equipment are usually left to fend off security measures, bugs, and other problems that come their way on their own.
 
During the WannaCry ransomware attack a few weeks ago, we saw an unprecedented action from Microsoft, as they stepped up to provide a patch for Microsoft XP, Windows 8, and Windows Server 2003. Microsoft XP is a program they have not supported since 2014.
 
This action to secure vulnerable devices and avoid the encryption of personal, patient, and corporate data showed the tech community that corporations care about more than the bottom line.
 
Learn more about Microsoft’s special patch release and how the tech community has responded.
 
How were you affected by WannaCry? We’d love to hear from you—share your experience online now.
3
There seems to be a general consensus that if you've been hit with a Ransomware Virus, especially if by a newly discovered strain of ransomware, and do not have a reliable and unaffected backup to restore from, that all hope is lost.  

This is not necessarily the case!

Whilst it's true that Ransomware is one of the most difficult "destructive infections" to recover from, recovery should never be considered impossible.

Advising those seeking help that they should just accept defeat and wipe all chances of recovering their data is bad advice. This is a point that has been proven time and time again, particularly with past Ransomware strains that were once considered hopeless, yet have now had decryption recovery tools developed to restore data.

If you have been hit by a Ransomware Virus and don't have a backup - do not accept advice that you should just cut your losses, format your hard drive and admit defeat. That's just letting the criminals win.

The first thing you should do (after deactivating the virus) is make a Full Image Backup of your affected hard drive using an imaging backup tool like Acronis, Macrium Reflect or similar so as to have a copy of all files that were encrypted.  Safely store that backup away for future recovery attempts, or to restore from if a recovery attempt goes belly up.

Once backed up, Wipe and Start fresh if desired to get back to a working …
3
LVL 29

Author Comment

by:Andrew Leniart
Security companies do have excellent heuristics and definitions,  but they will never catch everything.

No argument.  But doesn't it then naturally follow that they can never "block" or "prevent" everything either?

Using that train of thought, even with all of the security software that you have protecting your machine(s), how can you be certain that you don't have a key logger recording your key strokes right now? Or a yet unknown time bomb trojan just waiting to jump up and deliver its payload? How could any system ever be trustable?

I'm honestly not trying to be argumentative here, it's just that the logic behind your conclusion is escaping me.

If you can't trust your security software to clean up an infection that has been researched and that it knows about, then how is it that you can trust the same software to prevent a yet unrealized one from occurring?

I'll agree we probably need to disagree.  

Life would be too boring if everyone agreed on everything anyway. :)

My thanks again for your input.
1
LVL 32

Expert Comment

by:Thomas Zucker-Scharff
I guess what I meant was that no one security software is likely to catch everything.  That is why I have a multilayered approach on my machines.  But you are correct, I do not feel safe even with that.  I guess I am on the paranoid side, which begs the question, "Is one paranoid, if the fear is true?"  That is a paraphrase of the original question.

The biggest problem, IMHO, is that to secure one's computer (and still have a computer that actually works, instead of one filled with cement), one needs to put enough security software on there that it slows down even the best of computers.

I would like a product that doesn't hog resources and assures me that I will never get malware of any kind (like that is happening).
2
End-Users are the Weakest Link? Do you agree?

The slide below is taken from a webinar I attended today.

End-Users are the Weakest Link
2
LVL 29

Expert Comment

by:Andrew Leniart
Yes, I agree. That isn't necessarily the fault of the end user, in the sense that they may not have the skills required (or be able to comprehend / appreciate the dangers and consequences) .. this can only be solved with End User education, without of course, belittling the end user because of their skill level.
3
5
LVL 19

Expert Comment

by:Kyle Santos
ddaaannnngggg
1
LVL 7

Expert Comment

by:Brian Matis
Huh... this reminds me that I have an old desktop in the garage that's still running 7. Good thing I haven't turned it on in months...
0
The recent malware attack brings to light the need for more security and privacy online. The Experts Exchange community has prepared for this shift with the release of anonymous questions--a feature for Premium Members, Team Accounts, and Qualified Experts.
Benefits include:
Masked user identities. These questions are inaccessible to all search engines and questions will not visibly link back to profiles. Logged out users cannot see these questions at all.
Sensitive information removed from questions, by severing ties that could connect you back to your employer or a project.
Freedom to explore different tech topics you may be interested in but have before been afraid to look into.
To learn how to ask anonymous questions check out this video! https://www.youtube.com/watch?v=uFJF70wsd4c
8
I am looking to have a script run and create a shortcut on users pc across the corporation.

This would be similar to bg info, but would be a shorcut users can double click and info would pop up into the gui windows.


MAc address pc name wirelesss ip wired ip and vpn ip.

Any Help would be great
1
LVL 28

Expert Comment

by:Brian B
Hi Angelo.

I think it could be done in powershell or via policy. However, for the appropriate Experts to see this, I think you might want to submit it as a question with appropriate topics and not a post.

Thanks,
Brian
0
I was at a cyber review meeting a few months back and there was a whole session on the team and the constant updates they are putting into this site.

https://www.nomoreransom.org/

This should be you first port of call if you have anything other than Wannacry, just in case they have a decrypt process
5
LVL 71

Expert Comment

by:btan
Can also check out idransomware

https://id-ransomware.malwarehunterteam.com
4
6
LVL 114

Expert Comment

by:John
I don't think selling this kind of code is new. I think that is why we keep noting that the situation will get worse.
7
My Windows Update was stuck at 0% downloading for about a month.  I fixed it after the WannaCry virus news on Friday by doing the following:

1. Stop the Windows Update Service
2. Delete C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
3. Start the Windows Update Service
4. Check for updates

After that it was working fine!

As for how it got stuck in the first place... I killed the service when it started downloading and taking all my bandwidth while I was playing a game online.  Then I held a grudge against the service for a month and left it broken to teach it a lesson.
8
LVL 19

Expert Comment

by:Kyle Santos
0
ransomwareEmail2.png Friday, May 12th, a new Ransomware threat named WannaCry came onto the scene, affecting organizations in over 150 countries. Damage includes more than 200,000 people infected with the malware and roughly $28,463 paid in bitcoin to decrypt files. That number may only rise unless companies act to mitigate the threat.
Though WannaCry wasn’t a targeted attack on any particular company, institutions using Microsoft operating systems no longer supported by Microsoft security updates found themselves affected by the fast-moving malware.
For a more in-depth look at this attack, check out the following resources:
1. Learn how to prevent this threat without paying a dime.
2. Explore ways to plan ahead and prevent against possible future ransomware attacks.
3. Mitigate damage with these tips if your organization has been affected, and more.
6
image.jpeg
I'm really just a beginner. Tell me, What are the capabilities /benefits for a big virtual bug in theory? How does it access private data concretely in the system? A mind game: Is it possible to switch off the lights of cities by hacking into the local electricity networks?
1
LVL 7

Expert Comment

by:Brian Matis
1
"Microsoft has done the right thing by making the patch available even for older, unsupported systems. But it shouldn't proactively push out the patches, as there are usually some business reasons why companies are still running old and unpatched systems," he said.

"By forcefully pushing a patch, it could do just as much harm, causing systems and applications to become unreliable."


http://www.techrepublic.com/article/why-patching-windows-xp-forever-wont-stop-the-next-wannacrypt/
5
While we're all running around getting things patched and making sure our clients know how to keep from getting ransomware, let's also take a minute to disable SMBv1 as well. Patching will help this time, but you *know* someone is going to try to find another huge hole in SMBv1 to exploit. No Windows OS after Windows XP uses SMBv1, but MS had to include it in their newer OSes for compatibility. All the OSes that only use SMBv1 have been EOL for years. Let's just get future SMBv1 exploits off the table now, shall we?

https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
7
Be aware there is a new strain out in the wild, which does not need the unregistered site, so this will be worse if they go all out again.
4
LVL 7

Expert Comment

by:Brian Matis
I've heard this as well, but am seeing that the news was retracted... Looks like no one is quite sure on this yet.

https://boingboing.net/2017/05/15/killswitches-for-everyone.html
0

Author Comment

by:Tony Bessent
The feed was from a reliable source, I cannot share the link due to contract reasons, and they are reporting that it has morphed and now does not require the unregistered URL asa trigger to encrypt. The report yesterday said there was lots of down load activity, to threat actors, but no sign of it being used in the wild.
0
For Lansweeper users:
Lansweeper released a report that can be used to find machines that do not have the hotfixes installed to mitigate the SMB vulnerability.

https://www.lansweeper.com/forum/yaf_postsm50430_Ransomware–MS17-010-Windows-computers-that-are-potentialy-vulnerable.aspx#post50430
4
Any one have a good suggestion for an endpoint protection with sandbox? I heard about Sophos but not sure.
0
LVL 22

Expert Comment

by:David Atkin
I believe that ESET Endpoint Security has this feature.
https://www.eset.com/int/business/endpoint-security/windows-security/#c3260
4
PAY NO MORE!
2017-05-16-10_40_55-How-Much-Wannacr.png
12
LVL 4

Expert Comment

by:Sina May
Keep fighting the good fight, Andy!
2
LVL 133

Author Comment

by:Andrew Hancock (VMware vExpert / EE Fellow)
It's all billable!
1
Bitdefender and kaspersky had WannaCry in the definitions before Friday!

https://securelist.com/blog/research/78411/wannacry-faq-what-you-need-to-know-today/
6
I received an email from FSecure saying the below
EE.PNGAny insights?
1
LVL 51

Expert Comment

by:dbrunton
Nothing really new there.  That's just an advertising blurb.  All the big anti-virus guys should be on top of it by now.

Try Woody at https://www.askwoody.com/

He's got three posts on the subject there that are very informative.
1
9

Expert Comment

by:Chad Crouch
This malware really hit the world by storm! Got a lot of people in panic.
1
LVL 7

Expert Comment

by:Brian Matis
@Chad - indeed! If there's a silver-lining to all this, it's that more people are starting to take security patching more seriously.
0

Ransomware

245

Solutions

554

Contributors

Ransomware is malicious software, designed to block data access in order to extort money. As a form of malware, ransomware is most often used to infiltrate devices through infected emails or links that, in turn, recognize and take advantage of vulnerabilities in the operating system and installed third-party software.