Researchers Claim to Unlock Ransomware Encryption

a reply to: chr0naut

LOL, you read it!

a reply to: HolgerTheDane2

I have talked to people that claim that there is a new version with NO decryption possibility. Apparently it uses date, time and a random generator to construct a unique key to which there is no unlock.

Nothing is impossible . Ever heard of the DoD wipe for securely formatting a HDD before disposal ? It is near impossible at one time. The recommended amount of times: 8.Does that make it no possibility of data retrieval. :no

The theory behind any computer security is to make it as difficult as possible to break. In other words, not worth the time to someone.

@gray

We found that the software would encrypt the file as a new file and delete the old files. Using software like recuva could recover most of your files.

That is interesting. Nothing is ever deleted by an OS.All go back to the DOS days.Only the first character of a filename is removed . That only changes the pointers on the HDD to the file.The file is still there intact if you have an application to find it. Add the first character back to the file , and voila. Back again.

I swear my son got ransomware. The screen came on to call the number and pay money. We couldn't click on anything on the screen or do control alt delete, nothing was working. I forced the shut down, turned it back on and then did malware bytes. After that it worked fine. I have no clue what happened.

a reply to: ckhk3

If it happens again simply hit ctrl/alt/delete and open task manager, right click on the browser app and end the task before forcing or initiating a shut down provided of course ctrl/alt/delete functions. The reason being shutting down the system can actually help this form of malware initiate.

Just wondering when you turned the system back on and ran Malwarebytes did it return any anomalous results?

Possibly worth considering also installing Superantispyware.

a reply to: andy06shake

Yes, it had about 350. My son didn't listen and believed that where he was going was safe, he is now banned from the computer so I don't think we'll be getting any more of that.

a reply to: ckhk3

Good luck banned him from using your computer, if he is anything like my own two children he will always find a way or excuse.

Could always try using some form of parental control software in an attempt to retard his browsing habits.

Rule of thumb, Torrent sites, Porn sites and even email attachments can and do sometimes contain malware.

www.pcworld.com...

The above link seems quite informative.

a reply to: andy06shake

He has his own comp, so I know that he is the one not being safe. He doesn't use email, porn, or torrent sites. He's really into games like roadblocks so I believe that he's googling and clicking on fake websites to which he ends up getting a massive amount of viruses and malware.
Thanks for the link, that's helpful. I haven't used parental controls yet, but I'm going to look into it. Might as well since my children are young and we have many more years ahead of us with them using computers.

a reply to: ckhk3

Forgot about those children's game sites, yes they are loaded with popups and malware. Even more so because our little ones are incapable or unskilled in being able to derive or distinguish their most obvious malicious intent.

Education is the key, because lets face it we are never going to be able to stop our children from accessing game sites.

Don't know how many times i have had to do a clean windows install on my 9 year old girls laptop because she has had the device so loaded with so much malware that the thing refuses to do anything other than turn on.

Bit of advice on that score, i would severely limit and/or retard there ability to access the home network or its not just there system that's at risk.

a reply to: Quantum12

Just found a new contestant on a machine at work today, found it before the user could execute. This one is neat to say the least, VC9 macro embedded into a word doc that launches ASM and replaces winsock, shell32 , ole32, user32, gdi32, and a few others. Encrypts data and transmits key to C&C server via a hacked version of zmodem over an emulated serial device in winsock.

Neat part is this one looks like even if you pay the ransom, they retain control over the system to use in a bot net type of setup.

Hi. My solution is very simple: once a month I do a backup of the hard drive. Also on my computer installed this program myspybot.com...

problems with malware is not! ))))

Sophos will stop and even remove the encryption caused by ransomware (their Intercept X product). It sees the encryption of files.. will stop it.. check.. remove the virus.. reverse the encryption on files that were encrypted. I got it for our computers, since ransomware is a big deal right now.

Even without a product that can do that, you can still often beat encrypted files. As long as your system restore is on (and it should always be on), just right-click on say, the documents folder.. and you can restore it to a previous version. I've done this for multiple computers in my last two companies, and recovered all data on laptops. For network shares.. shadowcopy.. backups.. don't NOT have a backup plan. : )

You may be out of luck if the virus payload included turning off the system restore.. usually that won't even take effect until after a reboot, so if you notice.. do a system restore immediately. Although I have had a few people that even with weird popups and encrypted files, have rebooted their computer like.. 17 times, embedding the virus so firmly onto their laptop, it is like they just dumped a bag of wet cement into their laptop. Nuke is usually the only fix then.