Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 07, 2016, 08:01:59 PM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Last post Author Topic: Be prepared against ransomware viruses..  (Read 14364 times)

Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,715
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #50 on: April 21, 2016, 06:09:11 PM »
Interesting to read that there is no real decryption, just the use of backup and other solutions to recover files !

I think there is a real decryption if you pay the ransom. But if you don't pay the ransom, you don't get the encryption key and therefore you can't really decrypt anything. So you have to restore from backups.


MerleOne

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 949
  • 4D thinking
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #51 on: April 22, 2016, 02:59:21 AM »
Interesting to read that there is no real decryption, just the use of backup and other solutions to recover files !

I think there is a real decryption if you pay the ransom. But if you don't pay the ransom, you don't get the encryption key and therefore you can't really decrypt anything. So you have to restore from backups.
Yes, that's what I meant, I like for instance the trick that consists in using Windows System Restore features to recover previous versions of files. Provided SR is activated and running...
.merle1.

Stoic Joker

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 6,296
    • View Profile
    • www.StoicJoker.com
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #52 on: April 22, 2016, 06:51:58 AM »
Many of the ransomware variants actively destroy/encrypt any backups they can find - and they look - so this isn't a magic bullet of any kind. You would need a backup that was offline at the time of the infection for this to be a complete solution.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,099
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #53 on: April 23, 2016, 07:01:25 PM »
Although a bit far fetched for some...but I have no trouble imagining data stored in your cloud solution could be affected by such a virus/malware too, especially when you use the syncing capabilities provided by your cloud solution.

As Stoic Joker said...there is no substitute for an offline backup (at the time of infection). 

holt

  • Member
  • Joined in 2015
  • **
  • Posts: 163
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #54 on: April 25, 2016, 12:56:57 AM »
I have the paid version of cryptoprevent; "CryptoPrevent is an Anti-Virus/Security Software Supplement, originally designed to prevent infection from the CryptoLocker threat which emerged in late 2013. Since that time, CryptoPrevent has grown into a robust solution, providing protection against a wide range of ransomware and other malware.

CryptoPrevent doesn’t stop there.  We are continuing development efforts to expand the software into something more than just a ‘security’ solution."
"This is the best bad idea we have, sir. By far." (cf. 'Argo'.)

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 679
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #55 on: April 25, 2016, 05:24:49 AM »
I have the paid version of cryptoprevent

Me too. Family pack, on everyone's PC.

That said I've installed the free version on a number of, shall we say, "historically proven at risk users", thinking that any help at all these types can get is good. :-)
vi vi vi - editor of the beast

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,410
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #56 on: April 25, 2016, 09:37:00 AM »
Quote
"historically proven at risk users"
;D

CWuestefeld

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,002
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #57 on: April 25, 2016, 01:03:01 PM »
CryptoPrevent has grown into a robust solution, providing protection against a wide range of ransomware and other malware.
Interesting. I tried (and paid for!) WinAntiRansom, but am completely underwhelmed by it - since it only protects a single directory tree, it's not very useful for how I use my system. But I can't find any real info on CryptoPrevent to determine if it would be any better. Anybody have a link to more details?

mwb1100

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,522
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #58 on: April 25, 2016, 06:44:31 PM »
But I can't find any real info on CryptoPrevent to determine if it would be any better.

I also have a hard time understanding how the product works or exactly what it does from reading the website.

x16wda

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 679
  • what am I doing in this handbasket?
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #59 on: April 25, 2016, 07:34:35 PM »
The basics of what it does is prevent things from running from strange places - like temp folders, etc - and also prevents some sensitive utilities (like vssadmin that could delete all your shadow copies) from running. The pay-for add-on is I think a signature service but I'm not completely clear on exactly what it does - it likely has known-good and known-bad lists. In an enterprise you could do a lot of this with group policy and file server management tools, but CryptoPrevent is more flexible and quick to manage if need be, and it works fine on non-domain-joined computers.
vi vi vi - editor of the beast

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,769
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #60 on: April 29, 2016, 04:18:53 AM »
I love how people try to circumvent their own stupidity ("oh, a file attachment / a suddenly visible link / ..., I must open it!") with software. What could go wrong?
Obviously, stupidity makes a good market.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #61 on: April 29, 2016, 06:25:55 AM »
I love how people try to circumvent their own stupidity ("oh, a file attachment / a suddenly visible link / ..., I must open it!") with software. What could go wrong?
Obviously, stupidity makes a good market.
Sometimes it comes in the lovely package of drive-by exploits.
Sometimes it comes in tailor-made spear-phishing campaigns.

Often, you talk out of your ass.
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,769
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #62 on: April 29, 2016, 06:31:59 AM »
Often, you talk out of your ass.

That's, actually, disgusting.

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,029
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #63 on: April 29, 2016, 06:38:48 AM »
Often, you talk out of your ass.
That's, actually, disgusting.
You might want to take that to heart.
- carpe noctem

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,769
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #64 on: April 29, 2016, 06:42:53 AM »
No.

mouser

  • First Author
  • Administrator
  • Joined in 2005
  • *****
  • Posts: 36,410
    • View Profile
    • Mouser's Software Zone on DonationCoder.com
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #65 on: April 29, 2016, 10:07:18 AM »
It's friday guys, think positive thoughts!

Tuxman

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 1,769
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #66 on: April 29, 2016, 11:00:18 AM »
In this case, I'm positive that it's disgusting.

terribleterryc

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 16
  • Mile High Denver
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #67 on: October 06, 2016, 09:58:38 PM »
I do not find any information on dealing with ransomware once it is installed. There are no posts (on donation coder or any search engines ) of ransomware being sophisticated enough to lock up keyboard at bios and backup bios level.  Without keyboard I cannot navigate bios and run any repair disks.    I removed battery for two days since there are no longer pins to short and now am getting blank screen.  Motherboard Gigabyte GA-990FXA-UD3.  Win 7 64.  I am behind NAT router and had stopped running spyware, AWG etc.  Only Windows Defender.  Hate to admit it but because of VERY unusual circumstances I granted remote control w/o realizing it.  Yeh.  Dumb, dumb, dumb! Any ideas?

oblivion

  • Supporting Member
  • Joined in 2010
  • **
  • Posts: 399
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #68 on: October 07, 2016, 01:42:13 AM »
I do not find any information on dealing with ransomware once it is installed.
TechSupportAlert recently suggested https://www.nomoreransom.org/ but I personally don't have any helpful experience.
-- bests, Tim

...this space unintentionally left blank.

MerleOne

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 949
  • 4D thinking
    • View Profile
    • Read more about this member.
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #69 on: October 07, 2016, 02:04:37 AM »
Emsisoft also claims to have several antiransomware tools (post attack)...
.merle1.

Shades

  • Member
  • Joined in 2006
  • **
  • Posts: 2,099
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #70 on: October 07, 2016, 08:08:26 AM »
I do not find any information on dealing with ransomware once it is installed. There are no posts (on donation coder or any search engines ) of ransomware being sophisticated enough to lock up keyboard at bios and backup bios level.  Without keyboard I cannot navigate bios and run any repair disks.    I removed battery for two days since there are no longer pins to short and now am getting blank screen.  Motherboard Gigabyte GA-990FXA-UD3.  Win 7 64.  I am behind NAT router and had stopped running spyware, AWG etc.  Only Windows Defender.  Hate to admit it but because of VERY unusual circumstances I granted remote control w/o realizing it.  Yeh.  Dumb, dumb, dumb! Any ideas?


General advice:
- Getting a replacement EPROM chip for the BIOS on your motherboard and replace the current chip with the new one. Preferably the new chip has a patched version of BIOS in it that makes it more resilient.
- Getting a replacement motherboard, if you don't know or can't find out the extend of the compromised hard/software (in case you are handling very 'need to know' software and info on this PC).
- Getting a replacement hard disk, if you don't know or can't find out the extend of the compromised hard/software (in case you are handling very 'need to know' software and info on this PC).
- Preferably use the same make and models of the hardware you replace, to have the least of problems with your Windows license. And install Windows from uncomprimisable boot media such as a read-only DVD.

Specific advice:
The Gigabyte motherboard has a dual bios according to this image, so in principal there should be a spare already available. Older/cheaper boards with 2 BIOSes on board often came with a jumper that prevented writing to at least one of these BIOSes. I didn't see such jumpers (after a quick glance) on your motherboard.

If your computer doesn't beep after you turn it on (does it have a little piezoelectric one?) and you are quite confident your hardware isn't at fault, what you could try, is to "make" your board "squeal". With that I mean to remove all video cards connected, then turn the system on, hear it beep and turn it off again. Reconnect one video card and turn the system on. It should show video again.

By making a mis-configuration on purpose, BIOS and such are resetting themselves, especially in systems that take most of that type of configuration automagically.

It might also be prudent to blow through the video card connector of your motherboard and/or use a piece of paper (what you use to print on), fold it between two fingers and wipe a few times over the part of the video card that slides into the connector of the motherboard. Printer paper (without any ink) is mildly abrasive at best, so you don't have to worry about damaging your video card this way. It will remove whatever smudge that has been collected over time. And there is always more smudge on it than you think or expect. Repeat for every other expansion card you might have.

You also stated that you removed the battery for several days. This can mess up the motherboard configuration. How old is this battery? Less than 4 years or older? When it is older, just replace it. If it isn't, check if the voltage is sufficient for use on your motherboard. Replace when necessary.


terribleterryc

  • Supporting Member
  • Joined in 2007
  • **
  • default avatar
  • Posts: 16
  • Mile High Denver
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #71 on: October 07, 2016, 10:17:11 AM »
Thanks for all the tips and info.  I have tried most of them.  I do not think that BIOS chips are replaceable such as they were in past on my Fatality board.  I do not think that my beeper is hooked up.  It is Antec case so probably has one.  I will check.  Mobo fan starts and then stops so I have replacement coming in 2 days.  Will get new battery, clean video card and remove second card, hook up one monitor, keyboard and mouse maybe.  There is the old type keyboard plug in option on this board so I may try that.  Will update in several days after replacement fan comes.  Thanks again.

Curt

  • Supporting Member
  • Joined in 2006
  • **
  • Posts: 7,091
    • View Profile
    • Donate to Member
Re: Be prepared against ransomware viruses..
« Reply #72 on: November 17, 2016, 02:29:15 PM »
Quote from: winpatrol.com
Black Friday Lifetime License Sale

Lifetime Licenses, WinAntiRansom, WinPrivacy, WinPatrol. Ransomware, Zero Day Threat, Malware Protection – WinPatrol - https://www.winpatrol.com/lifetime/#ultimate