ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Massive malvertising campaign on Yahoo, AOL and other sites delivers ransomware

<< < (2/4) > >>

rgdot:
Actually I would feel more secure getting the program from Softpedia or FileHippo than the author's site. Certainly when it comes to bigger software like Avast for example.

app103:
And people call me a douche or cheap ass for using ad blocking software. Pfft. Yeah, that's one of the reasons why I run it and never click on ads.
-Renegade (October 24, 2014, 08:17 AM)
--- End quote ---

^^ This!  (except Project Wonderful. They are an ok ad network.  :Thmbsup:)

40hz:
It's generally a good idea to only download directly from the app publisher's website. If you get bounced over to CNet or another 3rd party software aggregation host, think twice. (If you're using a lot of free software, this is now happening with increasing regularity.) Same for any popup upgrade notifications. Always upgrade from inside the app if at all possible. If there isn't an upgrade/"check for update" feature in the app itself, go to the publisher's website. If you're redirected to anywhere other than one of the publisher's websites, go back to the beginning of this post and read again.
 

   ;)

x16wda:
-Not sure if Derik's will do same to any thumb drives, but it's worth considering.
-bit (October 24, 2014, 09:06 AM)
--- End quote ---

Yes, I once did an Autonuke after booting from the thumb drive and proved that it wipes everything.  ;D

The latest Cryptowall variants are mean. They encrypt a random number of files from most, but not all, folders they have access to, then they reset the file date stamp back so you can't tell as easily what has been hosed. I think our company has handled 6 instances for our customers in the last two weeks, 3 from the same client (different locations), one of which entailed an all-nighter since I was the 3rd level on call. In most cases we can't identify the person who was actually hit - whoever it was never spoke up, we ended up finding out when a file wouldn't open, and find the DECRYPT_INSTRUCTION.txt files.

On the plus side it's a good way to verify that your backup system is working.  :P

Given what I've seen, I'm writing something to at least detect this early, kick out a ticket, and try to grab enough info to see who is causing it. The all-nighter instance was due to a process that ran for almost 24 hours, would have been a lot easier if we saw it sooner. That's my weekend project. That won't get finished over the weekend <sigh>.

4wd:
What I would do if hit with something like this, is;
-Shut down.
...
-bit (October 24, 2014, 09:06 AM)
--- End quote ---

Fail ... That is what they want you to do.-Stoic Joker (October 24, 2014, 11:50 AM)
--- End quote ---

I think if you take it in the context it was given, ie. prelude to wiping all HDDs from read-only media, then the methodology is fine.

However, if you were to power on the system after the shutdown in the hopes that it would come up on the original OS OK ... then you may have a problem.

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version