ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Be prepared against ransomware viruses..

<< < (2/15) > >>

People keep saying they "uninstall Java", but then when I do stuff like that now and then (I can't remember very many specific examples at the moment) specific things say they need Java, so I have to put it back.
-TaoPhoenix (June 27, 2015, 07:29 AM)
--- End quote ---

I lasted a long time without it - but had the same experience: eventually something needed it, so I reinstalled it. (Here's where I wish I kept a  record of changes made to the system - and why they were made: I already cant remember why I reinstalled it... :-/ )

My only encounter with it thus far it came in as an email attachment. A fake PDF that was actually executable and would install malware.

Though in my case I would have survived it just fine. It would have of course encrypted the main network shares on the server, but backups of those shares are taken daily via rsync to another box and then only offered up as read-only so if I need to retrieve something I can.

Still hard to believe anyone would actually send a payment, but a lot of people would have no clue what to do about it and wouldn't want to lose their stuff.

...whoever wrote malware like this should be executed by firing squad.

I got a call a couple of days ago from a relative in a panic -- all of their documents, images, etc. suddenly had new random file extensions and could not be opened.  Did I know what had happened and how to fix it?

Unfortunately it was all too obvious what had happened and there was no easy fix.
-mouser (June 26, 2015, 06:48 PM)
--- End quote ---

Hmm, you're pretty accurate so something here is intriguing me. Only the file extensions changed!? So MouserRulez.txt becomes MouserRulez.zzx? Was the content still there, so if you as a test manually changed it back, it would reappear?

Clearly that's not practical manually, but it was a test. Because if that's all the prog did, I'm thinking something like a Directory Read would have a complete list of every file including the file names, and you could run a program/script just to switch them all back.

However, if what it really means was that it's "encrypted for real, and just happens to have a new file ext", then back to your main point.

As the arms race is getting worse, it's making me wonder if there's ever room for really sideways low-tek additional aids, (certainly only a third line level defense!), using odd tricks that the run of the mill malware programs might not catch. The funniest one I ever did was eons ago when I renamed a file called by a virus to pull up MS Notepad! : )

So translated to this, I wonder if there's a really simple way to save all your files in an unusual fashion that the computer can read quite easily normally, but then the malware virus can't find them properly and tanks.

While there are lots of things you can do to protect yourself from being attacked, one thing all of us who regularly make backups should do is keep external backup drives DISCONNECTED except when being used to update our backups.
-mouser (June 26, 2015, 06:48 PM)
--- End quote ---

I like to keep more than one set of backups (so at any time there is at least one set offline) -- though one set is older than the other.

Perhaps it would also be good to verify that the just-made backups are sound -- and possibly on a different machine (but for many set-ups, may be that's not so practical).  Non-restorable backups don't seem so useful...

After backing up, I disconnect the source drive (so it's now a backup) and start using the drive that's just been backed up to.

A personal additional note.
There are not ransomware only: I also fear the theft of my computer and its peripherals. This is why I do backups even in USB keys and then I wear them when I leave my house. I feel me rather safe from ransomware and thieves too.
(an alternative is the "cloud" of course, but I don't like it)


[0] Message Index

[#] Next page

[*] Previous page

Go to full version