Main Area and Open Discussion > Living Room

Be prepared against ransomware viruses..

<< < (3/15) > >>

mouser:
Only the file extensions changed!? So MouserRulez.txt becomes MouserRulez.zzx? Was the content still there, so if you as a test manually changed it back, it would reappear?
--- End quote ---


no no. the extension change is just a symptom, the actual file contents are strongly encrypted -- so there is no way to retrieve the contents without being told (by paying the culprit) the secure passphrase used.

For more information see http://www.2-viruses.com/cbt-locker-ransomware-or-how-to-decrypt-encrypted-files

Stoic Joker:
I wonder if there's a really simple way to save all your files in an unusual fashion that the computer can read quite easily normally, but then the malware virus can't find them properly and tanks.-TaoPhoenix (June 27, 2015, 07:37 AM)
--- End quote ---

Run an automated backup that uses a UNC path to a hidden network share, that you user account does not have file/share permission to access. Run the backup job (it's just a scheduled task) under the context of an account that can access said share.


Side note: Wasn't there a thread here just recently about a new group of Crypo Virus rescue utilities?

xtabber:
There is some frequently updated information on the Microsoft Malware Protection Center about ransomware, including which types are currently most active and recommendations about dealing with certain specific ones.

Some of the older ransomware can be defeated, although most of the newer ones cannot. Nonetheless, before panicking, you should try to find out as much as possible about exactly what you are dealing with and follow up on any information you can get about it.

xtabber:
I wonder if there's a really simple way to save all your files in an unusual fashion that the computer can read quite easily normally, but then the malware virus can't find them properly and tanks.
-TaoPhoenix (June 27, 2015, 07:37 AM)
--- End quote ---
Cryptoware cannot encrypt everything since that would simply disable the victim's computer. Instead, it targets specific file types that are associated with documents, media and other data.

All the cryptoware I am aware of uses file extensions to determine the files it will encrypt, which means there is in fact a simple way to protect most data:

Use 7-Zip, RAR, or some such program to create an encrypted archive of the files you want to protect, then change the extension to something not likely to be targeted.   Cryptoware will not target .exe or .dll files since that might disable the system, but something like .cryptic is likely to be just as good.  The archive should be in some format like rar or 7z that provides good security and is less likely than zip to be identifiable by a header scan, if the bad guys get a little more ambitious about identifying data.

TaoPhoenix:
I wonder if there's a really simple way to save all your files in an unusual fashion that the computer can read quite easily normally, but then the malware virus can't find them properly and tanks.
-TaoPhoenix (June 27, 2015, 07:37 AM)
--- End quote ---
Cryptoware cannot encrypt everything since that would simply disable the victim's computer. Instead, it targets specific file types that are associated with documents, media and other data.

All the cryptoware I am aware of uses file extensions to determine the files it will encrypt, which means there is in fact a simple way to protect most data:

Use 7-Zip, RAR, or some such program to create an encrypted archive of the files you want to protect, then change the extension to something not likely to be targeted.   Cryptoware will not target .exe or .dll files since that might disable the system, but something like .cryptic is likely to be just as good.  The archive should be in some format like rar or 7z that provides good security and is less likely than zip to be identifiable by a header scan, if the bad guys get a little more ambitious about identifying data.
-xtabber (June 27, 2015, 11:12 AM)
--- End quote ---

This is close to what I was after, as a part.

To me an interesting next step is a plugin for something (if not Word, what about LibreOffice or something?) that just chains the compression utility into the native "save" command of the software, so maybe with a few more seconds, your document is always saved and loaded from compressed form?

Navigation

[0] Message Index

[#] Next page

[*] Previous page