So.... I came home one day after visiting a Russian website... That was fine. I clicked a few funnny/informational links. nothing big. But... When I woke up, I noticed my homepage was the same Russian website... no big deal. Reset defaults. No bug in the system. Everything was clean. No registry changes. Well... I get home to watch netflix... While I am sitting here.... My computer starts talking to me saying Every file, besides hidden and system files and some executables have been encrypted... I paid no mind until I minimized chrome.... Everything... My external... my ssd... over 30,000 files have been encrypted. They ask for 1.25 bitcoins. Those of you who dont know, that can vary from $500-$600 for the software and code to decrypt. I have researched extensivly. talked to virus professionals. They all told me to back it up and maybe in a few years we can figure it out... If I don't pay in 6 days, it will be double the price. I am paying them to unlock my files. Absolute nonsense. Backup everything. As most of you probably do.... but keep it on a network... not a good idea. It deleted every backup I had on any network. It changes code and network access to infect any computer connected to it. I am in the process of recovering everything. 80% done and I can see the files. Once complete, I have a USB linux boot that I am going to install and use for my personal OS. The Ransomware cant infect anything on linux... only windows. So... Long story short... if you dont wanna pay $5-600 please.... BAackup and leave it offline.
-
I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...
New, increasing popular virus...
- Thread starter Kwiksigns
- Start date
Please tell me how... PLEASE!!!
WildWestDesigns
Active Member
As an ardent Linux user, that is not true at all. Ransomware has known to infect Windows, Mac (yes that's right) and Linux. Your odds might be higher with Windows versus the other 2, but the other 2 have been known to be infected. Just recently a zero day has been found with the Flash plugin that has been known to affect all OSs.
Also about this time last year, there was an issue with PDF reading within a web browser, this was also used as a vector for all kinds of goodies on Linux. Don't go thinking that Linux is totally immune.
If you want total security, stay offline, that is the only way to insure safety from this nonsense.
Also to go back to your network comment. Rather it's mapped or not mapped on a system, it can still be infected as long as the infected computer has access to it over the network. Also, even if a Linux system isn't infected with that specific virus, it can still infect your servers. Since I don't have any Win machines that have direct access (only through VMs within the Linux system), I have disabled all Windows sharing access. While that isn't 100%, it does help (if only as a mental placebo).
visual800
Active Member
this was posted a week or so ago on another virus........I had a friend had something similiar and I tried to remove while his machine was on. however it came back again.
I them took his harddrive OUT of his comp and placed it in my hard drive reader and really was able to get in there and remove it all, it took some time. I used ccleaner, malwarebytes and hijack this programs. Did a registry search and removed tons of little hidden gems all over, it was a nasty little virus. It plants its little seeds all over the damn place.
The one thing that hurts people getting these off is that the machine is running and your just spinning wheels trying to "work" around it. I have been brought machine that people carried to Best Buy and they had no luck removing. Not bragging just saying its common sense. you cant fight the flu when your working or running around lol
the device I have for reading hardwrives is the thermaltake BlackX
WildWestDesigns
Active Member
Once the GUI, which Windows seems to only be, loads up, it locks the ability to remove some things while it's running. When we used to be able to boot into MS Dos mode, it allowed better access to remove things.
One of the nice things I like about Linux, is that you are able to boot into a headless mode that allows for this as well (plus in Fedora, that's the only way to get Nvidia Drivers installed (what a pain)).
What do they show up as in the registry? Is CCleaner safe to use as a general registry cleaner?
I feel lucky not to have gotten randsomwear...
Hello, im new here, ive been reading for awhile, and thought i could chime in here. I have been in the computer business for 15 years now. I first ran into a virus like this last year, and have seen it a handful of times since.
This particular virus is nasty, its not as simple to get rid of, its real RSA-2048 bit encryption, the only way to decrypt your files is to use the decrypt key, which is uploaded to the ransomware servers. Once its deleted your files are lost for good. I believe they are calling it crypto wall 3.0.
You do have a chance to get your files back, but its slim. Once the virus has finished scanning your files it infects your exes so that when you start something up, it will attempt to delete your shadow copies. Which are backups of your files. It is not always successful in deleting the shadow copy.
You will need to remove Crypto wall 3.0, using malwarebytes, hitman pro, and superantispyware. Once thats done, you can try to use a program called Shadow Explorer to recover your files. You may have to take the hard drive out, and use another computer to do this, your file associations are most likely corrupt. You can also attempt to use a live cd to boot into.
You should really get in the habit of backing up your files to an external hard drive, not a thumb drive. and disconnecting it from your computer.
I hope i didnt offend anyone by jumping in here, but i just wanted to point out, its not a typical virus, ive removed every virus ive came across over the years, this is the one that i could not, and still today after lots of research, its still not possible.
Good luck,
Jeremy
Fred Weiss
Merchant Member
I am currently copying my LAN backups from the external USB drive where they are regularly saved to a new 4 TB USB drive ($129 at Office Depot) which will be disconnected after completion. In addition, to reduce the size of my backups, I have also moved a ton of files that are rarely used to this same drive.
wish it was... the rest of them are like you said, easy to get rid of, i dont even try to get rid of them anymore, i just save the customers files, and put it back to factory. The end result is a much happier customer.
I also wanted to add, like WildWestDesigns pointed out, linux, mac and other operating systems aren't immune to this, they usually aren't targeted. I like to explain it like this... It's not that you can't put a cummins diesel in a ford or Chevy, because you can, its just not worth the time and money invested for the amount of gain your going to get.
The user base for Linux and mac and other operating systems are tiny in comparisons to the user base of the millions of windows users. They simply just target the bigger target because it offers the best return on their investment.
WildWestDesigns
Active Member
Destroked Ford was a popular kit during the 6.0 PSD days. I think a lot a 6.0L PSD owners would say that kit was worth it to avoid the TTY bolts stretching. I had a Cummins truck once though. Boy did it love to leak oil.
Although I was probably one of the few happy 6.0 owners out there. 508HP at the rear wheels (all 4 of them). But I digress.
visual800
Active Member
WildWestDesigns
Active Member
You might want to think about making ISOs of your CD/DVDs and storing them on hard drives. Far more stable of a storage medium then CD/DVDs. Although I still keep the optical disks that I have for Win98, Win7 and Win 8, I have ISOs of all of them and actually use the ISOs. If you need to, you can burn them back to a disk (most disk burning software have this ability, some can even make ISOs bootable (which is what I do to run the Win OSs in VMs)).
Now, if you buy store bought computers, not quite as easy to get disks anymore. I think they stopped doing that with Vista. They used to have a second drive (or atleast a second partition) for you to make your own recovery disks, but you had to do that yourself.
Most people didn't have their os cd's back then, but even the ones that did, i didnt use them (their disks were usually old sp2). I had updated xp disks for every version out there, just a matter of looking at their COA sticker to see what version they had installed, save their personal files, wipe and reinstall.
All new computers come with a recovery partition, since vista came out. Some are visible, some are not... but they all have them from the factory, unless they are custom builds. This actually made my job a lot easier, because the drivers were already installed, it cut the reload process down time wise. In the xp days, i saved the drivers, but in more cases then not, the drivers were corrupt and id have to go searching for them. Dell was great for drivers, because they have a ID number you put in on their site, and it shows all the drivers for that computer.
Again, great advise from WildWestDesigns, not a bad idea to have iso's of your software disks.
WildWestDesigns
Active Member
I think there is a double whammy for Window users as well.
Not only is the target base greater, but typically most Windows users use the first account that's created during the install process. What most Window users don't realize is that the first account created in Windows is the root/super user/power user. Not really the account that you want to be using all the time during the day to day operations of the computer. And they tend not to make it a password protected account. I think even when Windows tried to start getting more people to make it a protected account with Vista, that was one of the many sore points of that system (but I think towards the end Vista wasn't all that bad, providing you had plenty of resources).
So when people get these little delights on there systems, it's usually on an account that has full permissions on the computer. Now there are some malware on Linux devices that don't need root to still cause havoc, but I do believe that they aren't as many of those compared to the others (but I could be wrong).
There is a saying in one of the Linux forums that a user has in their siggy: "Windows assumes your stupid, Linux makes you prove it".
I think how Windows has done some things are a double edge sword that may have created more issues in the long run. Certainly has made more users "hostage" to their system. But that's just my opinion. Like I said, I'm a huge fan of Linux (all but 1 of my computers run a flavor of it), but I'm also not one of those die hards that believes it's Linux or nothing. I still run VMs of Windows with various software that do things better then their Linux counterparts (at least at this time). But as far as what's directly installed on my computers. I do think Linux is a far more robust system.
WildWestDesigns
Active Member
In Windows NT systems, you are required to have at least 1 admin account, or a regular account that can be elevated to a admin account using User Account Control. So in of itself it isn't a bad account. Just not one for day to day operations. Not in my opinion anyway.
Also, make sure not to have a blank password and always make it to where a password has to be entered for installing/removing programs etc. Don't necessarily have to have it require a password coming out of suspend unless you want to.