The Cellar  

Go Back   The Cellar > Main > Technology

Technology Computing, programming, science, electronics, telecommunications, etc.

Reply
 
Thread Tools Display Modes
Old 04-14-2014, 11:28 AM   #1
lumberjim
I can hear my ears
 
Join Date: Oct 2003
Posts: 25,571
HOW_DECRYPT ransom ware on my work networked computer

halp
__________________
This body holding me reminds me of my own mortality
Embrace this moment, remember
We are eternal, all this pain is an illusion ~MJKeenan
lumberjim is offline   Reply With Quote
Old 04-14-2014, 12:53 PM   #2
lumberjim
I can hear my ears
 
Join Date: Oct 2003
Posts: 25,571
CryptoDefense

this seems to be quite serious. What I can find says there is no quick fix. best to pay them. $500!

It appears to have entered via one computer, and gotten into the shared folder because the person who got infected had that file folder open at the time. It has not spread further, as far as i can tell... that shared folder happens to live on MY computer. I unshared that folder as soon as i knew about this.... but the files that were in there my be hosed.

We're trying to isolate the location at this point.

this site is all over this... but I'm not encouraged by what I've read.
__________________
This body holding me reminds me of my own mortality
Embrace this moment, remember
We are eternal, all this pain is an illusion ~MJKeenan
lumberjim is offline   Reply With Quote
Old 04-14-2014, 01:15 PM   #3
glatt
 
Join Date: Jul 2003
Location: Arlington, VA
Posts: 27,717
Sorry man, that sucks. Fuckers.
glatt is offline   Reply With Quote
Old 04-14-2014, 01:49 PM   #4
richlevy
King Of Wishful Thinking
 
Join Date: Jan 2001
Location: Philadelphia Suburbs
Posts: 6,669
Quote:
Originally Posted by lumberjim View Post
this site is all over this... but I'm not encouraged by what I've read.
Hate to say it, but I'm too paranoid to open a link to a webpage about virus removal because of the possibility that it might be designed or hacked to deliver a virus.

Then again...

Quote:
“Paranoid? Probably. But just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face.”
Jim Butcher, Storm Front
Quote:
“Just because you're paranoid doesn't mean they aren't after you”
Joseph Heller, Catch-22
Quote:
“Strange how paranoia can link up with reality now and then.”
Philip K. Dick, A Scanner Darkly
Quote:
“Paranoia is just having the right information.”
William S. Burroughs
From goodreads.com
__________________
Exercise your rights and remember your obligations - VOTE!
I have always believed that hope is that stubborn thing inside us that insists, despite all the evidence to the contrary, that something better awaits us so long as we have the courage to keep reaching, to keep working, to keep fighting. -- Barack Hussein Obama
richlevy is offline   Reply With Quote
Old 04-14-2014, 08:38 PM   #5
tw
Read? I only know how to write.
 
Join Date: Jan 2001
Posts: 11,933
Quote:
Originally Posted by lumberjim View Post
It appears to have entered via one computer, and gotten into the shared folder because the person who got infected had that file folder open at the time.
Not exactly. Does not matter if he had the folder (directory) open or closed. What matters is what files in that folder (directory) have been compromised AND that you have accessed.

For example, a .JPG file contains code that tells a .JPG image display program how to operate. Malware simply contaminates the instructions so that a .JPG image display program does malware damage to your computer.

Other files that can contaminate you machine include script files (ie *.js or *.vbs), programs (ie *.com, *.exe or *.cmd), Office documents with macros (ie *.doc or *.xls), or executable internet files (ie *.html). Once you have downloaded that file, programs on your computer, unfortunately, do what they are instructied to do - execute malware inside that file.

Programs that do not execute 'macro' or other subprograms (ie EDIT, NOTEPAD) cannot (should not) load malware from the data file. Those simple programs only display per ASCII text; do not execute script files, programs, or macros.

A situation where files are encrypted with a key is described. Windows even does this in Wndows Eplorer. Simply view your many directories (folders). Right click and select Security and Sharing. You can have Windows encrypt files in that directory. The difference is that Windows knows its encryption key (unique to that user). You must pay a malware creator $500 to obtain his key.

Once some irresponsible user downloads a malware data file into your network, then appreciate what happpens with others who read/ accept that same file (ie via a shared directory (folder)). Like a medevil fort, a defense from invasion is only as good as the weakest point in the fort's stone walls. However layers of defense can be added by each computer executing better malware software and periodically exeucting the maybe 4 or 8 hour comprehensive (ie full scan) option.

Anti-malware software is not a perfect solution. But more users are ony using Windows Security Essentials or Windows Defender as if that is good enough. Better (cought) malware actually cuts right through it. Executing the 'full scan' option even on Security Essentials or Defender may at least identify malware after damage has been done. At least you know you have been comromised. If you are not doing that minimumal 4-8 hour scan, then you are probably a greatest threat to your local network.

Another 'hole' are many freeware sites that now want you to download their file downloading software. Made obvious by inferior ASK.com search engine that suddenly appears. Or modifications to a home page in IE, Chrome, or Firefox. Nobody needs a downloading program. As in nobody in all capital letters. Best one is already inside your machine. Those downloading file programs are sometimes malware. So widespread that you must assume all are malware. Only download program you need is one that is provided by and automatically executes in with your browser (not one that is an extension or add-on). Even the ones that claim to automatically un-zip files - almost but not quite as bad as trojans, worms and viruses.

Even more responsible web sites have become potenially 'contaminated'. For example, even CNET wants to download a special downloading program that is a perfect back door to contaminate your machine and all others on your local network. Unlike most, CNET does offer a way to use the old, proven, and safe File Transfer procedure. But you must look carefully for that safe download option. It is no longer obvious or apparent. And yes - I believe this new threat is new and unknown to almost everyone here.

Sites that provide free software do not have knowledge and money to confirm that file download software is safe. File transfer software standard in Chrome or IE is safer. But if anyone on your local network does not know / learn that, then you are potentially screwed.

Paranoia is the relevant word. Ignorance of what should be obvious is a reason to fear.

Last edited by tw; 04-14-2014 at 08:53 PM.
tw is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

All times are GMT -5. The time now is 04:40 AM.


Powered by: vBulletin Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.