Go | New | Find | Notify | Tools | Reply |
eh-TEE-oh-clez |
Your software licenses should still work. Older software usually isn't sophisticated enough to phone the license key back to home base and mark them as used, instead they're algorithm based and the software just checks if the passkey is the right combination of variable characters. Newer software, like Windows and Office, are either tied to a user account or tied to the hardware with a digital entitlement. In my 25 years of using computers, and reformatting or building new computers every couple of years, I've never had to repurchase software. I never restore applications from backup, I always install fresh copies. | |||
|
Member |
Snip
For those of us running as an Admin, what should we be doing? Set up another account without admin rights I'm assuming, anything else? Thanks! Hell, is other people! J-P S | |||
|
Member |
YES! | |||
|
Oh stewardess, I speak jive. |
Exactly this. Disconnect computer from internet, clone drive/save data as needed, wipe and reinstall. I'd be done in an hour or three and not even 1min would be spent dorking around otherwise. Nothing they can do can stop or thwart this sort of brute force solution. | |||
|
Nullus Anxietas |
If you've already been running with Admin rights you must save your files, scrub the machine, reinstall from scratch, then scan the living bejesus out of your saved data before putting it back on the machine. Then create non-Admin-rights user accounts and restore your data. Why? Because a machine that's been run by end-users, using it for everyday tasks, including reading email and browsing the web, has a very high probability of being compromised without the user being any the wiser. The only way to be sure is "nuke and pave." "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Member |
Hard drives today are cheap, as in 1 TB for under 60 dollars cheap. Software to Clone Hard Drives is also inexpensive. BTW, I prefer Acronis and have been using it since 2010 or perhaps a bit earlier. So, what is a Cloned Hard Drive. It is a 100% EXACT copy of the hard drive in your computer and it only takes about 45 minutes to clone a hard drive with about 400 gb of data. Once you have the clone safely stored away if you get hit with ransomware all you do is replace the hard drive in your computer with that clone. If it's a 6 month old clone you'll have to wait around for 6 months of updates to your software but once that is done you are back in business with only 6 months of files lost. BTW, that is a hint to clone your primary hard drive at least once a month. If you have come back from a big vacation with a bunch of pictures then clone your hard drive once you have archived all your pictures. Now for the hardware needed to clone a hard drive conveniently. I use a Vantec IDE/SATA to USB 3.0 adapter. BTW it comes with a power supply to provide the 12V needed to operate an internal 3.5 inch HD as a USB drive. Cost for this adapter was something like 30 bucks at Microcenter. BTW, portable USB drives have also become rather inexpensive. Currently I have a 1TB portable I keep in my camera bag and that little drive has every single one of my pictures going back to the late 1980's. While I haven't even tried to turn on my Nikon Coolscan in over 10 years there was a time when I spent every free evening scanning slides and negatives. Summing it all up and there is no reason today to ever put yourself in a position where you have to pay these criminals one thin dime. So I would advise you not pay them anything at all. For one you will be supporting these criminals and encouraging them to continue blackmailing people. In addition if you do a bit of reading on the net you'll find that in a lot of cases people who do pay up never do get their files back. I've stopped counting. | |||
|
Baroque Bloke |
I just click the “Scan” button on the left side of the Malwarebytes control panel. I’m currently running Malwarebytes 3.0.3.433 on my old MacBook Air. Serious about crackers | |||
|
Baroque Bloke |
rduckwor - I’ve been trying to figure out why we see such different scan times for Malwarebytes. I run on a MacBook Air. Perhaps you run on a PC? Can’t think of anything else, except software version number. I reported my version in the post immediately above this one. Serious about crackers | |||
|
Member |
RansomWare is truly evil. Backups, air gap your backups, and keep a copy in one drive. Storage is cheap. You can have all the AV and all the Patches in the world but if someone comes up with something 'new' its over before it begins. The only 'secure' method is as others have suggested to create air gapped backups. In theory a backup in the cloud would probably be 'OK' as well as long as the infected machine couldn't right to the files in the cloud. For me there isn't much of anything 'important' on my PC. The photos I care about are on facebook or elsewhere. I might lose a couple of documents but they are probably in my Gmail e-mail archive anyways. FDisk, format re-install doo dah dooh dah. ------------------------- If not me then who? If not now then when? | |||
|
I'd rather have luck than skill any day |
I'm back. As it turns out, I had MS One Drive synchronizing library files, including photos. All is well. Thanks all for your suggestions. I learned valuable lesson; hope my experience has illustrated how serious a problem this is. The key is "air gap." | |||
|
Big Stack |
This would be something a company in the security business could do, but not likely an individual (unless they have significant skill in the area, and a lot of time.) Someone should be sniffing for for the virus files in the environment and capture them. They must contain both the encryption software and key. If a programmer with enough skill took apart the program, they'd have the key, and be able to sell the service to decrypt the files encrypted by the virus. The mooks who put these things together might use RSA, but I'd be a little surprised (it might be too slow for them.) | |||
|
Truth Seeker |
It sucks what you went through, but I am glad you are able to recover your files on your own. In hindsight is there anything you opened from an email or download you feel might have installed the ransomware? I appreciate you posting as I am changing how I backup after reading this and the suggestions. I have several hard drives in my system with one for the operating system and then separate drives for documents, media, and an internal backup drive. I have an external 6TB drive everything backs up to and I also use CrashPlan to backup to the cloud. I keep the external drive plugged in and it backs up new file changes every hour. I now realize I do not have the “air gap” so I have now unplugged the external drive. I will plug it in weekly to do a backup and then unplug it when it is finished and store it in my Gun safe. NRA Benefactor Life Member | |||
|
I'd rather have luck than skill any day |
No, I have no idea how or even when the malware infected the machine. I was not using it at the time it executed. I typically leave the machine on 24/7. There are times I like to remote access it from my office. My office was not affected, but we are evaluating our procedures there also. For the time being, we're going to do as some others here have recommended and backup to external drive and disconnect for safe keeping. Cloud backup for mission critical files daily. One Drive, Drop Box, Google it doesn't matter. It would be best if the process sync'd automatically. Ensigmatic listed out a rather elaborate backup process on the top of page 2. 1967Goat, is more knowledgeable than I, noted it's not safe practice to login with admin privileges or disable or reduce User Account Control Settings" below default settings. Yes, it may be an inconvenience sometimes, but it wouldn't allow wholesale encryption. | |||
|
Powered by Social Strata | Page 1 2 3 |
Please Wait. Your request is being processed... |