Thread: HEADS UP - Probable Computer Scam

Originally Posted by Chris Parks

I might ask a question here as there are a lot more network capable people that me and it is prompted by David's above post. Can the type of attack that locks a drive be passed onto network drives or is it always confined to the primary computer? Carrying on from that does it attack all drives in the primary computer or just the C drive?

We use Dropbox at work, which is basically a cloud based server. The boss (and thank goodness it was the boss and not one of us lowly workers) clicked on an email from "Australia Post" which downloaded a ransom virus. His PC was instantly affected and all files on the HD were encrypted. Dropbox then noticed that all his files had changed and uploaded all the encrypted files to the cloud and started updating everybody's computers with the changed files. Luckily there were a lot of files and it took a while. This all happens in the background so it wasn't noticed straight away. I saw a small notification that popped up in the taskbar saying that Dropbox was updating 6000 files or something ridiculous like that. I immediately stopped my dropbox sync and checked if everybody else was getting the same updates. They were. We paused the sync on all machines which limited the damage.
The boss's laptop was toast and had to be wiped. Luckily someone was away that day and didn't have their PC turned on so he had clean copies of all the affected files. The only things we weren't able to recover were personal files from the boss's computer that hadn't been uploaded to dropbox. And a few folders that the clean PC didn't have access to. It took us a couple of days to sort out the mess and cost a lot of money to get back into normal work mode.
Be very careful of what you click on.

I have had a few of those AP emails but having worked for them it was obviously a scam of some type so they got deleted.

Originally Posted by Cleokitty

Sorry for your friend. That emphasizes the need to have a Backup device and to back up regularly. That way you'll only lose whatever you did since the last backup. if your documents are really important have two back up devices in case one fails. Set one to back up automatically and do a manual backup from time to time on the other one. If you've got an older or spare computer you don't use to go on-line you can use that for a backup device, too, provided it has enough spare space.

Get advice from someone who knows what they're talking about. I don't know much about computers, but I do know to back up. Don't ask me how I know! It wasn't from downloading something bad, just a simple HD failure long ago, which can happen out of the blue. Western Digital or Seagate external HD's are available for less than 100.00. There are others such as Apple's Time Capsule but that is much pricier.

Yup - I told her about 321.

John

Originally Posted by DavidG

2. Setup a backup system. I run a network drive where all important files are stored. This drive is backed up at 2am every day to a drive which is not visible to normal users. This backup drive is mirrored monthly.

The new ransomware will encrypt any mounted drive including network mounts.

John

Originally Posted by NCArcher

We use Dropbox at work, which is basically a cloud based server.

Dropbox keeps backups of old files as well so you should be able to recover the unencrypted files.

John

Originally Posted by Yanis

The new ransomware will encrypt any mounted drive including network mounts.

John

For those who don't understand the term "mounted drive" ....If you have a drive letter for a drive it is mounted but can be unmounted in Windows if you wish. One of my NAS drives is mounted and one is powered off if I am not backing up too it. All this stuff requires extreme measures of protection that a lot of people don't have the resources or knowledge to implement. I spent about two hours last night reading about ransomware and I advise others to do the same and practise good housekeeping for their PC and don't open strange emails and their attachments just delete them instantly. Most of us that have taken back up precautions have done it to circumvent hard drive failure but those back up drives should be removed from the computer access physically and if attached for back up a virus scan and the computer's internet access removed before attaching again. What a pain in the bum is all I can say.

For reference 321 is 3 backups, 2 offline (not attached to the computer ie physically removed) and one offsite.

You can use usb sticks, sdhc cards, portable hard drives, all are good. Cycle your backups. So if you take a backup offsite then you can keep several copies that you cycle through, say 4 copies done once a week that way you can go back a month.

Make a schedule to perform your backups and take them off site, that is to your mum, son, friend anywhere really that is not your place.

Set up recurring calendar events to prompt you to backup.

John

I had never received a fake Aus Post email until a few weeks ago, it oddly arrived just after Australia Post sent me a genuine email saying a package had been delivered.
Timing seemed too perfect for it to randomly happen and I was wondering if someone had messed around at the Aus Post end?