Thread: Watch out for the latest Ransom Virus

Since I sent this out, I've heard back from 4 people to say "Too late."

Edit: A 5th one just came in.

Couple of tips.
1. Never use your PC from an administrator account. Create a user account for normal use.
2. Back up everything important on a daily basis to a place that a trojan can not get to.
3. Take a full snapshot once a week, again in a remote (removable) drive.
4. Have a current antivirus program.

And finally
5. NEVER open an email attachment from an unknown or unexpected source.


ps - Tell the kids the same .....DAMHIK

Invest in a removable caddy ($15 .... http://www.msy.com.au/nswonline/mobi...-hdd-rack.html ) and use SyncBackFree to make copies of the important stuff. I've some old drives laying around 250's, 500's and some 750's... all useless for anything really (as the main drives are now SSD and 4Tb drives are cheap as chips).

All are still good for a removable backup however. Just get some clear "clam shells" from the computer shop (free). Just pop it in each day and back everything UP!!!! Take one to parents/friends place, the other on a shelf in another room and a couple with the PC. Swap them around peridically in some form that matches your paranoia.

Its free, easy and the caddy costs $15. (buy TWO - one for the kids, one for you)

If you are concerned with safety, also get the "old" version of TrueCrypt. (NOT the "new" one). Your backups will be very safe. The whole solution is very low-tech and doesn't rely on any fancy software or exotic hardware... so in an absolute worst-case scenario you can get back alive quick smart.

Saves a lifetime of grief.

JUST DO IT!!!!!!!!!!!!!

Is this an issue for a Mac?

Yes. Even phones running Android.

The whole internet and all devices that connect to it have turned into a titanic security/safety nightmare that will become galactically worse.

This also includes software that runs planes, trains, automobiles, dams and your friendly local nuclear reactor.....

Even PCs that do not connect to any network (air gapping) can be attacked.

I tell all my friends and family constantly.... DONT keep anything you need on your computer. Make a copy. Assume at some stage it WILL be lost, permanently (hard disk crash, fried OS, colossal mistake like formatting the wrong hard disk, etc) . Plan around that.... Follow my backup plan. Almost no cost and it WILL save your bacon one day....

My last job was CTO of a humongous dollar credit card clearing and authorisation company. The attacks were absolutely endless, the fraud absolutely rampant. We were constantly attacked via internet, attempted subversion and even physical intrusion. I kept a huge monitor up in the main room with intrusion detection counts, origin and type as a bit of fun.

It is my absolute belief there are only 2 types of organisation - those that have been hacked and know it, and those who have been and don't know it.

Your Mac is not going to protect you via obscurity. Back up your data. Assume loss. Plan around that.

Does it only encrypt files on local drives or does it hit network drives as well?

And wear a foil skull cap!

Originally Posted by mawhins

Does it only encrypt files on local drives or does it hit network drives as well?

Any accessible drive is vulnerable including USB (inc phone), network and home group drives.

Anything it can get out without using a password, if it looks like data, it gets encrypted.

Originally Posted by A Duke

And wear a foil skull cap!

Won't help I think my data got partially encrypted years ago.

These new beasties are very troubling.

They are incredibly sophisticated. The personalised encryption is first rate, the completely opaque manner in which the extortion works and the fact the they are proving impossible to analyse.

I was recently invited into a team to assist with pulling one apart. It resisted running while memory analysers were running, was aware when we put it onto several different VM environments and was completely aware of the network, enforced proxies and any/all antivirus programs running. It was exceedingly hard to analyse.

Every iteration is improving.

One thing that was impressive that the extortion was real AND the customer service was impressive. The team was aware that every single payment was honoured and the decryption key provided worked flawlessly every time. They certainly wanted a reputation of actually being honourable in that regard. Makes sense.

Please follow my backup advice. It's very low tech and very easy and cheap to do.

All our work laptops are encrypted legitimately, to prevent data theft should a laptop be stolen / lost, but that in itself is another hazard that has to be managed. An encrypted hard drive cannot be recovered as several of our staff have discovered. Our SOE does not like USB drives and will not permit copying of data in quantity to a USB drive etc. So how do you back up data on the fly? Seems that encrypted hard drives do not have a long life in laptops as we are also finding out. We use External drives as backup but they are also encrypted - Argh! Don't loose encryption keys.

Originally Posted by Mobyturns

All our work laptops are encrypted legitimately, to prevent data theft should a laptop be stolen / lost, but that in itself is another hazard that has to be managed. An encrypted hard drive cannot be recovered as several of our staff have discovered. Our SOE does not like USB drives and will not permit copying of data in quantity to a USB drive etc. So how do you back up data on the fly? Seems that encrypted hard drives do not have a long life in laptops as we are also finding out. We use External drives as backup but they are also encrypted - Argh! Don't loose encryption keys.

So many things to talk about.... These thoughts may help a bit.....

My experience is that encryption in itself doesn't explode spinning drives, as they entirely unaware of the content that is written. The operating system can choose what to write where, but very rarely will do so. An example of this is defragging. Usually the command of "write this" is handed to the drive and it will simply write data to the very first sector that happens to below the heads at that millisecond. It's not a smart process.

This isn't the case for solid state devices, like a SSD. They use a lot of smarts (too much) in order to do "write levelling". Imagine a SSD having a buch of cells like a beehive. Each cell can only be written to 1000 times before it fries itself (number is for illustration). The software of the drive distributes the action to ensure the drive has a decent life. Encryption generally overwrites this process with its own write methods... Ie write this data to sector 1234. This is so a sector that changes can't be analysed (e.g. Old data is on 1200 and new is 1234). Old data on 1200 compared to new on 1234 leaves a trail which may be harvested and used for information. Enough information and you get an idea of the structure and rate of change. This can be exploited. Forced rewriting constantly to 1234 virtually eliminates this exploit.

Spinny drives can rewrite a sector 100 million times. It won't affect them. Try this with a SSD and it's Certain Death in short order.

TrueCrypt 7.1a is the only encryption I trust. This is because the source code is public and can be reviewed (it isn't practical to do on an individual basis, but there is a project doing exactly this). The project has ended due to a brutal shutdown by the US government, but there are alternatives. Wikipedia reveals all.

Use encryption on all drives, including SSDs. The expense of exploding a SSD drive is minimal compared to a compromise.

Another reason I suggest TrueCrypt is you use a single password and not a key (but you can). You can mount the drive in another machine, enter the password and presto. The password can be anything.... "thisIsMyEncryptedHardDrive$12345" is perfectly fine and quite infeasible to brute force.

This however won't save you from ransomware. It will still let you boot etc. It just adds another layer of encryption on top. Backups of your important info is the only option.

With the query of copying data, the program of SyncBackFree will do a range of backup types...from an initial blast to a trickle charge. There are many options for how backups are done, from frequency, speed, overwrite options to keeping old versions and giving version numbers.

Any organisation that resists encryption and complete backup and recovery is CHOOSING to be hacked, data destroyed and be bled dry by extortion.

It is as I said, there are ONLY two types of organisations.

Backups are your sole and only defence.

The encrypted drives wear out early because there is far more drive activity while the data is being accessed.