Cryptolocker Randsomeware

[Sicklyscott]

I'm in the IT Security field and we get hit with at least 10 incidents of this each month. The best thing to do is have an offline backup process. I plug my external drive in to the PC only when i know I have additional files to back-up. I also use BackBlaze as my cloud based back-up provider. This is my just in case plan that my external drive doesn't work, burns up, or gets chucked across the room in frustration.

The only thing I do is back up my external drive, never any OS files or any temp downloaded internet files. If i get infected with anything I do not want that to take over my external drive.

[motion]

I must have my multiple credit cards stored on over a 100 sites. Seriously. Not. One. Problem.

Its been a few years since one of my cards was stolen and I had to have a replacement sent. I also check my online banking/credit cards/etc. from airports, hotels, train stations, etc. Never had an issue.

Livin' life on the edge

Quote:

Originally Posted by Porsche-O-Phile

'Zactly.

I use a Mac and I have a Linux box that is standalone (local LAN only, no internet connection) where I keep the stuff I really care about. I also use time machine every few days. Have never, ever had an issue except for a stolen CC# (used to buy plane tickets in Russia) a few years ago - that was due to the CC company getting hacked (not me) and they didn't charge me when I contested it - the company offered a new card, I told them to keep it, closed my account and went on with life. It was a few years ago so I suspect they only got the CC# (if they'd gotten anything more I imagine it would have turned into nasty business by now, this was maybe 5-6 years ago). Thankfully I didn't (and don't) store my payment info. or it's possible they might've been able to go after my bank account.

Lesson: don't EVER store your payment information on anyone else's site or server and don't enroll in "auto pay" programs (since those necessarily keep your payment information on their servers, out of your control). Most companies now outsource their payment and data processing and the level of protection given to customer data in places like India or Bangladesh or Mexico or Vietnam won't be nearly as good as what's typically employed in the US (mostly due to liability concerns).

Another way to do it (if you're hell-bent on the "convenience" of auto-pay or saving your CC# info on other peoples' sites so you don't have to enter it every month) is to use a card with a very low limit or a debit card that you only transfer funds into to cover payments right before they post each month (although that might be as much or more work than simply manually entering the payment data in the first place unless you automate those transfers themselves I suppose...)

Or just have fewer accounts, fewer things to pay and worry about and live happier.

The biggest data crooks out there aren't Russian hackers anyway - they're big corporations with names like Google, Microsoft, Facebook, Verizon and Yahoo.

Private browsing, cookie blocking, Little Snitch and similar tools are your friend. If they want your data make it very difficult / expensive for them to get it, and make sure that even if they do, it's of little or no value as a profile. THAT is your best (really"only") protection against the Big Data crooks.

[Porsche-O-Phile]

Glad it's working out okay for you but I actually think that IS living life on the edge a bit. If you know anyone that's ever had an identity theft experience (I do) it isn't the least bit funny or a joking matter. It can turn life into a VERY inconvenient hell where the burden of proof is on you to prove it (you're "guilty until proven innocent" always) for everything and is very expensive both in terms of time and money - and you can have new problems pop up for months / years after you think it's all fixed and has finally been buried.

Just be careful is my advice. A little bit of paranoia goes a long way.

[kach22i]

UPDATE:

I got the Seagate software to work, the default is "continuous", I set it to "snapshot" and all is good.

It would have taken me a week of on again, off again saving to CD's to get similar results. This way was just a few hours, not a bad deal if I can access it when I need to.

Still have to figure that part out.

[biosurfer1]

Windows has a pretty good file back up built in. Look into File History. I've used it for years and never has an issue retrieving a previous version of a file.

[mikester]

Even if your own data is already encrypted the malware if it gets in can encrypt it again. Twice baked potato!

Anyway, best of luck. It's bad stuff to get caught up in.

[jyl]

If your mac gets infected by ransom ware, and you have a time machine backup on an external drive, can you Restore from the last unencrypted snapshot, or does the ransom ware encrypt the time machine external drive too?

[stomachmonkey]

Quote:

Originally Posted by jyl

If your mac gets infected by ransom ware, and you have a time machine backup on an external drive, can you Restore from the last unencrypted snapshot, or does the ransom ware encrypt the time machine external drive too?

You have to assume ransomware or any other malicious stuff is going to affect every mounted drive.

Or was the question will it affect the back up drive when you bring it online for a restore?

Ideally you would wipe the infected drive before a restore.

[jyl]

Kaspersky releases decryption tool that unlocks ransomware

[sc_rufctr]

AH HA... Some good news! I still have a client Laptop in storage that's infected. I'll give this a go.

[biosurfer1]

2 hours, tops, and all of the existing viruses will be re-coded around this decryption tool is my guess.

Not to mention that I've found most "anti-virus" software installs just as much crap as it takes off.

[stomachmonkey]

Quote:

Originally Posted by biosurfer1

2 hours, tops, and all of the existing viruses will be re-coded around this decryption tool is my guess.

Not to mention that I've found most "anti-virus" software installs just as much crap as it takes off.

The decryption is not the tough part.

The key is the killer.

Article say s they found a cache of keys so anyone locked with the known crop is happy.

People who get hit with the next wave using unknown keys won't be happy.

[PetrolBlueSC]

I have a Synology Disk Station at home connected to the router. I back up to the Disk Station thinking that if my PC get locked, I'll be able to get my data off the Disk Station. Is my Disk Station at risk of being locked at the same time as my PC? PC is windows 7 and the Disk Station is Linux.

[stomachmonkey]

Quote:

Originally Posted by PetrolBlueSC

I have a Synology Disk Station at home connected to the router. I back up to the Disk Station thinking that if my PC get locked, I'll be able to get my data off the Disk Station. Is my Disk Station at risk of being locked at the same time as my PC? PC is windows 7 and the Disk Station is Linux.

If the Linux share is always mounted under Windows I would be cautious.

Put another way, assume it's vulnerable.

[Deschodt]

Quote:

Originally Posted by jyl

If your mac gets infected by ransom ware, and you have a time machine backup on an external drive, can you Restore from the last unencrypted snapshot, or does the ransom ware encrypt the time machine external drive too?

Guessing you would wipe your mac first - boot your mac from CD / USB stick with the latest OS (Assuming you made a bootable USB stick if your mac does not have a CD drive - if not, you should while you have a functioning mac). You'd go to the supplied HD tools and wipe the drive thoroughly, and reinstall the OS on an clean drive.

Only then connect the good backup drive and restore from time machine.... I keep an offsite time machine backup at a family member's house (and vice versa) in case of a fire...not just hackers.... Every couple months we rotate the drives (cheap, as mentioned before). Can't afford to lose all my kids pictures, banking history, etc....

In terms of security of your info though, it's kinda moot now that pretty much everyone's employer/bank/insurance co/shopping destination has been hacked and most people's social are "out there". Your best bet outside of safe computing practices is to lock/freeze your credit, reduce your # of credit cars to make tracking easier, and regularly monitor your credit history - also sign up with IRS for a fraud prevention Pin.. Sad consequence of everything being online now...

[techweenie]

Quote:

Originally Posted by jyl

If your mac gets infected by ransom ware, and you have a time machine backup on an external drive, can you Restore from the last unencrypted snapshot, or does the ransom ware encrypt the time machine external drive too?

Unless I missed something, I don't believe there have been any successful ransomware attacks on Macs reported...

[LeeH]

Is there a USB cable with a built in switch? I have an external hard drive for backing up only... but it's always connected. Short of plugging/unplugging the cable, is there a way to make sure the drive is disconnected and safe from infection?

[stomachmonkey]

Quote:

Originally Posted by LeeH

Is there a USB cable with a built in switch? I have an external hard drive for backing up only... but it's always connected. Short of plugging/unplugging the cable, is there a way to make sure the drive is disconnected and safe from infection?

If your backup kicks off at the same time all the time you can roll a script to mount the drive before the designated time then unmount it when finished.

Time the average amount of time a back up takes then set the unmount timer for longer.

[sammyg2]

Quote:

Originally Posted by Christien

Really? People are still falling for fake UPS tracking emails? I realize not everyone is computer savvy, but to a large degree, if you're gullible enough to click on an attachment from an email that wasn't expected, you kind of deserve what's coming to you.

You and your personal responsibility.
This is 2015, no one takes responsibility for their actions any more, it's always someone else's fault!!!

[sammyg2]

Quote:

Originally Posted by motion

I must have my multiple credit cards stored on over a 100 sites. Seriously. Not. One. Problem.

Its been a few years since one of my cards was stolen and I had to have a replacement sent. I also check my online banking/credit cards/etc. from airports, hotels, train stations, etc. Never had an issue.

Livin' life on the edge

In the movie The Magnificent Seven, which BTW was the best movie EVAR, Steve McQueens's character said the following:

Quote:

Reminds me of that fella back home who fell off a ten-story building. As he was falling, people on each floor kept hearing him say, "So far, so good." Heh, so far, so good.

I've only had one credit card stolen, by an employee at mid america or whatever that company is called now, but it was a PITA to get straightened out.
And that purchase was made over the phone, not via 'puter.



da da .... da da da da.......... best theme song evar too.