Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.


*

Execute

  • *****
  • 204
  • +38/-0
  • Your friendly neighbourhood IT guy
      • View Profile
  • Publish
  • Helpful Tips about Ransomware
    « on: March 15, 2016, 09:26:53 am »
    I decided to start a topic about useful tips on ransomware.

    Things that can help you prevent such an infection that encrypts your files,
    and things that can help if something unfortunate like that already happened.

    Tip #1: If you see that a ransomware is in the process of encrypting your files, shutdown your PC as quickly as possible from the Power button.

    Tougher ransomware viruses usually delete their key.dat file from your HDD/SSD,
    that is used to encrypt your files, after the encryption process is 100% finished.

    If you are successful and interrupt the encryption process, it is very likely that
    you will still have the key.dat file with which you can decrypt ALL of your files.

    Everybody is encouraged to contribute with tips that he/she knows about ransomware viruses. You can share ideas and thoughts too!

    EDIT: It might be a good idea to keep a few files on your desktop - like documents and pictures with 1-2 different extensions (just in case).
    « Last Edit: March 15, 2016, 01:38:24 pm by Execute »
    There is no place like 127.0.0.1

    *

    sensadmin

    • ******
    • 15
    • +14/-0
        • View Profile
        • STF - Forums
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #1 on: March 16, 2016, 11:01:54 am »
    Tip #2: Don't forget to BACKUP! Do regular backups of your important files! It is the best prevention method. Keep these files in 2 locations if you can as well!!!!
    If your computer has been infected…
    If you don’t know what anti-malware product to choose for your system…
    If you are interested in the latest security news and updates…
    If you have a security-related question or an answer…
    If you enjoy the good conversation...

    Join our community.

    We can help!

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #2 on: March 22, 2016, 10:43:39 am »
    Yes, that is also a key note! Without backups there is almost absolutely no other way of recovering files after decryption.

    And to keep this from being off-topic, I would suggest:

    Tip#3: Do NOT format! In case you got your files decrypted now or in the past, and no matter if you removed the ransomware or not - never format your drives. There are cases where data recovery tools can recover some of the files. And there are specialists who deal with data recovery who could extract deleted files.
    « Last Edit: March 22, 2016, 10:47:10 am by Execute »
    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #3 on: March 23, 2016, 02:25:09 pm »
    Tip#4: Keep everything updated! This includes your operating system, browsers and anti-malware program.
    Also, if you still have Java and Adobe's Flash Player and intend to keep them installed, be sure to update them as well.
    Update everything from it's original source or through the programs themselves.
    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #4 on: March 24, 2016, 10:06:56 am »
    Tip#5: Reveal file extensions! By doing this you can see if a file is suspicious from its extension.
    For example, you get an email which says it contains an important document.
    You see the file name Important.doc - but it is actually Important.doc.exe. Never open such files!

    To reveal extensions, follow the steps for each operating system:

    For MAC users:

    Step 1: Open a new Finder window
    Step 2: From the Menu bar, go to Finder and select Preferences
    Step 3: Click on the Advanced tab
    Step 4: Tick the box Show all filename extensions

    (If you want to hide file extensions, just untick the box).

    For WINDOWS 10 users:

    Step 1: Click Start and then click File Explorer
    Step 2: Click the View tab in File Explorer and then click the Options button
    (or open the drop down menu and click on Change folder and search options)
    Step 3: Select the View tab at the top of Folder Options
    Step 4: To see file extensions, untick Hide extensions for known file types
    Step 5: To see hidden files and folders, tick Show hidden files, folders, and drives
    Step 6: Click "OK" to save your changes

    For WINDOWS 8 and 8.1 users:

    Step 1: On the Start menu, begin typing "Control"
    Step 2: When Control Panel is listed under Apps, click on it
    Step 3: If you are in the Category View, open the drop down menu and select Large icons or Small icons
    Step 4: Open Folder Options
    Step 5: Click on the View tab at the top of the dialog box
    Step 6: To see file extensions, untick Hide file extensions for known file types
    Step 7: To see hidden files and folders, tick Show hidden files, folders, and drives
    Step 8: Click "OK" to save your changes

    For Windows 7, Vista, and XP users:

    Step 1: Click the Start menu button and open the Control Panel

    Step 2:
    • Windows 7: If you are in the Category View, open the drop down menu and select Large icons or Small icons
    • Windows Vista or Windows XP: Switch to the Classic View if you are not already in this view
    Step 3: Open Folder Options (or Folder and View Options)
    Step 4: Click on the View tab at the top of the dialog box
    To see file extensions, uncheck Hide file extensions for known file types
    To see hidden files and folders, select Show hidden files, folders, and drives
    Step 5: Click "OK" to save your changes

    « Last Edit: March 24, 2016, 11:39:50 am by Execute »
    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #5 on: March 30, 2016, 02:53:43 pm »
    Tip#6: Have security software installed!

    Security software guarding against different kinds of malware is always a great choice and you probably already have one. But keep in mind, that having a few security programs installed, each providing protection from specific kind of malware, such as spyware, trojans and ransomware is always a wise idea. Especially, if they are compatible with each other.

    There is also a new and interesting free tool you can try. It is BitDefender's Anti-Ransomware tool.
    It protects against Locky, CTB-Locker and TeslaCrypt.

    You can read more about it and download it, here: http://sensorstechforum.com/bitdefender-anti-ransomware-software-review/
    « Last Edit: March 30, 2016, 02:55:58 pm by Execute »
    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #6 on: April 04, 2016, 11:17:22 am »
    Tip#7: Be very careful around emails!

    You may have received or receive suspicious emails in the future. Such emails may contain links, attachments and even phone numbers and emails.

    Also, the email may look like an email of a person you have often communicated with. Sometimes, the sender's email address may be an exact copy of an email you have sent messages to. (Try sending an email back if you doubt it - most of the times the fake email disappears from the "Send To" box. Also, contact the person in another way - like calling him on the phone, to double check.)

    Every little detail is done to make you curious or try to convince you to do an action. Mostly such spam/scam emails are targeted at your banking and credit card details, but there is an increasing trend, these emails to be an outlet for ransomware distribution.

    Here are a few samples from real spam/scam emails:

    Hello <Your name>,
    /link/
    Hope this helps,
    <Initials of a name on one the e-mail addresses you have communicated with>

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Valued Customer,

    Please note that starting from April 09, 2016 we will be introducing new online banking authentication procedures in order to protect the private information of all online banking users.

    You are required to confirm your online banking details with us as you will not be able to have access to your accounts until this has been done.
    As you're already registered for online banking all you need to do is to confirm your online banking details.

    Confirm your details /link/

    Once you've completed this you'll be able to manage your money whenever you want, giving you more control of your finances.

    Regards
    Customer Service
    Santander Alert Team

    This message has been seen to be sent allegedly by The Halifax Team

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    I AM MR. DIOUF MOUKA FROM BURKINA FASO I HAVE A GENIUE
    BUSINESS TRANSACTION OF 30MILLION U.S DOLLAS TO DO WITH YOU
    IF YOU ARE INTERESTED SEND TO ME THE FOLLOWING INFORMATION
    IMMEDIATELY.

    YOUR FULL NAME......
    YOUR OCCUPATION.....
    YOUR AGE........
    YOUR MARITAL STATUS.....
    YOUR PHONE NUMBER.....
    YOUR COUNTRY/NATIONALITY.....

    AND REPLY TO THIS EMAIL ADDRESS diouf(.)[email protected]

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    YOU WON US$2,800,000.00 via WESTERN UNION.

    Hello,

    We are here to notify you that the sum of US$2,800,000.00 was generated and awarded to you by the United Arab Emirates, West Africa commission and the Western Union Foundation as one of the customers who uses Western Union in their business transaction.

    So, contact the Western union Agent: Mr. Vincent Rex. His Tel: +226 6162 5519 E-mail :(westernunion@***est(.)com) he will issue to you how you will be receiving the funds you can also ask him to send to you a proof, the ownership certificate of the Funds. It is for you to be sure that the funds belong to you.

    Yours Faithfully,
    Samie Salam
    Awards Coordinator United Arab Emirate Commission/WEST AFRICA AND Western Union Foundation, Congratulation Once again.

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    If you haven't made your 1st $2,725 online yet...
    Here's Your Free Ticket...
    Grab it With Both Hands NOW!
    If your on a tight budget or just sick of spending
    money on c**p that doesn't deliver results...
    Here's a sustainable way to make money online...
    You'll Love This!
    I do.

    Talk soon,
    Scarlett

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

    Attn: Sir/Madam

    We are offering a job position in our company. Casatex Textile Limited is employing individuals to work for the company as a Sales Representative/Payment Receiving Agent.
    You don't need to have an Office and this certainly won't disturb any form of work, you have at the moment.

    Salary: No basic salary, lucrative commissions structures. Average income range between $1000 - $3000 pm.
    Position: Sales Representative/Payment processing Agent
    Experience: None Required- We will guide you through.
    Age Requirements: From 25yrs and Above
    Schedule: 5+ hours/week. You choose your hours.
    Please fill out the attached form and affix a copy of your passport and send back to us
    Admission is free of charge.
    Scam Warnings!!! : Do not pay for a job, Your job has to pay you, BEWARE of Scams.
     
    In Trust and Good Faith,
    Mrs. Mary Russell

    \\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


    BEWARE! As there probably are more well-written and more convincing emails out there!
    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #7 on: April 05, 2016, 11:22:19 am »
    Tip#8: Disable remote services and unused connections!

    Disabling all remote services as Remote Access to your computer, the Remote Desktop Protocol, as well as Remote Assistance is necessary in this day an age. It's a good way of preventing ransomware and Trojan horses related to it, from spreading further onto your network, or doing more harm to your PC.

    Disabling any Network Connections that are not in use, including Bluetooth and Infrared ports is another great idea of stopping cyber criminals of exploiting them.

    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #8 on: May 13, 2016, 11:12:10 am »
    Tip#9: Install an Anti-Ransomware Tool!

    Installing and enabling an Anti-Ransomware Tool will add an additional layer of Protection to your system!
    Since different tools work in unique ways for them, you can run multiple such tools at the same time.

    There are plenty of Free ones out there. Find out the Most Popular Free Anti-Ransomware Tools.
    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #9 on: May 16, 2016, 10:57:43 am »
    Tip#10: Disable the Shadow Volume Service (vssadmin.exe)

    Ransomware can delete all shadow volume copies created on your system with a single command.
    In order to prevent this, you can rename the service so the command is not executed, and you have an older backup of most of your files.

    In case of a ransomware attack, you can revert the service's original name, so you can use the backup.

    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #10 on: May 17, 2016, 09:55:24 am »
    Tip#10: Keep your Firewall ON!

    You should always keep your Firewall ON and running at all times! The more layers of protection you have - the better!
    (The Firewall controls incoming and outgoing traffic, based on security rules, so it can stop other malware and even some hackers!)
    There is no place like 127.0.0.1

    *

    Execute

    • *****
    • 204
    • +38/-0
    • Your friendly neighbourhood IT guy
        • View Profile
  • Publish
  • Re: Helpful Tips about Ransomware
    « Reply #11 on: July 11, 2016, 11:26:06 am »
    Tip#11: Disable macros in Microsoft Office!

    You should disable any macros from running in Microsoft Office - be it Word, Excel, Access, PowerPoint or other applications!
    Macros can be executed with a malicious script and release the payload of many ransomware viruses.

    To do that, simply:

    Click the Microsoft Office Button, and then go to Access Options.
    Click Trust Center, and select Trust Center Settings, and after that choose Macro Settings.
    Choose the setting Disable all macros without notification (This option will disable macros, when it is applied.)

    This is a good prevention tactic against ransomware which uses scripts hidden in Word documents and the like.
    Even if you downloaded such a document, the ransomware wouldn't be able to run and do anything to your computer.
    There is no place like 127.0.0.1

     


    Facebook Comments