Become a fighter against malware and join the forum at SensorsTech!  The SensorsTech’s forum is the place where you can solve your PC issues and educate yourself about malware. You are welcome to discuss various security topics with our professional team and other users like you! To unlock all features of the forums, you have to create an account. Otherwise, you can only browse the topics without taking part in the discussions. To leave a comment or ask your questions, read our Registration Agreement and create your free account here.

Recent Posts

Pages: [1] 2 3 ... 10
1
PC Tips & Tricks / Re: Helpful Tips about Ransomware
« Last post by Execute on July 20, 2017, 10:36:14 am »
Another useful tip is to disable some ports on your Windows system, that are not really used unless you are some sort of power user, who uses the Common Internet File System (CIFS), Client/Server Communication and NetBIOS for some reason. The famous WannaCry ransomware (and later Petya.A) have both used these ports as entry points for injecting their malicious file into computer systems.
It would be only wise to close these ports as ransomware viruse in the future might utilize them as well to infect PCs.

Here's what you should do:

Open the Command Prompt (cmd.exe) with Administrator privileges.
Then type the following command lines into the box to disable the ports:

netsh advfirewall set allprofile state on

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=445 name="Block_TCP-445"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=135 name="Block_TCP-135"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=138 name="Block_TCP-138"

netsh advfirewall firewall add rule dir=in action=block protocol=TCP localport=139 name="Block_TCP-139"


At the end of each command, the CMD should say "Ok." and that is it! Stay safe!
2
Off-Topic Discussions / Re: IT Jokes and Overall PC Stupidity
« Last post by Execute on July 04, 2017, 11:09:18 am »
And in this corner...

3
Yesterday, on the 27th of June, a new ransomware emerged crippling systems across the globe, called Petya.A.

The ransomware has a lot of its code copied from the original Petya ransomware, yet malware researchers say that it is a different ransomware and probably compiled by a different malware author.

Ukraine was one of the countries that was hit the hardest, because of a flaw in its MeDoc update system. Lots of its government computers were infected and encrypted, while the virus spread to other firms and organizations in the country. Spain, Russia and France are also countries that are among the first and most heavily infected.

Read more technical details about the Petya.A ransomware and information on what you could do to try and restore data on your PC here:

“Oops, Your Important Files Are Encrypted” (Petya.A WannaCry Ransom Virus)
4
Gaming Malware / Kryptonite Ransomware uses the game "Snake" as a disguise
« Last post by Execute on June 26, 2017, 03:15:08 pm »
Kryptonite is the name of a new ransomware cryptovirus,
that is quite cleverly masked as the popular game "Snake".
You can also play a Command Prompt variant of "Snake",
while the Kryptonite virus is encrypting your files...

...and then you are asked to pay $500 as ransom for your files.

This is how the game looks like:



You can read all about it, from the following article:

https://sensorstechforum.com/kryptonite-ransomware-remove-restore-files/
5
Malware Removal Questions and Guides / Re: Mole02 File?
« Last post by Execute on June 22, 2017, 06:04:03 pm »
Hello, @ZMan.

Yes, this is confirmed by malware researchers to be the new variant of MOLE ransomware and it appends the .MOLE02 extension like you have shown in the attached picture.

You can find a thorough analysis of the virus here: https://sensorstechforum.com/mole02-file-virus-remove-restore-data/

Best Regards,
Execute
6
Malware Removal Questions and Guides / Mole02 File?
« Last post by ZMan on June 14, 2017, 06:03:16 pm »
Does this look more like a different mole file that the standard mole going around? I can't find much on this virus, any links are sources would be usefully if you can give any.

Thanks,
ZMan
7
Hmm, that is quite interesting. Sad that you couldn't recover files with Recuva. Just don't reformat the drive so you could keep trying such Data Recovery programs. That is indeed helpful information, but can't really remember a ransomware that did that. If I remember anything I will be sure to write about it here.
9
Thanks for your reply, the new names files are numbers and letters without any sense, and also the extension of the archives are the same.
Also, the archives are stored in a hard external disc (usb conexion), and no message is showing after the attack.
All it's very strange but after using a recovery tool to missing archives, I could descover that the original archives were deleted at the same time were created the new encrypted archives (the time of the two actions are the same). Unfortunately, I could'n recover the original archives with the program RECUVA (and also another more that I tred).
I hope this information add data to your diagnosis. I read your suggested article, but don't match with my case.
Regards.
10
I ran the decrypter program on a small portion of encrypted files and it worked!! I am now going to work on decrypting a larger set of files we had saved in case a decryption program was created that worked. There are a huge set of files we were waiting on to decrypt that will save us a lot of headache in the future. A BIG THANKS goes out to the creators of the decryption program.!!
Pages: [1] 2 3 ... 10