Beware Ransomeware
-
Topic author - Senior Member
- Posts in topic: 5
- Posts: 9043
- Joined: Tue Jun 21, 2011 4:07 pm
- Location: Boerne, TX (Kendall County)
Beware Ransomeware
Well, my wife's laptop was infected with a ransomware virus that has her computer locked down pretty tight.
She received a popup yesterday asking saying Adobe Reader had downloaded an update and asked if she wanted to install it. She said it didn't look quite right so she clicked "NO". Well, things seemed to to ok for the rest of the day and this morning when she went to her computer, She had a full screen picture saying it was a message from Interpol and that she had been visiting illegal porn sites. It said her computer would be locked until she goes to a 7-11. CVS or Kmart and purchased some type of payment code for 100 euros.
I spent about 4 hours this morning researching this on the internet to see how to remove it. Wasn't able to get any of the methods to work. Dropped it off at a local repair shop to see if he can fix it. Said it would be around $100 if he doesn't have to reload or fix Windows. Pretty stinking frustrating. Especially when I spend money every year renewing my Trend Micro Antivirus software.
Therefore, as always and just like carrying, always be aware and never let your guard down whether you are on your computer or out and about.
She received a popup yesterday asking saying Adobe Reader had downloaded an update and asked if she wanted to install it. She said it didn't look quite right so she clicked "NO". Well, things seemed to to ok for the rest of the day and this morning when she went to her computer, She had a full screen picture saying it was a message from Interpol and that she had been visiting illegal porn sites. It said her computer would be locked until she goes to a 7-11. CVS or Kmart and purchased some type of payment code for 100 euros.
I spent about 4 hours this morning researching this on the internet to see how to remove it. Wasn't able to get any of the methods to work. Dropped it off at a local repair shop to see if he can fix it. Said it would be around $100 if he doesn't have to reload or fix Windows. Pretty stinking frustrating. Especially when I spend money every year renewing my Trend Micro Antivirus software.
Therefore, as always and just like carrying, always be aware and never let your guard down whether you are on your computer or out and about.
Note: Me sharing a link and information published by others does not constitute my endorsement, agreement, disagreement, my opinion or publishing by me. If you do not like what is contained at a link I share, take it up with the author or publisher of the content.
-
- Senior Member
- Posts in topic: 1
- Posts: 925
- Joined: Mon Nov 06, 2006 7:21 pm
- Location: Red Oak
Re: Beware Ransomeware
If you can get the computer back, run Malwarebytes in Safe Mode. That's cleaned it up for a lot of people.
Charlie
-
Topic author - Senior Member
- Posts in topic: 5
- Posts: 9043
- Joined: Tue Jun 21, 2011 4:07 pm
- Location: Boerne, TX (Kendall County)
Re: Beware Ransomeware
Unfortunately, it was so locked down I could not get in in safe mode nor even to a c: prompt. It was tight. Hoping the guy I took it to has much more success than I did. I will make sure to have malwarebytes on it in the future. Already loaded it and ran it on my other computers.
Thanks!
Thanks!
Note: Me sharing a link and information published by others does not constitute my endorsement, agreement, disagreement, my opinion or publishing by me. If you do not like what is contained at a link I share, take it up with the author or publisher of the content.
-
- Senior Member
- Posts in topic: 1
- Posts: 10371
- Joined: Tue Feb 03, 2009 6:51 am
- Location: Ellis County
Re: Beware Ransomeware
I don't think I understand not being able to get into safe mode. Did you power down the computer and interrupt the boot sequence to enter safe mode?mojo84 wrote:Unfortunately, it was so locked down I could not get in in safe mode nor even to a c: prompt. It was tight. Hoping the guy I took it to has much more success than I did. I will make sure to have malwarebytes on it in the future. Already loaded it and ran it on my other computers.
Thanks!
Life is tough, but it's tougher when you're stupid.
John Wayne
NRA Lifetime member
John Wayne
NRA Lifetime member
-
Topic author - Senior Member
- Posts in topic: 5
- Posts: 9043
- Joined: Tue Jun 21, 2011 4:07 pm
- Location: Boerne, TX (Kendall County)
Re: Beware Ransomeware
About 25 times. It would show safe mode in the corners but the screen would be black other than that. No cursor. No windows usr interface/desk top. Nothing.
Note: Me sharing a link and information published by others does not constitute my endorsement, agreement, disagreement, my opinion or publishing by me. If you do not like what is contained at a link I share, take it up with the author or publisher of the content.
-
- Senior Member
- Posts in topic: 1
- Posts: 2505
- Joined: Wed Jun 12, 2013 3:27 pm
Re: Beware Ransomeware
I work in technology and will tell you that Ransomware is a relatively new and very credible threat. Common delivery mechanism are delivery notifications - FedEx, UPS, etc.
What it does is encrypt your files. There is nothing we can do if your files get encrypted.. They can't be recovered (short of some NSA-level efforts) without the encryption key. These guys want you to pay to recover files and that's the direction these threats are going....
We're seeing a lot of this. Hopefully front line filtering and malware software will adapt, but right now it's a pretty big issue.
What it does is encrypt your files. There is nothing we can do if your files get encrypted.. They can't be recovered (short of some NSA-level efforts) without the encryption key. These guys want you to pay to recover files and that's the direction these threats are going....
We're seeing a lot of this. Hopefully front line filtering and malware software will adapt, but right now it's a pretty big issue.
Re: Beware Ransomeware
The GreenDot ransomware has been going around for a while but we got a warning about a new variant this week.
I want to say one word to you. Just one word.
Yes, sir.
Are you listening?
Yes, I am.
Backups.
I want to say one word to you. Just one word.
Yes, sir.
Are you listening?
Yes, I am.
Backups.
The city is not a concrete jungle. It is a human zoo.
-
- Senior Member
- Posts in topic: 1
- Posts: 2296
- Joined: Mon Apr 20, 2009 8:49 pm
- Location: North Ft Worth(Alliance area)
Re: Beware Ransomeware
Disconnected backups, These things also go out on the network and lock things down so do a regular full backup then disconnect it if it is a NAS drive like MyBook.Zoo wrote:The GreenDot ransomware has been going around for a while but we got a warning about a new variant this week.
I want to say one word to you. Just one word.
Yes, sir.
Are you listening?
Yes, I am.
Backups.
21-Apr-09 filed online
05-Sep-09 Plastic Arrived
09-Sep-13 Plastic Arrived
21-june-18 Plasic Arrived
05-Sep-09 Plastic Arrived
09-Sep-13 Plastic Arrived
21-june-18 Plasic Arrived
Re: Beware Ransomeware
I haven't seen this just yet. I am a part of a group that also watches on threats. Wonder what the encryption level is.
Amonix
CompTIA A+ Certified Professionaln
CIW Certified Web Foundations Associate
[Changing the world one byte at a time]
CompTIA A+ Certified Professionaln
CIW Certified Web Foundations Associate
[Changing the world one byte at a time]
-
Topic author - Senior Member
- Posts in topic: 5
- Posts: 9043
- Joined: Tue Jun 21, 2011 4:07 pm
- Location: Boerne, TX (Kendall County)
Re: Beware Ransomeware
Google "Interpol Cybercrime Virus"
I'm not aware of the encryption but it does change your registry and disaes the ability to go to certain virus removal sites and prevents antivirus and malware software from running. It's pretty nasty.
I'm not aware of the encryption but it does change your registry and disaes the ability to go to certain virus removal sites and prevents antivirus and malware software from running. It's pretty nasty.
Note: Me sharing a link and information published by others does not constitute my endorsement, agreement, disagreement, my opinion or publishing by me. If you do not like what is contained at a link I share, take it up with the author or publisher of the content.
-
- Senior Member
- Posts in topic: 1
- Posts: 297
- Joined: Fri May 15, 2009 2:39 pm
- Location: Garland, TX
Re: Beware Ransomeware
I've seen this twice and am going to clean it off of another friend's computer this evening after work. The first time, I got into Safe Mode and ran Malwarebyte's Anti-Malware and AVG free antivirus. No issue. The second time, a few weeks ago, logging into Safe Mode rebooted the computer right away. I ended up having to go into "Safe Mode with Command Prompt", enter the command line instruction to open the Control Panel, create a new user account with Administrator privileges, then restart and log into the new account to run all of the detection and clean-up software. Every iteration I've seen of this has been nastier, by far, then the previous versions.jmra wrote:I don't think I understand not being able to get into safe mode. Did you power down the computer and interrupt the boot sequence to enter safe mode?
-
Topic author - Senior Member
- Posts in topic: 5
- Posts: 9043
- Joined: Tue Jun 21, 2011 4:07 pm
- Location: Boerne, TX (Kendall County)
Re: Beware Ransomeware
Just found out my computer guy couldn't get past it in order to run the scans. He is in the process of wiping the computer and resetting it up. Thank God for Carbonate, local backup drive, Dropbox and my cloud based agency management system. Looks like I'll be out $2-300 and about a weeks worth of productive work.
All I can say is be very weary and careful.
He also recommended AVG and Malwarebytes instead of me paying a premium for Trend Micro. Going to have to think in this more.
All I can say is be very weary and careful.
He also recommended AVG and Malwarebytes instead of me paying a premium for Trend Micro. Going to have to think in this more.
Note: Me sharing a link and information published by others does not constitute my endorsement, agreement, disagreement, my opinion or publishing by me. If you do not like what is contained at a link I share, take it up with the author or publisher of the content.
Re: Beware Ransomeware
If this is the new CryptoLocker malware, it is nasty. Spread is typically through spam. I have three such spams in my mail today. Today's spam subject 'baits' are "Mortgage update - Completion date" and "You have received a secure message". Yesterday's baits were Wells Fargo related. All of the messages contain an attached zip file that is the infection vector. CryptoLocker is related to the Zeus banking trojan. It would be extremely wise to keep an eye on any online financial accounts you may have.