[mdlug] Encrypted Window 7 System - virus, pay to decrypt

Kevin O'Brien zwilnik2 at gmail.com
Fri Nov 21 15:36:15 EST 2014


The problem is the data. A live CD or a VM does not protect your data from
being encrypted. They are both useful things to do for other reasons, but
won't protect you from this kind of attack, I don't think.

Regards,

On Fri, Nov 21, 2014 at 12:12 PM, Drew <drew4096 at gmail.com> wrote:

> This is another reason for using 1. virtual machines (with a known
> good vm directory tarred off), and 2. Live CDs, with drives unmounted
> (or even with the cables pulled)  when not needed or when opening a
> suspect file.
>
>
> On 11/21/14, Adam Behnke <abehnke at gmail.com> wrote:
> > yes, ransomware is one the rise.
> >
> > one of the variants of cryptolocker was retro engineered, it would take
> > someone savvy to A) determine which variant of ransomware it is and B) if
> > it is one of the variants that has been broken.
> >
> > There are linux variants of ransomware in the wild too. Also, the
> > ransomware will run in wine.
> >
> > Ultimately, the end users are going to either learn not to open infected
> > attachments or pay the idiot tax. I know a couple of admins that are in a
> > perpetual state of recovering from cryptowall.
> >
> > On Fri, Nov 21, 2014 at 8:04 AM, gib at juno.com <gib at juno.com> wrote:
> >
> >> I know someone who was hit by the scheme where the computer hard-drive
> is
> >> encrypted by a virus and you are asked to pay money to get it
> >> unencrypted.
> >> It is a Window 7 system and it contains family pictures. So, I said:1.
> >> Stop
> >> using Windows2. Backup important stuff I'd guess educating about
> clicking
> >> on attachments from unknown people or suspect email would be a good idea
> >> too. Anything else that can be done?
> >> Are we to the point yet that decryption when you don't know the key is
> >> possible/likely?
> >> ____________________________________________________________
> >> What's your flood risk?
> >> Find flood maps, interactive tools, FAQs, and agents in your area.
> >> http://thirdpartyoffers.juno.com/TGL3131/546f38a42c67038a40a44st01vuc
> >> _______________________________________________
> >> mdlug mailing list
> >> mdlug at mdlug.org
> >> http://mdlug.org/mailman/listinfo/mdlug
> >>
> > _______________________________________________
> > mdlug mailing list
> > mdlug at mdlug.org
> > http://mdlug.org/mailman/listinfo/mdlug
> >
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>



-- 
Kevin B. O'Brien
zwilnik2 at gmail.com
http://google.me/+kevinobrien
Facebook is Evil. Cancel your account.


More information about the mdlug mailing list