[mdlug] Encrypted Window 7 System - virus, pay to decrypt
Adam Behnke
abehnke at gmail.com
Fri Nov 21 21:57:24 EST 2014
well, kinda. the data in a live cd isn't persistent. ransomware preys on
data in fileshares. the instant you mount the persistent data, its game
over. If you open the attachment in a disposable environment, you should be
ok as long as everything in that environment was disposable.
On Fri, Nov 21, 2014 at 3:36 PM, Kevin O'Brien <zwilnik2 at gmail.com> wrote:
> The problem is the data. A live CD or a VM does not protect your data from
> being encrypted. They are both useful things to do for other reasons, but
> won't protect you from this kind of attack, I don't think.
>
> Regards,
>
> On Fri, Nov 21, 2014 at 12:12 PM, Drew <drew4096 at gmail.com> wrote:
>
> > This is another reason for using 1. virtual machines (with a known
> > good vm directory tarred off), and 2. Live CDs, with drives unmounted
> > (or even with the cables pulled) when not needed or when opening a
> > suspect file.
> >
> >
> > On 11/21/14, Adam Behnke <abehnke at gmail.com> wrote:
> > > yes, ransomware is one the rise.
> > >
> > > one of the variants of cryptolocker was retro engineered, it would take
> > > someone savvy to A) determine which variant of ransomware it is and B)
> if
> > > it is one of the variants that has been broken.
> > >
> > > There are linux variants of ransomware in the wild too. Also, the
> > > ransomware will run in wine.
> > >
> > > Ultimately, the end users are going to either learn not to open
> infected
> > > attachments or pay the idiot tax. I know a couple of admins that are
> in a
> > > perpetual state of recovering from cryptowall.
> > >
> > > On Fri, Nov 21, 2014 at 8:04 AM, gib at juno.com <gib at juno.com> wrote:
> > >
> > >> I know someone who was hit by the scheme where the computer hard-drive
> > is
> > >> encrypted by a virus and you are asked to pay money to get it
> > >> unencrypted.
> > >> It is a Window 7 system and it contains family pictures. So, I said:1.
> > >> Stop
> > >> using Windows2. Backup important stuff I'd guess educating about
> > clicking
> > >> on attachments from unknown people or suspect email would be a good
> idea
> > >> too. Anything else that can be done?
> > >> Are we to the point yet that decryption when you don't know the key is
> > >> possible/likely?
> > >> ____________________________________________________________
> > >> What's your flood risk?
> > >> Find flood maps, interactive tools, FAQs, and agents in your area.
> > >> http://thirdpartyoffers.juno.com/TGL3131/546f38a42c67038a40a44st01vuc
> > >> _______________________________________________
> > >> mdlug mailing list
> > >> mdlug at mdlug.org
> > >> http://mdlug.org/mailman/listinfo/mdlug
> > >>
> > > _______________________________________________
> > > mdlug mailing list
> > > mdlug at mdlug.org
> > > http://mdlug.org/mailman/listinfo/mdlug
> > >
> > _______________________________________________
> > mdlug mailing list
> > mdlug at mdlug.org
> > http://mdlug.org/mailman/listinfo/mdlug
> >
>
>
>
> --
> Kevin B. O'Brien
> zwilnik2 at gmail.com
> http://google.me/+kevinobrien
> Facebook is Evil. Cancel your account.
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug
>
More information about the mdlug
mailing list