[mdlug] Encrypted Window 7 System - virus, pay to decrypt

Brian Brodsky brianbrodsky at ameritech.net
Sat Nov 22 11:02:31 EST 2014


Kevin,

On the VM, he also said with a good VM directory tarred off, which get 
back to backups.

Brian

On 11/21/2014 09:57 PM, Adam Behnke wrote:
> well, kinda. the data in a live cd isn't persistent. ransomware preys on
> data in fileshares. the instant you mount the persistent data, its game
> over. If you open the attachment in a disposable environment, you should be
> ok as long as everything in that environment was disposable.
>
> On Fri, Nov 21, 2014 at 3:36 PM, Kevin O'Brien <zwilnik2 at gmail.com> wrote:
>
>> The problem is the data. A live CD or a VM does not protect your data from
>> being encrypted. They are both useful things to do for other reasons, but
>> won't protect you from this kind of attack, I don't think.
>>
>> Regards,
>>
>> On Fri, Nov 21, 2014 at 12:12 PM, Drew <drew4096 at gmail.com> wrote:
>>
>>> This is another reason for using 1. virtual machines (with a known
>>> good vm directory tarred off), and 2. Live CDs, with drives unmounted
>>> (or even with the cables pulled)  when not needed or when opening a
>>> suspect file.
>>>
>>>
>>> On 11/21/14, Adam Behnke <abehnke at gmail.com> wrote:
>>>> yes, ransomware is one the rise.
>>>>
>>>> one of the variants of cryptolocker was retro engineered, it would take
>>>> someone savvy to A) determine which variant of ransomware it is and B)
>> if
>>>> it is one of the variants that has been broken.
>>>>
>>>> There are linux variants of ransomware in the wild too. Also, the
>>>> ransomware will run in wine.
>>>>
>>>> Ultimately, the end users are going to either learn not to open
>> infected
>>>> attachments or pay the idiot tax. I know a couple of admins that are
>> in a
>>>> perpetual state of recovering from cryptowall.
>>>>
>>>> On Fri, Nov 21, 2014 at 8:04 AM, gib at juno.com <gib at juno.com> wrote:
>>>>
>>>>> I know someone who was hit by the scheme where the computer hard-drive
>>> is
>>>>> encrypted by a virus and you are asked to pay money to get it
>>>>> unencrypted.
>>>>> It is a Window 7 system and it contains family pictures. So, I said:1.
>>>>> Stop
>>>>> using Windows2. Backup important stuff I'd guess educating about
>>> clicking
>>>>> on attachments from unknown people or suspect email would be a good
>> idea
>>>>> too. Anything else that can be done?
>>>>> Are we to the point yet that decryption when you don't know the key is
>>>>> possible/likely?
>>>>> ____________________________________________________________
>>>>> What's your flood risk?
>>>>> Find flood maps, interactive tools, FAQs, and agents in your area.
>>>>> http://thirdpartyoffers.juno.com/TGL3131/546f38a42c67038a40a44st01vuc
>>>>> _______________________________________________
>>>>> mdlug mailing list
>>>>> mdlug at mdlug.org
>>>>> http://mdlug.org/mailman/listinfo/mdlug
>>>>>
>>>> _______________________________________________
>>>> mdlug mailing list
>>>> mdlug at mdlug.org
>>>> http://mdlug.org/mailman/listinfo/mdlug
>>>>
>>> _______________________________________________
>>> mdlug mailing list
>>> mdlug at mdlug.org
>>> http://mdlug.org/mailman/listinfo/mdlug
>>>
>>
>>
>> --
>> Kevin B. O'Brien
>> zwilnik2 at gmail.com
>> http://google.me/+kevinobrien
>> Facebook is Evil. Cancel your account.
>> _______________________________________________
>> mdlug mailing list
>> mdlug at mdlug.org
>> http://mdlug.org/mailman/listinfo/mdlug
>>
> _______________________________________________
> mdlug mailing list
> mdlug at mdlug.org
> http://mdlug.org/mailman/listinfo/mdlug



More information about the mdlug mailing list