Beware Cryptowall 2.0

vbimport

#1

Better be very careful on the links you click on. This could be you. This is Ransomware at its finest. I do not condone it, but its a brilliant plan.:iagree:


#2

That’s why people use backups. So that they have a backup when things go wrong.


#3

Better yet don’t go to those dark sites that is why they get hacked with those malwares in the first place…common sense…on the internet common sense is thrown out of the window…


#4

[QUOTE=coolcolors;2744927]Better yet don’t go to those dark sites that is why they get hacked with those malwares in the first place…common sense…on the internet common sense is thrown out of the window…[/QUOTE]
Do note i typed “when” and not “if”.

It will go wrong. There is no cure against stupid mistakes, no matter how smart you are. There is only precaution.


#5

[QUOTE=Mr. Belvedere;2744922]That’s why people use backups. So that they have a backup when things go wrong.[/QUOTE]

STILL, there’s alway’s the possibility u have made a backup of infected system that u are not aware of at the time :rolleyes:!!

Best thing to do (me thinks) is to create an 256-bit aes encrypted backup from an FRESH installed system… →[B] BEFORE GOING FOR THE [U]FIRST TIME[/U] ONLINE/ Connecting to WWW express[/B]

And from Then on , making fresh incremental/differntial backups !!


#6

[QUOTE=Jannenba;2744962]STILL, there’s alway’s the possibility u have made a backup of infected system that u are not aware of at the time :rolleyes:!!

Best thing to do (me thinks) is to create an 256-bit aes encrypted backup from an FRESH installed system… →[B] BEFORE GOING FOR THE [U]FIRST TIME[/U] ONLINE/ Connecting to [WWW express](http://WWW express)[/B]

And from Then on , making fresh incremental/differntial backups !![/QUOTE]
and it could have frozen the BIOS lock, and wont let you boot with Acronis discs. Then your motherboard and your hard drive are unavailable.


#7

Provided the anti-VM and anti-emulation checks pass, the Cryptowall malware is decrypted and installed on the system

So,we can assume that SandBoxie ,Shadow Defender or virtualization enviroments can keep it dormant?
If that’s the case,the rubish would be gone after a reboot…


#8

[QUOTE=Mr. Belvedere;2744922]That’s why people use backups. So that they have a backup when things go wrong.[/QUOTE]

That only works if they remember to backup their files/datas they created if they don’t do that well they can expect the problem to be they/themselves for not doing so. In this day and age if you don’t backup will consider yourself a Ransom-ware target. We hear so much about this no one thinks oh it won’t be me…how wrong that is…

[QUOTE=Mr. Belvedere;2744960]Do note i typed “when” and not “if”.

It will go wrong. There is no cure against stupid mistakes, no matter how smart you are. There is only precaution.[/QUOTE]

True but then again doing some precautions ahead of time helps. Keeping A/V-Firewall uptodate helps. But I go one step farther…as others have seen me mention-I use a PC hosts edited file that prevents one from even going to such malicious sites to start with even if you click on it you get a empty page. And doing that for family computers helps those members out even more since now they can’t get more infected then they would otherwise. Nothing will stop the web or emailing click-a-thon but if that site is on the “Do-not-click” list PC hosts file it will block that page. That part of my remedy for this day and age. But another safety that I do for the PC hosts file is make it “Read-Only” attribute so that if you need to edit it or update the “Blocking Lists” you change to “Read” edit and save and change back to “Read-Only” copy back over to the PC hosts save location and start using again. As for the editing PC hosts file I have a location “Temp” folder that I copied the PC hosts to and that is where I do my editing and saves to the file then copy it back to the original location. I remember you can’t edit the hosts file were it runs from but you can do the “Temp” folder location edit and copy it from there to the location it resides and that works out. Alot of ranting here but once one gets the hang of this you will stop seeing ads/pops thus more prevention from clicking on something that could lead to Ransom-ware.


#9

[QUOTE=Jannenba;2744962]STILL, there’s alway’s the possibility u have made a backup of infected system that u are not aware of at the time :rolleyes:!!

Best thing to do (me thinks) is to create an 256-bit aes encrypted backup from an FRESH installed system… →[B] BEFORE GOING FOR THE [U]FIRST TIME[/U] ONLINE/ Connecting to [WWW express](http://WWW express)[/B]

And from Then on , making fresh incremental/differntial backups !![/QUOTE]

Usually infected system would already be to late for you and most likely won’t be able to do this options as it already locked you out of your system. But there are others out there creating solutions to combat the ransom-ware. If you have no data on there I would just use “if” you can the still Factory REcovery media and wipe clean the drive and hopefully start over…


#10

[QUOTE=alan1476;2744974]and it could have frozen the BIOS lock, and wont let you boot with Acronis discs. Then your motherboard and your hard drive are unavailable.[/QUOTE]
Most of the time I restore with Acronis I start it inside Windows.
The external hard drive I keep my backups on also has a seperate Acronis boot partition. So far this has never failed.
I usually access it with the F12 key but I can go into the BIOS boot order if I need to. I’ve never been locked out of the BIOS.


#11

[QUOTE=alan1476;2744974]and it could have frozen the BIOS lock, and wont let you boot with Acronis discs. Then your motherboard and your hard drive are unavailable.[/QUOTE]

Hehe… nothing that an fresh NEW bios chip can’t solve :bigsmile:
Or better yet, an Dual Bios chip feature :iagree:
I happen to have an spare bios chip for my board, and NON-solder too :clap:

Also, if you keep an → GOOD / CLEAN ← backup seperated from your system on an external device or better yet on an BD disc as ROM is [B][U][I]READ[/I][/U][/B] ONLY MEMORY (get it) … you can’t go wrong …
That golden RULE ↑ NEVER HAS FAILED for me and for my friends/family their system i had to wipe clean in the past …

Provided you do WIPE the HDD toroughly , bit by bit low-level format and what not…

cheers,


#12

[QUOTE=coolcolors;2744983]That only works if they remember to backup[/quote]No need for that for the first line of defense. You can automate backups, like for instance shadow copies which you can define in any windows operating system or automated synchronisations whenever a computer is connected to the internet.


#13

[QUOTE=Mr. Belvedere;2745439]No need for that for the first line of defense. You can automate backups, like for instance shadow copies which you can define in any windows operating system or automated synchronisations whenever a computer is connected to the internet.[/QUOTE]

Unfortunately for the savvy computer users yes…but for the masses…that is a they don’t know til it’s to late…


#14

[QUOTE=coolcolors;2745453]Unfortunately for the savvy computer users yes…but for the masses…that is a they don’t know til it’s to late…[/QUOTE]
That is why specialists still have a job. :bigsmile: