Cyber Extortion

[El Presidente]

It as a month ago that I came to the knowledge of an actual person I knew was faced with opening his computer on a Monday morning to be faced with a "Pay or Else" screen. He is in the medical profession. We were all shocked when we heard about it. 

The global events of the last couple of days shows that such acts of extortion are no longer "one off's". Thankfully we are unaffected but for all of the "news" on the event there was precious little information on what to actually do outside of "don't pay". 

The tech gifted can jump in here and shed some light. 

If affected (now or into the immediate future), what should a member do? 

Are there "fixes" to release the "encrypted files". 

For those with knowledge on the subject, in the calm light of day, what are the steps an affected member should take?

Good information on the subject is hard to find. Maybe some members here can help. 

 

 

[NSXCIGAR]

From what I understand and have read and heard from others who have had this happen, there's no escape. These programs are specifically designed to completely hijack the computer. Once in, it's fatal. There's no choice but to cough up the dough if you want your computer back, but the good news is that I've heard once the ransom is paid, they do release the computer back.

[Philc2001]

My wife had one infect her iPad last week. Pretty easy fix actually. Simply close the browser, go to settings, clear the cache and delete internet files. Presto... virus gone.


Sent from my iPhone using Tapatalk

[AndrewNR]

Heard one of the hospitals has lost their X-ray computers and something else too.

[El Presidente]

3 minutes ago, NSXCIGAR said:

From what I understand and have read and heard from others who have had this happen, there's no escape. These programs are specifically designed to completely hijack the computer. Once in, it's fatal. There's no choice but to cough up the dough if you want your computer back, but the good news is that I've heard once the ransom is paid, they do release the computer back.

The "experts" here in Oz are pushing the line "not to pay" in order not to support criminals. 

I was wondering why there was no "these are the things to do if affected". 

 

[JohnS]

I told my wife that my laptop is old and since I have a 3 Terabyte external back up drive that I'd simply throw away the laptop, if infected, and start again after getting a new laptop.

Sounds clever, but my problem is this. If someone has a 3TB ecternal back up solution, they're likely not to be affected on account of the fact that they'd have the latest Operating system updates, latest anti-virus and malware definitions and they wouldn't open up e-mails if they don't know the sender. 

Yep, that's me, and welcome to my catch-22!

[gweilgi]

Wait ... this isn't the thread to discuss 24:24 offerings?

I actually had this happen to me a couple of years ago.  Everything was frozen, except for a pop-up window with a demand to pay.  In the end, I looked up a cyber-security firm that offers 24-hour remote-access solutions and spent a couple of hundred quid (an a day of my life) for them to clean my PC.  It may be worthwhile to subscribe to such a service on general principle...

 

 

[gweilgi]

1 minute ago, JohnS said:

I told my wife that my laptop is old and since I have a 3 Terabyte external back up drive that I'd simply throw away the laptop, if infected, and start again after getting a new laptop.

Sounds clever, but my problem is this. If someone has a 3TB ecternal back up solution, they're likely not to be affected on account of the fact that they'd have the latest Operating system updates, latest anti-virus and malware definitions and they wouldn't open up e-mails if they don't know the sender. 

From what I have read, this latest virus does not require you to click on a link or open an attached file -- it is self-propagating.  Scary....

The other problem with your approach is that it really all depends on how often and when you backup your system.  If you are unlucky, you may find that you have automatically backed up and so infected the virus...

 

 

[kuma]

Very good well written story on the front  page of Sunday's New York Times on subject matter.

Cyberware has been going on now for almost 10/ 15 years.  Easy hacking, one reason being the old DNS file servers.

Made in the 1970's these servers are as old as dirt.  Hackers have more ways to get into these servers then

a tabac beetle getting into your cigar box shipping out of Kuba.  5 minutes to hack unsecured (not encrypted)

servers / anti software and 7 minutes to hack ssecured info (encrypted) either huge corporations or your home

computer.  weze in trouble mates.............

 

[rhcolbert]

I underwrite cyber liability insurance.  Not trying to peddle a product, but a good piece of mind for any biz and it's SUPER cheap right now.  

[oliverdst]

20 minutes ago, gweilgi said:

Wait ... this isn't the thread to discuss 24:24 offerings?

I actually had this happen to me a couple of years ago.  Everything was frozen, except for a pop-up window with a demand to pay.  In the end, I looked up a cyber-security firm that offers 24-hour remote-access solutions and spent a couple of hundred quid (an a day of my life) for them to clean my PC.  It may be worthwhile to subscribe to such a service on general principle...

 

 

Which cyber security firm?

[OZCUBAN]

I am not affected by this at this present time due to the fact it is a windows based issue ,having said that it is becoming an increasing issue world wide on all computing platforms, but some are safer than others .My advice is to update regularly Patches/updates,and to keep your operating system as up to date as you can.

Phishing is also a major issue nowadays as well, nearly fell for one last week after placing an add in gumtree, listen to your inner voice it seldom leads you astray ,and also if it sounds to good to be true it probably is ,and never open email attachments if you do not know or expect something from that sender.

The problem as i see it is in todays technological world the line between what is real and what is not is significantly blurred 

cheers all and happy cyber travels 

[DBNInc]

1 hour ago, El Presidente said:

The "experts" here in Oz are pushing the line "not to pay" in order not to support criminals. 

I was wondering why there was no "these are the things to do if affected". 

 

Likely because if someone who is a little less computer savvy clicks on the wrong part of the screen, or presses the wrong button, there is danger the virus will actually become a problem.  I open the task manger, force close the browsers and/or programs one at a time (to see which one was affected for future reference), then reset the computer after I clear the caches.  CCleaner is very good and the free version is plenty.

[Fuzz]

27 minutes ago, JohnS said:

I told my wife that my laptop is old and since I have a 3 Terabyte external back up drive that I'd simply throw away the laptop, if infected, and start again after getting a new laptop.

Sounds clever, but my problem is this. If someone has a 3TB ecternal back up solution, they're likely not to be affected on account of the fact that they'd have the latest Operating system updates, latest anti-virus and malware definitions and they wouldn't open up e-mails if they don't know the sender. 

Yep, that's me, and welcome to my catch-22!

 

24 minutes ago, gweilgi said:

From what I have read, this latest virus does not require you to click on a link or open an attached file -- it is self-propagating.  Scary....

The other problem with your approach is that it really all depends on how often and when you backup your system.  If you are unlucky, you may find that you have automatically backed up and so infected the virus...

 

 

Most of my important stuff is stored in cloud storage (I use both Dropbox and Onedrive, so one can backup the other if it fails), plus I manually backup to an external drive that is not always connected to my computer. If necessary, I can chuck my laptop and be up and running again in very little time.

[DBNInc]

The following is just my opinion.  I'm no expert, but I have had this happen to me and my friends a couple of times, and I researched it before I made any moves.

Majority of the time, it's not that a virus is in your system from the get go.  It's just a pop up with some basic code running in browsers and such that are being accessed when you click a link in a text, email, on a website, etc.  They're powerless on their own, other than disabling certain simple functions (like switching screens).  Mostly intended to scare you into giving money or further access to your computer. 

As far as avoidance:  Don't visit sketchy websites or click on links you don't need to.  Enable two-step authentication on legitimate sites you visit, have strong passwords (which are different for all sites and email accounts) and don't leave your computer on 24/7 to help mitigate the risks, but it happens to the best of us.  Happened on my iPhone 6 Plus once, that was a bit of a hassle to clear, but stay calm and find a way to close the browser window.  If you're not savvy, get a friend to do it.  Ignore time limits, the code likely isn't strong enough to do anything on its own.

Paying is definitely not the answer. Hell, they could use any access you give them, "to uninstall the virus" or whatever, to install an actual virus or back door into your system.  Then you have real problems!

Now, there are (very rare) times when you'll find you've actually been hacked.  In those instances, your data has already been stolen.  Probably all your passwords too, because they've had a key logger running on your system for who knows how long.  I still wouldn't pay, because I'm screwed either way.  YMMV

[BrightonCorgi]

I work in this realm and companies can prevent some of or minimize significantly the damage if they have the right posture towards cyber defense.  Relying on anti virus is not it.  Our company protects the crown jewels of 10 of the 12 largest patent holders in the world.  Encrypting files does not scare me, manipulating data without anyone knowing is far more scarier.  If someone could change your blood type on your medical records; that would not be good...

[MIKA27]

The US Government Fears Another Explosion Of The Ransomware Plague It Helped Create

As a second wave of the WannaCry Ransomware attack is infecting more systems in more countries, the White House has ordered emergency meetings to deal with a threat that is, in part, the NSA's fault. Experts believe that we may not even know the extent of how hard the attack hit Asia, and we won't know for some time.

WannaCry is believed to have originated from a set of hacking tools that were leaked online by a group of hackers known as the Shadow Brokers. One tool was a vulnerability in Windows that the NSA had kept secret from Microsoft in order to give themselves a back door when they needed it.

When the leaks occurred, Microsoft patched the vulnerability, but the events that kicked off on Friday demonstrated that many, many systems weren't up to date. At this point, 200,000 victims in 150 different countries are known to have been affected. The attackers have locked up users' data and are demanding between $US300 and $US600 for the encryption key.

The NSA is now partially responsible for the global havoc that has caused hospitals to turn away patients, manufacturing to shut down, ATMs to go dark, and long shifts for cybersecurity professionals. According to reports from multiple outlets, some of those cybersecurity professionals work for the U.S. Cyber Response Group that has been huddled with Homeland Security Adviser Tom Bossert all weekend.

The relatively new group now has the unenviable task of cleaning up the NSA's mess, and protecting systems in the U.S. from further attacks. So far, America has been pretty lucky, and infections here have been minimal. According to Politico:
 

Quote

 

The ransomware campaign — which has gone through at least two phases as researchers worked to halt its advance — mostly affected Europe and Asia. But at least two public universities in the United States have reported infections, according to a spokeswoman for a cyber-information-sharing organisation dedicated to state and local governments.

A DHS official told POLITICO late Friday that the malware had not yet infected U.S. government agencies and critical infrastructure organisations, such as hospitals and power plants.

 

But many experts are afraid the beginning of the new work week will bring more attacks and reveal ones that already existed that went unnoticed. Many workers in Asia had already finished their business for the day on Friday. It's possible that people could be heading into the office to find a nasty surprise. And despite the best efforts of a young security researcher in the U.K. who goes by MalwareTech, the temporarily halted ransomware has simply been altered and is being spread by copycats. "We are in the second wave," Matthieu Suiche of Comae Technologies, tells the New York Times. "As expected, the attackers have released new variants of the malware. We can surely expect more."

Microsoft even had to create a new patch for Windows XP, an operating system it hasn't supported since 2014. Today, the software giant released a statement that addressed their efforts to prevent issues like this and condemned the U.S. government's policies:

Quote

 

This attack provides yet another example of why the stockpiling of vulnerabilities by governments is such a problem. This is an emerging pattern in 2017. We have seen vulnerabilities stored by the CIA show up on WikiLeaks, and now this vulnerability stolen from the NSA has affected customers around the world. Repeatedly, exploits in the hands of governments have leaked into the public domain and caused widespread damage. An equivalent scenario with conventional weapons would be the U.S. military having some of its Tomahawk missiles stolen. And this most recent attack represents a completely unintended but disconcerting link between the two most serious forms of cybersecurity threats in the world today — nation-state action and organised criminal action.

The governments of the world should treat this attack as a wake-up call.

 

Outside of the damage being done by blocking access to essential services, financial repercussions, and productivity slowdowns, this is an international incident that is likely causing diplomatic rifts with our allies. New cybersecurity policies should find a way to work with companies to coordinate intelligence about vulnerabilities. It's just so obviously in our own interest to do so.
 

[SirVantes]

SPECTRE lives. Activate the double-ohs. 

[MaxG]

I love how Microsoft blames NSA for finding yet another hole in Microsoft's swiss cheese of an operating system. 

- MG 

 

[Dougthesnail]

From my experience this sort of ransomware is the nastiest since it encrypts your files, rendering your pc useless. You can re-boot your device in safe mode, but doing so may cause deletion of the files by the malware. The only real way to get around it is by backing up files through an external hdd, or through the cloud.

[LLC]

My work computer is a PC and I when I turned it on this morning it had 8 new updates to do. Took longer than normal so likely related to all this. In general I've been seeing more updates in the last couple of weeks.

Between keeping it updated, having back ups of just the data and not clicking on links I don't trust I think that is as much as I can do.

Great idea to start this topic Rob.


Sent from my iPhone using Tapatalk

[scap99]

1 hour ago, LLC said:

My work computer is a PC and I when I turned it on this morning it had 8 new updates to do. Took longer than normal so likely related to all this. In general I've been seeing more updates in the last couple of weeks.

Between keeping it updated, having back ups of just the data and not clicking on links I don't trust I think that is as much as I can do.

Great idea to start this topic Rob.


Sent from my iPhone using Tapatalk

I had 9 waiting for me.

Almost 400 MB of updates, and all were security related.

 

I'd much rather run a Linux or Mac, but too much of our factory supplied software used for work is still locally installed, so we are forced to PC.  Once it all moves to web based, we should be able to use safer platforms.

[dageshi]

I'm a programmer and have essentially been in the IT industry in various capacities for about 15 years now. The only real solution to this problem is backups. Make backups consistently and regularly, preferably automate them, do this and in the event that your machine gets infected by malware of this nature you can fallback to your backups to retrieve your data.

There is no other guaranteed way around getting out of this situation.

[Winchester21]

I have a friend who worked for a major defense contractor who was a customer of mine back before I retired. He was having problems with a supervisor and had a pretty good idea that he was getting the axe. He planted a worm in the system which had his x boss pictured/photoshopped into the most disgusting pictures that one could imagine. These pics would pop up at random throughout computers across the country within the corporate structure at random. They were never able to prove anything and it literally took months to remove the offensive material from the system. Talk about payback. A short conversation with this guy would scare the living hell out of you. The hackers are so good these days that nothing is safe. It is a matter of time before some idiot computer genius pulls some kind of crap with catastrophic consequences. Personally, I keep next to no personal info on my phones or laptops. No banking, no credit info, no resume, nothing. I go to no questionable sites and other than amazon and a few cigar vendors, nobody has my CC numbers. If the get mine, no big deal

[Siberian Bear]

17 hours ago, Fuzz said:

Most of my important stuff is stored in cloud storage (I use both Dropbox and Onedrive, so one can backup the other if it fails), plus I manually backup to an external drive that is not always connected to my computer. If necessary, I can chuck my laptop and be up and running again in very little time.

I'm an IT guy and we had an incident at the office when one of our employees complained she had a ransomware on her Windows phone. It was synced to OneDrive as well so encrypted files were synced to the cloud. She also had a laptop with OneDrive client which thankfully wasn't on at the moment. Long story short, the phone is bricked, OneDrive cloud files encrypted and the only solution to recover the files was to delete encrypted files in OneDrive and re-sync a copy from the laptop. Moral - don't always rely on the cloud, it can be infected as well. Good thing you keep an external HDD (besides OneDrive I have 2 external drives and one NAS in Raid 1 for backups at home).

I can't stress it enough everyone, don't just do the backups but keep MULTIPLE copies of backups, you never know when something bad happens and what media will be affected. There is no 100% cure for malware or ransomware, the best fix is to restore from a most recent backup. Don't just backup your pictures and mp3 files, do a full System Restore backup if you are on Windows: https://en.wikipedia.org/wiki/System_Restore