|
Quote: Are you backing up to a NAS? Nooooo!
A Ransom virus will encrypt all files on the network, especially files in servers or a NAS! Look what happened to the hospital in LA, who was forced to pay $17,000 to have files on their network unencrypted. You need to back up to an "air gap" device, that is only briefly connected to the network while the backup is being saved. That applies to backing up data files, as well as system drive images that are vital in case of an attack.
Get me coffee and no one gets hurt!
|
|
|
|
|
Air gap backups seem like a lot of trouble for my home since there really isn't much there that I couldn't go without and now they have malware designed to target 'air gapped' computers (Microtrend article). I guess the only way to prevent such attacks is not to become a target.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Quote: I guess the only way to prevent such attacks is not to become a target Obviously the choice is yours. Good luck
Get me coffee and no one gets hurt!
|
|
|
|
|
Unfortunately, C, I can't give you timing data, because I've never been daft enough to get infected in the first place!
[Ambles away, whistling the theme to Goldfinger)
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Quote: I've never been daft enough
Mark, Innocent websites that you trust may become infected through hacking. If you browse to such a trusted website, are your prepared for the consequences?
Get me coffee and no one gets hurt!
|
|
|
|
|
You'd probably be surprised at how few sites I visit (on my own machines -- on work machines, who gives a banana?. I mean, the Interwebs are only useful for knowledge that you don't already have, and that's mostly a curiosity thing (and curiosity kills computers)
The people who get hit by these viri are mostly facebookers and twatters. The rest of us aren't so dumb, so the scare stories don't apply to us.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Mark_Wallace wrote: Just use another machine while the "attacked" one is getting everything reinstalled and copied over, and you haven't lost a peanut.
This is an option at work but I only have one computer at home (and I've hand built the thing into a real monster). Since I really don't like being without a computer at home or have to wait for my work PC to be re-imaged, I take a few extra steps to prevent my machines from being infected due to someone else's unwillingness to filter their advertising content before presenting it to me. I know that this approach only filters out all the 3rd party ads and any ads 'native' to the website are still displayed.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Hell, you can save everything important to one or more SD cards or memory sticks.
These attackers can't follow back-up trails and locations, especially if it involves removable media.
Look carefully at what it is that makes your computer to be Your Computer, and get a back-up program to back it up while you're sleeping.
Formatting a drive and re-installing stuff is no great hardship. It's losing what's your own that's a pain, but that's easy to protect against.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
That's a good point. 64GB or higher flash drives are relatively inexpensive and you can plug them into one of the mobo's usb ports. I could easily fit local files onto one. I don't think ransomeware encrypts executable files or libraries yet so no need to back those up. Heck, I could just write a program myself to perform the backup.
if (Object.DividedByZero == true) { Universe.Implode(); }
Meus ratio ex fortis machina. Simplicitatis de formae ac munus. -Foothill, 2016
|
|
|
|
|
Re-imaging your systems drive may take 10 minutes and will completely get rid of the virus if done right. How does that compare with the time to re-install an entire operating system and all apps?
Get me coffee and no one gets hurt!
|
|
|
|
|
True, but re-imaging requires constant updates that consume actual resources every day (and quite a lot of them), for the few files that you actually need to be backed up. Its only advantage is that it backs up the OS.
Not giving a damn about the OS allows you to back-up a comparatively tiny amount of files, which consumes only petty system resources.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
For me, re-imaging is the way to go. However, I can do it in my sleep, so I don't see it as much of an obstacle. If you ever have a few spare moments, download and try imaging software like Macrium's Reflect or AOEMI Backupper Standard (all free). And see what it's all about. Good Luck!
Get me coffee and no one gets hurt!
|
|
|
|
|
The old Yahoo web client used to show the contents of a link when the mouse pointer was hovered over it. Very useful for spottig fake addresses. Sadly that doesn't seem to exist anymore.
I may not last forever but the mess I leave behind certainly will.
|
|
|
|
|
Had the exact e-mail before. A good metric to see what scanners are good is to upload the attachment to http://www.virustotal.com and see which scanners detect it. Neither MalwareBytes nor Symantec picked it up when I checked awhile ago.
modified 3-May-16 14:00pm.
|
|
|
|
|
The VirusTotal page does not exist!
Get me coffee and no one gets hurt!
|
|
|
|
|
Never posted a link here before. It did something like codeproject.com/virustotal.com
I changed the link to just be the full address that you can copy and paste.
|
|
|
|
|
OK, I reached the page by typing virustotal.com in the URL bar. Thanks for the reference! Your post deserves an upvote.
Get me coffee and no one gets hurt!
modified 3-May-16 15:18pm.
|
|
|
|
|
Um, clicking a button on a web-site that purports to tell you if a file is OK might not be a wise thing to do.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
From the about page:
VirusTotal, a subsidiary of Google, is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected by antivirus engines and website scanners. At the same time, it may be used as a means to detect false positives, i.e. innocuous resources detected as malicious by one or more scanners.
Nothing will ever detect 100% of the maliciousness out there but at least you can throw about 54 antivirus scanners (at the time of this writing) at a suspicious file.
|
|
|
|
|
Well, gosh, don't you have a filter in your e-mail whatever that is at least flagging these toxic billet-doux, routing them into a special folder (as in Chrome's 'Spam folder) ?
If I were ever crazy enough to open one of those '.doc files, or run some kind-a strange JavaScript, I suspect my Emsisoft software would catch them and warn me.
«There is a spectrum, from "clearly desirable behaviour," to "possibly dodgy behavior that still makes some sense," to "clearly undesirable behavior." We try to make the latter into warnings or, better, errors. But stuff that is in the middle category you don’t want to restrict unless there is a clear way to work around it.» Eric Lippert, May 14, 2008
|
|
|
|
|
I use Office 2010. It does not have the greatest spam filters. However my ISP does filter for spam. However, some messages still make it through to my inbox.
Get me coffee and no one gets hurt!
|
|
|
|
|
You are targeted by the US government
The reason only Avira and Kaspersky detect it, they are off shore.
|
|
|
|
|
My sister forwarded me an email with an attachment she couldn't open. Because it was from my sister, and I thought she was expecting it, of course I try to open it to see what it's about and what's wrong.
Thank goodness she reads her mails on her iDevice, and I similarly tried to open it on a Mac, so no damage, but she got a hot, sharp lecture on common sense and looking at email addresses to see where it originates from
The downloaded attachment was obfuscated, but some of the variable names still conveyed intent. If I had time/inclination, would've liked to try figure out what it actually does.
|
|
|
|
|
Cornelius Henning wrote: If I scan these obviously malicious messages with Defender and Malwarebytes, they come up clean!
AFAIK, that's because the attachments don't contain any malware. They just contain code that downloads the malware from somewhere on the interwebz, and then launch the downloaded file.
Your antivirus should pick up the downloaded file as malicious, but I wouldn't want to risk it.
"These people looked deep within my soul and assigned me a number based on the order in which I joined."
- Homer
|
|
|
|
|
I trust nobody; use a hex editor on everything.
|
|
|
|