Big Ransom ware problem!

Pay the ransom.

How much are they asking ? Might be cheaper to just screw it and buy a new 'puter. Unless those files and pics are of that much value to you.

Is this a windows machine ? They seem to be more susceptible to these kinds of things than Apple. Nobody I've talked to has a remedy for these bandits.

Man, sorry to hear this.
My understanding is also that the only choices are to pay, or recover from backup. If you want that data back, your only option is to pay if you don't have another backup somewhere.

I've also read that sometimes if you pay, they only give you a key to release a certain set of files, and you have to keep paying to get the rest. I think that's more for businesses and organizations though, not sure.

I know it doesn't help your case right now, but while on the subject, two recommendations to everyone moving forward

EMAIL RULES
I try to keep people informed on malware attacks. There are two rules for email that will help.

1. You know the person.
2. You are expecting the message with a link.

If you can't answer yes to both of those questions, don't click the link, period. There can be no exceptions. These guys are getting extremely clever with the social engineering.

BACKUP YOUR BACKUP AND KEEP IT OFFLINE
I just read about this infection spreading to accessible backups a few months ago. A real D move, but to them, it's business. We make adjustments to combat the attack vectors, and they adjust to skirt those protections. A single backup is no longer sufficient if it is always connected. Keep a second backup, completely disconnected from any other hardware when it is not in use. Be diligent about this. It is only connected to created that second backup, and then disconnected until the next time. Cloud backup is another option, but it should not be always accessible through a mapped drive, otherwise it can be compromised as well.

Really sorry man, but looks like your only option is to pay if you need that data.
If you go this route, I'd recommend getting your data back, back it up - just the data, not the computer - and then wipe and reinstall your OS. I can't be sure, and I haven't heard anything about cases of reinfection, but personally I'd feel more secure with a fresh load and a new set of usage rules so you don't get hit again. Wish I had more to offer, but that's all I know about this.

It is not enough to just keep your computers and security software up to date. It is still important to do so, however, zero day exploits are a real danger here - malware and viruses released and running rampant before the antivirus/antimalware community gets a sample to create the inoculation for distribution and then your subsequent update. Sports, news, entertainment, and political sites - those links you see on those pages are not owned by the host site. They typically go to other sites, which may be compromised. Suspect everything.

Sorry for your troubles D, but hopefully this can help you moving forward.

drumminman wrote: »

There's advice all over the place not to do that as it just encourages them, but no one seems to know how to recover the files.

Because of encryption on the files there is no way even for a business with lots of resources to get those files back without paying for the decryption key. A government agency may be able to recover from such an event, but the expense is usually not worth it. Safest thing to do is consider them gone and not broadcast your identity to the thief that you were snagged by their trap.

The next thing to consider is if you would trust that computer to not be affected more deeply. Quite often the ransom ware is packaged with other nasty things. Best advice I can give is to start over with a new computer, and in future disconnect any backup drive from it after doing a routine backup of valuable files.

Just to be safe, I would recommend changing passwords for any web sites you routinely visited on that computer through a login.

Sorry not to be able to suggest anything better.

Did you check with the NSA to see if they have a copy?

j/k

msg wrote: »

...personally I'd feel more secure with a fresh load and a new set of usage rules so you don't get hit again.

That's what she said.





But seriously, that really sucks! I got stung by this a while back, downloading a user's manual from some site I'd used previously without any problems. Talk about feeling like you are powerless! Couldn't bring myself to offer up the cash to such worthless cowards so I took my PC to my local IT guy and got it cleared up. No idea if I lost many/any files.

Good luck getting it worked out.

Sorry to hear, that really sucks. Personally, I have a backup laptop for my business, photos/documents are sync'd between the two. I also make regular backups to an external drive for all my machines, and that's kept offline. If you have important documents, and photos, then it might be worth paying the ransom.

So, does having your machine already encrypted prevent this?
BTW, if you do this, keep the key somewhere safe. If
something happens, you'll need it to recover your files.

Here is an idea..seems to work too..Get 400 million in Swiss Francs..bundle it all on pallets..put it on a private unmarked jet covertly at night,and land it while your hostages are waiting...you will have em back in no time,once your jet has landed!..

Just curious, how much are they demanding, and in what form? I've heard that they ask for prepaid Visa cards, I guess so there's no online account to be traced.

Or they'll claim that they were offering a trial of home-based PC encryption software, and you simply decided to pay for it, all nice and legal. I'm sure they've covered all the bases with regards to keeping themselves anonymous either way. Hope it all works out for you.

Don't know that there is much you can do. After my latest laptop debacle that cost me 15 yrs of data/pics/movies/etc; I have seriously weened myself down on the computer front. I just don't trust the crap anymore; at least when connected to a network. I've gone back to not automating so much, and being very careful when connected to the internet--and I'm a happier person for it. I'm now backing up regularly (I know, a little late now right?).

I really believe we have come to depend way too much on computers.

This is the reason I keep my photographs backed up in an external hard drive and a copy on DVDs. DVDs/Blu rays are cheap and will retain the data for a long time.

All the other data on my computers get backed up regularly on the external hard drive. Its the pictures that are most precious to me. Same goes for the documents. If you are writing a book/thesis, back them up on a DVD.

I am sorry it happened to you OP, but if you can digest the loss of data, just get a new hard drive and start fresh. May be implement a firewall at router level if you know where the hack came from. It doesnt prevent from future attacks if the hackers use bouncing IP addresses, but at least you can block a single or a range of IPs.
Also, I would get law enforcement involved. Even just a police report is better than nothing.
Good luck