Locky Ransomware??

Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. It’s her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions: http://www.bleepingcomputer.com/news...etwork-shares/ and this removal guide: http://manual-removal.com/locky-files/ .
Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble is that none of them can decrypt files, only delete all infected files.
Someone encountered such a problem?
And my advice how not to be infected with locky ransomwa
1)You must keep backups of all your important information somewhere other then on the computer you are backing up.
2)It is forbidden to open word files from anyone who you don't know in advance is sending you a word file.

son1c wrote:
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It’s her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/zy3x7wo and this removal guide:
http://manual-removal.com/locky-files/ .
Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble
is that none of them can decrypt files, only delete all infected files.

Someone encountered such a problem?
And my advice how not to be infected with locky ransomwa
1)You must keep backups of all your important information somewhere
other then on the computer you are backing up.
2)It is forbidden to open word files from anyone who you don't know in
advance is sending you a word file.

As of Thursday, there is a zero-day Adobe Flash exploit
for delivering ransomware. Your (1) and (2) quaint attempts
to stop the ransomware, are not enough. The ransomware is
now using browser exploits (Flash Plugin) to get in.

I recommend backups to a disk you normally keep disconnected
from the computer, as a partial form of insurance. That's about
the best we've got right now. The only way to guarantee you
won't get ransomed, is to disconnect from the Internet.
That would help a lot.

A backup of your disks, will give you a way to restore the
encrypted files, without paying any bitcoins. As the ransomware
becomes more sophisticated, this will not be enough. And I'm not
going to make any public statements about clever approaches
the black hats could use to make things worse :-( They're doing
a good job without any assistance from me.

If you use backup software with "incremental" backup capability,
that reduces the time spent each day doing backups.

When a backup run is completed, use "Safely Remove" from the bottom
right corner in Windows, to unmount the disk. Then power off the
disk and disconnect it, before starting the "dangerous" phase of
daily usage (opening email attachments, viewing cat videos
using Adobe Flash).

While some early ransomware, the C&C server was taken over by the
good guys, and the encryption keys recovered, that sort of thing
doesn't happen any more. If something is encrypted, it's going to
stay encrypted. Backups are your only option.

AV programs cannot help against zero-day exploits. If a new
exploit comes along, it takes time for the AV programs to add
heuristics, or use Software Restriction Policy to block something.
And then you're vulnerable until the AV is updated.

Paul

On Sat, 9 Apr 2016 12:37:07 +0100, son1c
wrote:

And my advice how not to be infected with locky ransomwa

2)It is forbidden to open word files from anyone who you don't know in
advance is sending you a word file.



You often see advice not to open attachments (it's not limited to Word
files; it's for all attachments) from people you don't know. I think
that that's one of the most dangerous pieces of advice you see around,
because it implies that it's safe to do the opposite--open attachments
from friends and relatives. But many viruses (and other kinds of
malware) spread by sending themselves to everyone in the infected
party's address book, so attachments received from friends are perhaps
the *most* risky to open.

Even if the attachment legitimately comes from a friend, it can
contain a virus. I'm not suggesting that a friend is likely to send
you a virus on purpose, but if the friend is infected without
realizing it, any attachment he sends you is likely to also be
infected.

On 04/09/2016 06:37 AM, son1c wrote:
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It’s her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/zy3x7wo and this removal guide:
http://manual-removal.com/locky-files/ .
Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble
is that none of them can decrypt files, only delete all infected files.

Someone encountered such a problem?
And my advice how not to be infected with locky ransomwa
1)You must keep backups of all your important information somewhere
other then on the computer you are backing up.
2)It is forbidden to open word files from anyone who you don't know in
advance is sending you a word file.







Found this, don't know if it will help


http://howtoremove.guide/locky-virus...-file-removal/

On 04/09/2016 02:00 PM, philo wrote:



add'l info:



http://www.2-spyware.com/remove-locky-ransomware.html/2

Quote:

Originally Posted by Paul

son1c wrote:
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It’s her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/zy3x7wo and this removal guide:
http://manual-removal.com/locky-files/ .
Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble
is that none of them can decrypt files, only delete all infected files.

Someone encountered such a problem?
And my advice how not to be infected with locky ransomwa
1)You must keep backups of all your important information somewhere
other then on the computer you are backing up.
2)It is forbidden to open word files from anyone who you don't know in
advance is sending you a word file.

As of Thursday, there is a zero-day Adobe Flash exploit
for delivering ransomware. Your (1) and (2) quaint attempts
to stop the ransomware, are not enough. The ransomware is
now using browser exploits (Flash Plugin) to get in.

I recommend backups to a disk you normally keep disconnected
from the computer, as a partial form of insurance. That's about
the best we've got right now. The only way to guarantee you
won't get ransomed, is to disconnect from the Internet.
That would help a lot.

A backup of your disks, will give you a way to restore the
encrypted files, without paying any bitcoins. As the ransomware
becomes more sophisticated, this will not be enough. And I'm not
going to make any public statements about clever approaches
the black hats could use to make things worse :-( They're doing
a good job without any assistance from me.

If you use backup software with "incremental" backup capability,
that reduces the time spent each day doing backups.

When a backup run is completed, use "Safely Remove" from the bottom
right corner in Windows, to unmount the disk. Then power off the
disk and disconnect it, before starting the "dangerous" phase of
daily usage (opening email attachments, viewing cat videos
using Adobe Flash).

While some early ransomware, the C&C server was taken over by the
good guys, and the encryption keys recovered, that sort of thing
doesn't happen any more. If something is encrypted, it's going to
stay encrypted. Backups are your only option.

AV programs cannot help against zero-day exploits. If a new
exploit comes along, it takes time for the AV programs to add
heuristics, or use Software Restriction Policy to block something.
And then you're vulnerable until the AV is updated.

Paul

Thanks, your information is new for me!

son1c wrote on 04/09/2016 07:37 ET :
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It’s her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/zy3x7wo and this removal guide:
http://manual-removal.com/locky-files/ .
Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble
is that none of them can decrypt files, only delete all infected files.

Someone encountered such a problem?
And my advice how not to be infected with locky ransomwa
1)You must keep backups of all your important information somewhere
other then on the computer you are backing up.
2)It is forbidden to open word files from anyone who you don't know in
advance is sending you a word file.




son1c

Backup your files and try doing system restore to see if it works. By the way,
i
found this manual guide showing steps to how to backup files and give some
information about locky ransom. Check this to see if this can give you some
help.
http://www.fastremovevirus.com/remov...y-from-pc.html

pubby wrote:
son1c wrote on 04/09/2016 07:37 ET :
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It’s her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/zy3x7wo and this removal guide:
http://manual-removal.com/locky-files/ .
Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble
is that none of them can decrypt files, only delete all infected files.

Someone encountered such a problem?
And my advice how not to be infected with locky ransomwa
1)You must keep backups of all your important information somewhere
other then on the computer you are backing up.
2)It is forbidden to open word files from anyone who you don't know in
advance is sending you a word file.




son1c

Backup your files and try doing system restore to see if it works. By the way,
i
found this manual guide showing steps to how to backup files and give some
information about locky ransom. Check this to see if this can give you some
help.
http://www.fastremovevirus.com/remov...y-from-pc.html

What's the first thing any malware attacks ? System Restore.
System Restore is great for non-malware recovery, not
so useful for other purposes.

Only a system backup is suitable for (half a chance at) recovery.
And even then, you have to be lucky for your system backup
to not also get hit.

As a side effect of restoring the entire disk from
backup, the disk is cleaned for you.

The latest "theory" comes from Cisco, who propose
the next wave of ransomware will be delivered
by "worm". Something we haven't seen for some
time. Worm allows machine to machine transmission.
Meaning, that file share you set up on the other
machine, to hold your backup, just got hit too.

"Remove-locky" is not the issue. The issue is
what to do with a pile of encrypted files you
now have on your disk. Blowing them away and
restoring from backup, sounds like a method anyone
can use without a computer science degree.

Paul

In article
son1c wrote:


Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It’s her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/[DELETED] and this removal guide:

It's the land mine of URL shorterners like you posted that give
access to all types of malware.

We need more boneheads posting tripe like that.

On Thu, 14 Apr 2016 20:28:52 +0200 (CEST), Nomen Nescio
wrote:

In article
son1c wrote:


Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It’s her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/[DELETED] and this removal guide:

It's the land mine of URL shorterners like you posted that give
access to all types of malware.

We need more boneheads posting tripe like that.

Christ, Nomen you act like an jerk in every group to which you post.
Get yourself some Preparation H and smear it all over your body, you
are one giant hemorrhoid.

"Nomen Nescio" wrote in message
...
In article
son1c wrote:


Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It's her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/[DELETED] and this removal guide:

It's the land mine of URL shorterners like you posted that give
access to all types of malware.

We need more boneheads posting tripe like that.


If you copy the link and put 'preview' between '//' and 'tinyurl', you'll be
able to see where the destination is before it actually goes there. I always
use the 'preview' mode when creating tinyurl links so people can see where
they are being led, unless the original link is a short one :-)
--

SC Tom

In article
"SC Tom" wrote:



"Nomen Nescio" wrote in message
...
In article
son1c wrote:


Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It's her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/[DELETED] and this removal guide:

It's the land mine of URL shorterners like you posted that give
access to all types of malware.

We need more boneheads posting tripe like that.


If you copy the link and put 'preview' between '//' and 'tinyurl', you'll be
able to see where the destination is before it actually goes there. I always
use the 'preview' mode when creating tinyurl links so people can see where
they are being led, unless the original link is a short one :-)
--

SC Tom

Yet few people know to do that, and it doesn'y work with all
shortened url sites. And there's really little need for shortened
urls nowadays. Before I go through all the gymnatics to preview a
short link, I'll just skip over it entirely. What waa originally
viewed as a convenience, has turned out to be quite the opposite.

OTOH those that post full links would do well to remove all the
nonessential referrer and modifier characteristics, making the long
link far more manageable.

On Fri, 15 Apr 2016 18:10:32 +0200 (CEST), Nomen Nescio
wrote:

In article
"SC Tom" wrote:



"Nomen Nescio" wrote in message
...
In article
son1c wrote:


Hi all! My sister laptop (Windows 8.1) is infected with locky virus that
encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt
files. It's her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions:
http://tinyurl.com/[DELETED] and this removal guide:

It's the land mine of URL shorterners like you posted that give
access to all types of malware.

We need more boneheads posting tripe like that.


If you copy the link and put 'preview' between '//' and 'tinyurl', you'll be
able to see where the destination is before it actually goes there. I always
use the 'preview' mode when creating tinyurl links so people can see where
they are being led, unless the original link is a short one :-)
--

SC Tom

Yet few people know to do that, and it doesn'y work with all
shortened url sites. And there's really little need for shortened
urls nowadays. Before I go through all the gymnatics to preview a
short link, I'll just skip over it entirely. What waa originally
viewed as a convenience, has turned out to be quite the opposite.

OTOH those that post full links would do well to remove all the
nonessential referrer and modifier characteristics, making the long
link far more manageable.

If only everyone on Usenet would do and say what you want...... ahh
the perfect world of Nomen.....

I am doing backups with Acronis, but you can use any other software with
incremental backup support. I think Paragon is free for home users.

After backup is created, I burn it on dvd and put aside. So, 2 copies
exist, one on my hard drive (so far, ransomware do not attack .tib
archives) and second is on my dvd.

Do not use cloud backup, best is cold storage (dvd, blue ray, external
hdds, etc).

--
.... Vladimir Vu�ićević aka. Bachi
~~~ www.bachi.in.rs Skype: don_vucicevic
It's nice to be important, but it's more important to be nice...

Per son1c:
Someone encountered such a problem?
And my advice how not to be infected with locky ransomwa
1)You must keep backups of all your important information somewhere
other then on the computer you are backing up.
2)It is forbidden to open word files from anyone who you don't know in
advance is sending you a word file.

3) Learn to keep data in one place - separate from the System.

4) Back up data to a series of external devices that are
disconnected when not being backed up to. At least 3
devices.... I currently use 5.
--
Pete Cresswell