If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Locky Ransomware??
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. Its her fault because she opened that nasty Invoice doc file.
I tried bleeping computer removal instructions: http://www.bleepingcomputer.com/news...etwork-shares/ and this removal guide: http://manual-removal.com/locky-files/ . Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble is that none of them can decrypt files, only delete all infected files. Someone encountered such a problem? And my advice how not to be infected with locky ransomwa 1)You must keep backups of all your important information somewhere other then on the computer you are backing up. 2)It is forbidden to open word files from anyone who you don't know in advance is sending you a word file. |
Ads |
#2
|
|||
|
|||
Locky Ransomware??
son1c wrote:
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. Its her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/zy3x7wo and this removal guide: http://manual-removal.com/locky-files/ . Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble is that none of them can decrypt files, only delete all infected files. Someone encountered such a problem? And my advice how not to be infected with locky ransomwa 1)You must keep backups of all your important information somewhere other then on the computer you are backing up. 2)It is forbidden to open word files from anyone who you don't know in advance is sending you a word file. As of Thursday, there is a zero-day Adobe Flash exploit for delivering ransomware. Your (1) and (2) quaint attempts to stop the ransomware, are not enough. The ransomware is now using browser exploits (Flash Plugin) to get in. I recommend backups to a disk you normally keep disconnected from the computer, as a partial form of insurance. That's about the best we've got right now. The only way to guarantee you won't get ransomed, is to disconnect from the Internet. That would help a lot. A backup of your disks, will give you a way to restore the encrypted files, without paying any bitcoins. As the ransomware becomes more sophisticated, this will not be enough. And I'm not going to make any public statements about clever approaches the black hats could use to make things worse :-( They're doing a good job without any assistance from me. If you use backup software with "incremental" backup capability, that reduces the time spent each day doing backups. When a backup run is completed, use "Safely Remove" from the bottom right corner in Windows, to unmount the disk. Then power off the disk and disconnect it, before starting the "dangerous" phase of daily usage (opening email attachments, viewing cat videos using Adobe Flash). While some early ransomware, the C&C server was taken over by the good guys, and the encryption keys recovered, that sort of thing doesn't happen any more. If something is encrypted, it's going to stay encrypted. Backups are your only option. AV programs cannot help against zero-day exploits. If a new exploit comes along, it takes time for the AV programs to add heuristics, or use Software Restriction Policy to block something. And then you're vulnerable until the AV is updated. Paul |
#3
|
|||
|
|||
Locky Ransomware??
On Sat, 9 Apr 2016 12:37:07 +0100, son1c
wrote: And my advice how not to be infected with locky ransomwa 2)It is forbidden to open word files from anyone who you don't know in advance is sending you a word file. You often see advice not to open attachments (it's not limited to Word files; it's for all attachments) from people you don't know. I think that that's one of the most dangerous pieces of advice you see around, because it implies that it's safe to do the opposite--open attachments from friends and relatives. But many viruses (and other kinds of malware) spread by sending themselves to everyone in the infected party's address book, so attachments received from friends are perhaps the *most* risky to open. Even if the attachment legitimately comes from a friend, it can contain a virus. I'm not suggesting that a friend is likely to send you a virus on purpose, but if the friend is infected without realizing it, any attachment he sends you is likely to also be infected. |
#4
|
|||
|
|||
Locky Ransomware??
On 04/09/2016 06:37 AM, son1c wrote:
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. Its her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/zy3x7wo and this removal guide: http://manual-removal.com/locky-files/ . Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble is that none of them can decrypt files, only delete all infected files. Someone encountered such a problem? And my advice how not to be infected with locky ransomwa 1)You must keep backups of all your important information somewhere other then on the computer you are backing up. 2)It is forbidden to open word files from anyone who you don't know in advance is sending you a word file. Found this, don't know if it will help http://howtoremove.guide/locky-virus...-file-removal/ |
#5
|
|||
|
|||
Locky Ransomware??
On 04/09/2016 02:00 PM, philo wrote:
add'l info: http://www.2-spyware.com/remove-locky-ransomware.html/2 |
#6
|
|||
|
|||
Quote:
|
#7
|
|||
|
|||
Locky Ransomware??
son1c wrote on 04/09/2016 07:37 ET :
Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. Its her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/zy3x7wo and this removal guide: http://manual-removal.com/locky-files/ . Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble is that none of them can decrypt files, only delete all infected files. Someone encountered such a problem? And my advice how not to be infected with locky ransomwa 1)You must keep backups of all your important information somewhere other then on the computer you are backing up. 2)It is forbidden to open word files from anyone who you don't know in advance is sending you a word file. son1c Backup your files and try doing system restore to see if it works. By the way, i found this manual guide showing steps to how to backup files and give some information about locky ransom. Check this to see if this can give you some help. http://www.fastremovevirus.com/remov...y-from-pc.html |
#8
|
|||
|
|||
Locky Ransomware??
pubby wrote:
son1c wrote on 04/09/2016 07:37 ET : Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. Its her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/zy3x7wo and this removal guide: http://manual-removal.com/locky-files/ . Also I used Free Bitdefender Crypto-Ransomware Vaccine, but the trouble is that none of them can decrypt files, only delete all infected files. Someone encountered such a problem? And my advice how not to be infected with locky ransomwa 1)You must keep backups of all your important information somewhere other then on the computer you are backing up. 2)It is forbidden to open word files from anyone who you don't know in advance is sending you a word file. son1c Backup your files and try doing system restore to see if it works. By the way, i found this manual guide showing steps to how to backup files and give some information about locky ransom. Check this to see if this can give you some help. http://www.fastremovevirus.com/remov...y-from-pc.html What's the first thing any malware attacks ? System Restore. System Restore is great for non-malware recovery, not so useful for other purposes. Only a system backup is suitable for (half a chance at) recovery. And even then, you have to be lucky for your system backup to not also get hit. As a side effect of restoring the entire disk from backup, the disk is cleaned for you. The latest "theory" comes from Cisco, who propose the next wave of ransomware will be delivered by "worm". Something we haven't seen for some time. Worm allows machine to machine transmission. Meaning, that file share you set up on the other machine, to hold your backup, just got hit too. "Remove-locky" is not the issue. The issue is what to do with a pile of encrypted files you now have on your disk. Blowing them away and restoring from backup, sounds like a method anyone can use without a computer science degree. Paul |
#9
|
|||
|
|||
Locky Ransomware??
In article
son1c wrote: Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. Its her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/[DELETED] and this removal guide: It's the land mine of URL shorterners like you posted that give access to all types of malware. We need more boneheads posting tripe like that. |
#10
|
|||
|
|||
Locky Ransomware??
On Thu, 14 Apr 2016 20:28:52 +0200 (CEST), Nomen Nescio
wrote: In article son1c wrote: Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. Its her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/[DELETED] and this removal guide: It's the land mine of URL shorterners like you posted that give access to all types of malware. We need more boneheads posting tripe like that. Christ, Nomen you act like an jerk in every group to which you post. Get yourself some Preparation H and smear it all over your body, you are one giant hemorrhoid. |
#11
|
|||
|
|||
Locky Ransomware??
"Nomen Nescio" wrote in message ... In article son1c wrote: Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. It's her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/[DELETED] and this removal guide: It's the land mine of URL shorterners like you posted that give access to all types of malware. We need more boneheads posting tripe like that. If you copy the link and put 'preview' between '//' and 'tinyurl', you'll be able to see where the destination is before it actually goes there. I always use the 'preview' mode when creating tinyurl links so people can see where they are being led, unless the original link is a short one :-) -- SC Tom |
#12
|
|||
|
|||
Locky Ransomware??
In article
"SC Tom" wrote: "Nomen Nescio" wrote in message ... In article son1c wrote: Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. It's her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/[DELETED] and this removal guide: It's the land mine of URL shorterners like you posted that give access to all types of malware. We need more boneheads posting tripe like that. If you copy the link and put 'preview' between '//' and 'tinyurl', you'll be able to see where the destination is before it actually goes there. I always use the 'preview' mode when creating tinyurl links so people can see where they are being led, unless the original link is a short one :-) -- SC Tom Yet few people know to do that, and it doesn'y work with all shortened url sites. And there's really little need for shortened urls nowadays. Before I go through all the gymnatics to preview a short link, I'll just skip over it entirely. What waa originally viewed as a convenience, has turned out to be quite the opposite. OTOH those that post full links would do well to remove all the nonessential referrer and modifier characteristics, making the long link far more manageable. |
#13
|
|||
|
|||
Locky Ransomware??
On Fri, 15 Apr 2016 18:10:32 +0200 (CEST), Nomen Nescio
wrote: In article "SC Tom" wrote: "Nomen Nescio" wrote in message ... In article son1c wrote: Hi all! My sister laptop (Windows 8.1) is infected with locky virus that encrypted all sensitive data and now it demands 0,5 bitcoins to decrypt files. It's her fault because she opened that nasty Invoice doc file. I tried bleeping computer removal instructions: http://tinyurl.com/[DELETED] and this removal guide: It's the land mine of URL shorterners like you posted that give access to all types of malware. We need more boneheads posting tripe like that. If you copy the link and put 'preview' between '//' and 'tinyurl', you'll be able to see where the destination is before it actually goes there. I always use the 'preview' mode when creating tinyurl links so people can see where they are being led, unless the original link is a short one :-) -- SC Tom Yet few people know to do that, and it doesn'y work with all shortened url sites. And there's really little need for shortened urls nowadays. Before I go through all the gymnatics to preview a short link, I'll just skip over it entirely. What waa originally viewed as a convenience, has turned out to be quite the opposite. OTOH those that post full links would do well to remove all the nonessential referrer and modifier characteristics, making the long link far more manageable. If only everyone on Usenet would do and say what you want...... ahh the perfect world of Nomen..... |
#14
|
|||
|
|||
Locky Ransomware??
I am doing backups with Acronis, but you can use any other software with
incremental backup support. I think Paragon is free for home users. After backup is created, I burn it on dvd and put aside. So, 2 copies exist, one on my hard drive (so far, ransomware do not attack .tib archives) and second is on my dvd. Do not use cloud backup, best is cold storage (dvd, blue ray, external hdds, etc). -- .... Vladimir Vučićević aka. Bachi ~~~ www.bachi.in.rs Skype: don_vucicevic It's nice to be important, but it's more important to be nice... |
#15
|
|||
|
|||
Locky Ransomware??
Per son1c:
Someone encountered such a problem? And my advice how not to be infected with locky ransomwa 1)You must keep backups of all your important information somewhere other then on the computer you are backing up. 2)It is forbidden to open word files from anyone who you don't know in advance is sending you a word file. 3) Learn to keep data in one place - separate from the System. 4) Back up data to a series of external devices that are disconnected when not being backed up to. At least 3 devices.... I currently use 5. -- Pete Cresswell |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|