A ransomware recovery routine from Sevenforums

[loninappleton]

Is there a ransom ware routine at Sevenforums?

I keep a backup disk and simply changed one out when it happened today.
But there was an audio message and some other screen telling me all the nasty things
they wanted to do to me.

The message returned at reboot and the whole system seemed captured and unsable. I wiped the disk with my backup as a clone job.

 

[RolandJS]

There is a forum concerning ransomware within BleepingComputers.com -- I recommend trying there. If you do, simply acknowledge in this thread that you are "moving" the problem over into bleepingcomputer.com

 

[Barman58]

Just to add to Roland's suggestion - Bleeping computer provide a totally free service which is highly tailored to a particular system, because of this please join and post asking for help with your issue. They will provide a solution for this issue only, not a "catchall" for all issue. Never follow instuctions given for another user's issue, even if it seems identical to your own, as this may lead to other major issues

They do of course have forum threads where recommended system usage policy is discussed and these areas may be most useful for planning how you go forward from here

 

[ThrashZone]

Hi,
More information might be nice
What security do you use is the first basic information plus what have you ever used ?
Where do you download stuff from and what is the last items you've downloaded ?

Scanners are a dime a dozen adwcleaner/ malwarebytes/... are usually the first couple to try.

 

[loninappleton]

That's a good suggestion. I'm joined at Bleeping already from other questions and they are a trusted site. It sounds like the only answer to this system takeover is one of those multiple step cleaning processes.

 

[RolandJS]

While viri and malware and spyware can very effectively be addressed and worked through between thread-starters and the many very fine techies in sevenforums, when I read ransomware, I knew that BC has one of the best ransomware forums found anywhere.

 

[loninappleton]

What is the specific Bleeping thread or is there one? I don't have nor can even use
an individual HD analysis since it's wiped.

 

[MoxieMomma]

Hi:

Bleepingcomputer has an entire sub-forum -- "Ransomware Help & Tech Support" -- devoted to ransomware.
The landscape changes daily, with new ransomware variants, new decryption methods, etc.
It's a highly complicated, specialized area of computer security and malware cleanup/mitigation.

A few general points -- for all intents and purposes, as a general explanation, your encrypted files are "toast", UNLESS:

• A decryption solution is devised or published; OR
• You have data backups on another, separate drive/device that was not encrypted; OR
• You pay the ransom.

The malware/ransomware usually removes itself from the affected machine once it has done its work. So, there is usually not much specific cleanup to do for the ransomware itself. However, it's possible that the other system may have other malware on it, too.

As such, it's probably worth seeking out expert, guided help with checking/cleaning the affected system.
But, depending on the particular ransomware variant, it may not be possible to recover the encrypted files at this time. Unless you have backup copies of the data files, they are pretty much "gone".

Some experts have recommended the following:

• Copying the affected, encrypted files to a separate USB EHD and holding that drive for a possible future decryption solution that may allow them to be recovered some time in the future; AND/OR
• Removing and saving the entire affected hard drive and replacing it with a brand new drive, new Windows install, etc. (you can hold the old drive for a possible future decryption solution, as mentioned above).

Needless to say, practicing safe computing practices in order to minimize the risk of ransomware infection in the first place is the best strategy.


HTH,
MM

 

[loninappleton]

On your last point about buying a new drive. Is it not enough to clone a drive from backup?

In the past I have used HDD Guru's programs for disk setup and utility.

I know of no better disk tools for refreshing a drive.

HDDGURU: Software: HDD diagnostics and recovery

And a thought occurred to me about SSD's. How is an SSD effected differently if at all from a ransom ware attack?

Also I did take a peek at Bleeping Computer. The ransom ware list is dauntingly long.


As to the source of the ransom ware it was in the process of simply clicking on a news item at a site. It's possible that news is submitted without careful scrutiny.

 

[ThrashZone]

Hi,
A lot of website are not monitored very well if at all except to add more content
Yahoo is a good example they didn't even monitor their own adds for corruption
email servers were always getting hacked....

If you ever click on a link it's always best to right click it and select open in new in-private window to minimize anything
But it's really up to your security to block attacks.
Panda free and mbam premium works well together that I've noticed

 

[loninappleton]

Opening in a separate window is a good tip though I don't know exactly what it accomplishes that is different. Plus it'd be hard to remember if not ingrained in my fingers.

If ransom ware only targets encrypted files, what if I am using no encryption tweaks? I don't and never have. I'm also lax on security as I find that less is better. I know that is contrarian, but the suspicion remains for me over the years, as with the Yahoo you mentioned, that any program monitoring of activity
can work both ways. I actively use Malwarebytes Anti Exploit-free version.