⚠ Keep Safe From Ransomware Outbreak ⚠

blacxarea · Jul 17, 2021

When I write this thread, It's been day 3 I tried to help a friend to save his files because of ransomware attack.
Now his US$ 5,000 machine is just a pile of useless junk because his data from 5 years of work are encrypted.
I contacted about 10 antivirus companies too seek for help, but the new variant of the ransomware that attacked
the machine still doesn't have a decrypter yet. I've managed to safe some data from drive C with Shadow Copy,
but the other drives (D-G) just shortly locked.

Please be more careful, everyone. KEEP SAFE when you're online.
The machine that I tried to save attacked by GUJD variant of STOP DJVU ransomware.

jimbo45 · Jul 17, 2021

Hi folks

@blacxarea

Paranoia again probably from the A/V industry who are pushing their products. For most people on HOME computers Windows Defender is more than adequate - scamming is more likely than virus attacks or even ransomware which is very unlikely to happen on HOME / domestic computers.

If you take regular clean backups -- all you have to do on any Ransomware attack simply is :

1) Shutdown machine IMMEDIATELY -- disconnect power -- hard power off - don't use Windows shutdown or anything like that.

2) disconnect computer immediately from Internet -- if it's on Wifi switch off router / cable box as well.

3) disconnect all peripherals.

4) now insert bootable "bare metal restore" medium - Macrium free is good, and your last known good system image.

5) restore system.

6) boot restored system

7) test if OK -- if ok THEN re-enable Internet from router and re-connect computer to Internet.

Job simply and easily done probably withn 15 - 20 mins at most. -- no need to panic or employ loads of expensive I.T contractors or those hideous help desks at the other side of the planet.

So again "AD NAUSEAM -- in caps intended ALWAYS TAKE REGULAR BACKUPS.

I remember someone calling out of the blue with some type of I suspect "Indian" type accent saying there's something wrong with your windows -- (even though I was - and usally am) on a Linux system at the time !!

So all I said was -- My windows are triple glazed , have excellent security locks and am using those that have been passed and recommended by the Police so I think you must have the wrong number !!!!!.

Cheers
jimbo

blacxarea · Jul 17, 2021

What just happened to my friend's PC now makes me more careful and doing those backup regularly.
In case some unknown file trying to lock my data, I will always have a safe backup to restore.

jimbo45 · Jul 17, 2021

blacxarea said:
What just happened to my friend's PC now makes me more careful and doing those backup regularly.
In case some unknown file trying to lock my data, I will always have a safe backup to restore.

Hi there
always better safe than sorry -- can't help with friend s computer but I really can't understand how that much research (5 years) wasn't backed up somewhere !!!!.

Anyway glad you are going to have backups available -- these days often user data is more valuable than the hardware !!! - just be aware of scams, don't give out too much info on social media sites, watch out for fake websites, email especially with attachments from unknown sources and obvious scams like "Tax refunds etc" or "get rich quick" stuff and if you use torrents always download the actual file e.g mp4 / mkv/mp3 etc - never use the .rar, .zip or compressed files as those might well have nasty payloads in them.

Cheers
jimbo

blacxarea · Jul 17, 2021

He never created any backup because he just don't know how. Could be my other homework to teach him, he's quite new about internet and online things, and he was too excited to see FREE DOWNLOAD almost everywhere, and the lack of language (He's not speak English) made him simply CLICK on any download button from websites.

Haydon · Jul 17, 2021

I think a simple solution is to have 2 backups that are normally disconnected, e.g. 2 external drives that are normally powered down or normally unplugged from the computer. Use backup software that can only do one backup at a time, so that the 2 external drives are never connected to the computer at the same time.

The human has become the weakest link since long. The above is a simple way to protect the human from himself, so to speak, although this protection method has of course its own limits.

In the OP, it is unfortunate (and unusual) that all drives C to G were apparently connected to the CPU all the time. In the 5 years, did the friend never felt the urge to consolidate his 5 drives? Just like you would consolidate 5 filing cabinets in the olden days, not even thinking security, just plain organization, so you can find your own data that you created a month ago.

blacxarea · Jul 17, 2021

Haydon said:
I think a simple solution is to have 2 backups that are normally disconnected, e.g. 2 external drives that are normally powered down or normally unplugged from the computer. Use backup software that can only do one backup at a time, so that the 2 external drives are never connected to the computer at the same time.

The human has become the weakest link since long. The above is a simple way to protect the human from himself, so to speak, although this protection method has of course its own limits.

In the OP, it is unfortunate (and unusual) that all drives C to G were apparently connected to the CPU all the time. In the 5 years, did the friend never felt the urge to consolidate his 5 drives? Just like you would consolidate 5 filing cabinets in the olden days, not even thinking security, just plain organization, so you can find your own data that you created a month ago.

Hard to say about how he managed his computer if it's compared to us in this case. He's an old painter that uses 3 HDDs. 1 as C drive, and the other 2 have partitions where he puts his files. The one labeled OK must be his finished works. And yes, all the hard drives are connected inside the casing for years, they are even covered by thick dust when I tried to remove. Now he bought 1 fresh HDD in much bigger capacity and an external drive like I suggested. The old 2 that are encrypted by the virus are now in possession, waiting for a good decrypter.

And yes I agree, what happened here is simply human error that leads to an unimagined disaster. A lesson to everyone to be much more careful in the future.

bobkn · Jul 17, 2021

I'm not an IT pro.

I have been told stories from people who are IT pros about ransomware attacks on businesses. The malware may reside in the system for a long time before being activated. That means that frequent backups don't guarantee safety.

Most of us may not see ransomware because we aren't being targeted individually.

I still occasionally am taken to bogus sites from legitimate ones I visit. (Some times, they claim to supply a necessary update to Adobe Flash.) Fortunately, MS Edge now allows such windows to be closed without drama. (Originally, that wasn't true. I don't recall whether that idiocy was fixed with Edge Chrome or before.)

jimbo45 · Jul 18, 2021

bobkn said:
I'm not an IT pro.

I have been told stories from people who are IT pros about ransomware attacks on businesses. The malware may reside in the system for a long time before being activated. That means that frequent backups don't guarantee safety.

Most of us may not see ransomware because we aren't being targeted individually.

I still occasionally am taken to bogus sites from legitimate ones I visit. (Some times, they claim to supply a necessary update to Adobe Flash.) Fortunately, MS Edge now allows such windows to be closed without drama. (Originally, that wasn't true. I don't recall whether that idiocy was fixed with Edge Chrome or before.)

Hi there

Backing up DATA drives / directories to a Linux type NAS (or QNAP etc) before "staging" to external drive(s) is unlikely to cause Ransomware problems even if the ransomware is released into the system some time in advance before it gets activated - a Windows executable won't run on the NAS !!.

I backup data via rsync (there's a GUI called GRSYNC for those who don't like using the CLI) which is a brilliant job -- just mount the Windows data drive you want to back up on to the NAS -- connect via SAMBA. LAN, USB, or however your NAS accesses Windows .
Note you need to run the RSYNC FROM the NAS so files are retrieved FROM WINDOWS -- don't run on the Windows system !!!.

Perfectly safe --- note here we are just talking about DATA backups -- for the OS system (Windows) use your usual backup -- e.g Macrium Free or whatever to image the system and ensure that you use just 1 disk / partition - better a whole disk if you can do it - only for the OS. Then if necessary this can be clean re-formatted and Windows re-installed if one is worried about "Long Ransomware" !!.

For this tool to work perfectly though you will need to install the openssh-server on Windows --available in add optional features and of course SAMBA on the NAS. Required as you are RECEIVING filers from WINDOWS and running the program ON THE NAS.

Then offline scan the Windows data drives with Windows defender to make sure there's no nasty payloads lurking in your data disks. Windows defender is as good as anything else (or even better than most these days) . This method to those that have NAS type systems should keep your data and OS ransomware free.

grsync -- there's a whole slew of options !!

Cheers
jimbo

blacxarea · Jul 18, 2021

jimbo45 said:
Hi there

Backing up DATA drives / directories to a Linux type NAS (or QNAP etc) before "staging" to external drive(s) is unlikely to cause Ransomware problems even if the ransomware is released into the system some time in advance before it gets activated - a Windows executable won't run on the NAS !!.

I backup data via rsync (there's a GUI called GRSYNC for those who don't like using the CLI) which is a brilliant job -- just mount the Windows data drive you want to back up on to the NAS -- connect via SAMBA. LAN, USB, or however your NAS accesses Windows .
Note you need to run the RSYNC FROM the NAS so files are retrieved FROM WINDOWS -- don't run on the Windows system !!!.

Perfectly safe --- note here we are just talking about DATA backups -- for the OS system (Windows) use your usual backup -- e.g Macrium Free or whatever to image the system and ensure that you use just 1 disk / partition - better a whole disk if you can do it - only for the OS. Then if necessary this can be clean re-formatted and Windows re-installed if one is worried about "Long Ransomware" !!.

For this tool to work perfectly though you will need to install the openssh-server on Windows --available in add optional features and of course SAMBA on the NAS. Required as you are RECEIVING filers from WINDOWS and running the program ON THE NAS.

Then offline scan the Windows data drives with Windows defender to make sure there's no nasty payloads lurking in your data disks. Windows defender is as good as anything else (or even better than most these days) . This method to those that have NAS type systems should keep your data and OS ransomware free.

grsync -- there's a whole slew of options !!

View attachment 3398

Cheers
jimbo

Thank you for this. Really appreciate it..

⚠ Keep Safe From Ransomware Outbreak ⚠

Active member

My Computer My Computer

At a glance

Well-known member

My Computer My Computer

At a glance

Active member

My Computer My Computer

At a glance

Well-known member

My Computer My Computer

At a glance

Active member

My Computer My Computer

At a glance

Well-known member

My Computer My Computer

At a glance

Active member

My Computer My Computer

At a glance

Well-known member

My Computers My Computers

At a glance

At a glance

Well-known member

My Computer My Computer

At a glance

Active member

My Computer My Computer

At a glance

Similar threads

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computer

My Computers

My Computer

My Computer