⚠ Keep Safe From Ransomware Outbreak ⚠

blacxarea

Active member
Member
Local time
4:34 AM
Posts
206
Location
Indonesia
When I write this thread, It's been day 3 I tried to help a friend to save his files because of ransomware attack.
Now his US$ 5,000 machine is just a pile of useless junk because his data from 5 years of work are encrypted.
I contacted about 10 antivirus companies too seek for help, but the new variant of the ransomware that attacked
the machine still doesn't have a decrypter yet. I've managed to safe some data from drive C with Shadow Copy,
but the other drives (D-G) just shortly locked.

Please be more careful, everyone. KEEP SAFE when you're online.
The machine that I tried to save attacked by GUJD variant of STOP DJVU ransomware.
012.jpg
 
Windows Build/Version
All

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Unbranded
    CPU
    AMD Phenom(tm) II X2 555 Processor 3.20 GHz
    Motherboard
    Asus M4A785T-M
    Memory
    Kingston 16GB DDR3
    Graphics Card(s)
    NVidia GeForce GTX 650
    Sound Card
    VIA HD Audio
    Monitor(s) Displays
    2x LG 20" Display
    Screen Resolution
    1600 x 900 60MHz
    Hard Drives
    WD Blue 1TB HDD
    ADATA 500GB SSD
    Midas Force 500GB SSD
    PSU
    Enermax 500W
    Case
    Unbranded
    Cooling
    Unbranded
    Keyboard
    Logitech Wired K120
    Mouse
    Logitech Wired B100
    Internet Speed
    20MB Download 1,5MB Upload
    Browser
    Firefox
    Antivirus
    McAffee, Malwarebytes, Windows Defender
    Other Info
    Are you sneaking?

jimbo45

Well-known member
Member
VIP
Local time
9:34 PM
Posts
623
Location
Hafnarfjörður IS
Hi folks

@blacxarea

Paranoia again probably from the A/V industry who are pushing their products. For most people on HOME computers Windows Defender is more than adequate - scamming is more likely than virus attacks or even ransomware which is very unlikely to happen on HOME / domestic computers.

If you take regular clean backups -- all you have to do on any Ransomware attack simply is :

1) Shutdown machine IMMEDIATELY -- disconnect power -- hard power off - don't use Windows shutdown or anything like that.

2) disconnect computer immediately from Internet -- if it's on Wifi switch off router / cable box as well.

3) disconnect all peripherals.

4) now insert bootable "bare metal restore" medium - Macrium free is good, and your last known good system image.

5) restore system.

6) boot restored system

7) test if OK -- if ok THEN re-enable Internet from router and re-connect computer to Internet.


Job simply and easily done probably withn 15 - 20 mins at most. -- no need to panic or employ loads of expensive I.T contractors or those hideous help desks at the other side of the planet.

So again "AD NAUSEAM -- in caps intended ALWAYS TAKE REGULAR BACKUPS.

I remember someone calling out of the blue with some type of I suspect "Indian" type accent saying there's something wrong with your windows -- (even though I was - and usally am) on a Linux system at the time !!

So all I said was -- My windows are triple glazed , have excellent security locks and am using those that have been passed and recommended by the Police so I think you must have the wrong number !!!!!.

Cheers
jimbo
 
Last edited:

My Computer

System One

  • Operating System
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

blacxarea

Active member
Member
Thread Starter
Local time
4:34 AM
Posts
206
Location
Indonesia
What just happened to my friend's PC now makes me more careful and doing those backup regularly.
In case some unknown file trying to lock my data, I will always have a safe backup to restore.
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Unbranded
    CPU
    AMD Phenom(tm) II X2 555 Processor 3.20 GHz
    Motherboard
    Asus M4A785T-M
    Memory
    Kingston 16GB DDR3
    Graphics Card(s)
    NVidia GeForce GTX 650
    Sound Card
    VIA HD Audio
    Monitor(s) Displays
    2x LG 20" Display
    Screen Resolution
    1600 x 900 60MHz
    Hard Drives
    WD Blue 1TB HDD
    ADATA 500GB SSD
    Midas Force 500GB SSD
    PSU
    Enermax 500W
    Case
    Unbranded
    Cooling
    Unbranded
    Keyboard
    Logitech Wired K120
    Mouse
    Logitech Wired B100
    Internet Speed
    20MB Download 1,5MB Upload
    Browser
    Firefox
    Antivirus
    McAffee, Malwarebytes, Windows Defender
    Other Info
    Are you sneaking?

jimbo45

Well-known member
Member
VIP
Local time
9:34 PM
Posts
623
Location
Hafnarfjörður IS
What just happened to my friend's PC now makes me more careful and doing those backup regularly.
In case some unknown file trying to lock my data, I will always have a safe backup to restore.
Hi there
always better safe than sorry -- can't help with friend s computer but I really can't understand how that much research (5 years) wasn't backed up somewhere !!!!.

Anyway glad you are going to have backups available -- these days often user data is more valuable than the hardware !!! - just be aware of scams, don't give out too much info on social media sites, watch out for fake websites, email especially with attachments from unknown sources and obvious scams like "Tax refunds etc" or "get rich quick" stuff and if you use torrents always download the actual file e.g mp4 / mkv/mp3 etc - never use the .rar, .zip or compressed files as those might well have nasty payloads in them.

Cheers
jimbo
 

My Computer

System One

  • Operating System
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

blacxarea

Active member
Member
Thread Starter
Local time
4:34 AM
Posts
206
Location
Indonesia
He never created any backup because he just don't know how. Could be my other homework to teach him, he's quite new about internet and online things, and he was too excited to see FREE DOWNLOAD almost everywhere, and the lack of language (He's not speak English) made him simply CLICK on any download button from websites.
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Unbranded
    CPU
    AMD Phenom(tm) II X2 555 Processor 3.20 GHz
    Motherboard
    Asus M4A785T-M
    Memory
    Kingston 16GB DDR3
    Graphics Card(s)
    NVidia GeForce GTX 650
    Sound Card
    VIA HD Audio
    Monitor(s) Displays
    2x LG 20" Display
    Screen Resolution
    1600 x 900 60MHz
    Hard Drives
    WD Blue 1TB HDD
    ADATA 500GB SSD
    Midas Force 500GB SSD
    PSU
    Enermax 500W
    Case
    Unbranded
    Cooling
    Unbranded
    Keyboard
    Logitech Wired K120
    Mouse
    Logitech Wired B100
    Internet Speed
    20MB Download 1,5MB Upload
    Browser
    Firefox
    Antivirus
    McAffee, Malwarebytes, Windows Defender
    Other Info
    Are you sneaking?

Haydon

Member
VIP
Local time
5:34 PM
Posts
240
I think a simple solution is to have 2 backups that are normally disconnected, e.g. 2 external drives that are normally powered down or normally unplugged from the computer. Use backup software that can only do one backup at a time, so that the 2 external drives are never connected to the computer at the same time.

The human has become the weakest link since long. The above is a simple way to protect the human from himself, so to speak, although this protection method has of course its own limits.

In the OP, it is unfortunate (and unusual) that all drives C to G were apparently connected to the CPU all the time. In the 5 years, did the friend never felt the urge to consolidate his 5 drives? Just like you would consolidate 5 filing cabinets in the olden days, not even thinking security, just plain organization, so you can find your own data that you created a month ago.
 

My Computer

System One

  • Operating System
    Windows 10 Pro

blacxarea

Active member
Member
Thread Starter
Local time
4:34 AM
Posts
206
Location
Indonesia
I think a simple solution is to have 2 backups that are normally disconnected, e.g. 2 external drives that are normally powered down or normally unplugged from the computer. Use backup software that can only do one backup at a time, so that the 2 external drives are never connected to the computer at the same time.

The human has become the weakest link since long. The above is a simple way to protect the human from himself, so to speak, although this protection method has of course its own limits.

In the OP, it is unfortunate (and unusual) that all drives C to G were apparently connected to the CPU all the time. In the 5 years, did the friend never felt the urge to consolidate his 5 drives? Just like you would consolidate 5 filing cabinets in the olden days, not even thinking security, just plain organization, so you can find your own data that you created a month ago.
Hard to say about how he managed his computer if it's compared to us in this case. He's an old painter that uses 3 HDDs. 1 as C drive, and the other 2 have partitions where he puts his files. The one labeled OK must be his finished works. And yes, all the hard drives are connected inside the casing for years, they are even covered by thick dust when I tried to remove. Now he bought 1 fresh HDD in much bigger capacity and an external drive like I suggested. The old 2 that are encrypted by the virus are now in possession, waiting for a good decrypter.

And yes I agree, what happened here is simply human error that leads to an unimagined disaster. A lesson to everyone to be much more careful in the future.
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Unbranded
    CPU
    AMD Phenom(tm) II X2 555 Processor 3.20 GHz
    Motherboard
    Asus M4A785T-M
    Memory
    Kingston 16GB DDR3
    Graphics Card(s)
    NVidia GeForce GTX 650
    Sound Card
    VIA HD Audio
    Monitor(s) Displays
    2x LG 20" Display
    Screen Resolution
    1600 x 900 60MHz
    Hard Drives
    WD Blue 1TB HDD
    ADATA 500GB SSD
    Midas Force 500GB SSD
    PSU
    Enermax 500W
    Case
    Unbranded
    Cooling
    Unbranded
    Keyboard
    Logitech Wired K120
    Mouse
    Logitech Wired B100
    Internet Speed
    20MB Download 1,5MB Upload
    Browser
    Firefox
    Antivirus
    McAffee, Malwarebytes, Windows Defender
    Other Info
    Are you sneaking?

bobkn

Well-known member
Member
VIP
Local time
5:34 PM
Posts
437
Location
Danbury, CT, USA
I'm not an IT pro.

I have been told stories from people who are IT pros about ransomware attacks on businesses. The malware may reside in the system for a long time before being activated. That means that frequent backups don't guarantee safety.

Most of us may not see ransomware because we aren't being targeted individually.

I still occasionally am taken to bogus sites from legitimate ones I visit. (Some times, they claim to supply a necessary update to Adobe Flash.) Fortunately, MS Edge now allows such windows to be closed without drama. (Originally, that wasn't true. I don't recall whether that idiocy was fixed with Edge Chrome or before.)
 

My Computers

System One System Two

  • Operating System
    Windows 11 22000.194
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 9 5950X
    Motherboard
    Asus Tuf X570 Plus Gaming
    Memory
    32GB Gskill DDR4 2800
    Graphics Card(s)
    Radeon RX 6900 XT
    Sound Card
    onboard
    Monitor(s) Displays
    Asus PA329C
    Screen Resolution
    3940 X 2160
    Hard Drives
    WB Black SN850 1TB M.2 NVME SSD
    Seagate Iron Wolf 8TB
    PSU
    Seasonic SS-1250XM
    Case
    Corsair Obsidian 750D
    Cooling
    Corsair H100i RGB Pro XT
    Internet Speed
    1200 Mbps
  • Operating System
    windows 10 19044.1151
    Computer type
    PC/Desktop
    Manufacturer/Model
    homebuilt
    CPU
    Ryzen 9 3900X
    Motherboard
    MSI MPG X570 Gaming Plus
    Memory
    32GB
    Graphics card(s)
    Gigabyte RTX 2080 Super
    Sound Card
    built in Realtek
    Monitor(s) Displays
    Samsung LU28R550UQNXZA
    Screen Resolution
    3840 X 2160
    Hard Drives
    Sabrent 1 TB PCI-E 4.0 X4 NVME M.2
    4 GB Seagate Ironwolf
    PSU
    eVGA SuperNOVA 750 G1+
    Case
    Phanteks ENTHOO Pro M
    Cooling
    Corsair H100i RGB Pro XT
    Internet Speed
    400 Mbps

jimbo45

Well-known member
Member
VIP
Local time
9:34 PM
Posts
623
Location
Hafnarfjörður IS
I'm not an IT pro.

I have been told stories from people who are IT pros about ransomware attacks on businesses. The malware may reside in the system for a long time before being activated. That means that frequent backups don't guarantee safety.

Most of us may not see ransomware because we aren't being targeted individually.

I still occasionally am taken to bogus sites from legitimate ones I visit. (Some times, they claim to supply a necessary update to Adobe Flash.) Fortunately, MS Edge now allows such windows to be closed without drama. (Originally, that wasn't true. I don't recall whether that idiocy was fixed with Edge Chrome or before.)
Hi there

Backing up DATA drives / directories to a Linux type NAS (or QNAP etc) before "staging" to external drive(s) is unlikely to cause Ransomware problems even if the ransomware is released into the system some time in advance before it gets activated - a Windows executable won't run on the NAS !!.

I backup data via rsync (there's a GUI called GRSYNC for those who don't like using the CLI) which is a brilliant job -- just mount the Windows data drive you want to back up on to the NAS -- connect via SAMBA. LAN, USB, or however your NAS accesses Windows .
Note you need to run the RSYNC FROM the NAS so files are retrieved FROM WINDOWS -- don't run on the Windows system !!!.

Perfectly safe --- note here we are just talking about DATA backups -- for the OS system (Windows) use your usual backup -- e.g Macrium Free or whatever to image the system and ensure that you use just 1 disk / partition - better a whole disk if you can do it - only for the OS. Then if necessary this can be clean re-formatted and Windows re-installed if one is worried about "Long Ransomware" !!.

For this tool to work perfectly though you will need to install the openssh-server on Windows --available in add optional features and of course SAMBA on the NAS. Required as you are RECEIVING filers from WINDOWS and running the program ON THE NAS.

Then offline scan the Windows data drives with Windows defender to make sure there's no nasty payloads lurking in your data disks. Windows defender is as good as anything else (or even better than most these days) . This method to those that have NAS type systems should keep your data and OS ransomware free.

grsync -- there's a whole slew of options !!

Screenshot_20210718_090739.png

Cheers
jimbo
 

My Computer

System One

  • Operating System
    Windows XP,7,10,11 Linux Arch Linux
    Computer type
    PC/Desktop
    CPU
    2 X Intel i7

blacxarea

Active member
Member
Thread Starter
Local time
4:34 AM
Posts
206
Location
Indonesia
Hi there

Backing up DATA drives / directories to a Linux type NAS (or QNAP etc) before "staging" to external drive(s) is unlikely to cause Ransomware problems even if the ransomware is released into the system some time in advance before it gets activated - a Windows executable won't run on the NAS !!.

I backup data via rsync (there's a GUI called GRSYNC for those who don't like using the CLI) which is a brilliant job -- just mount the Windows data drive you want to back up on to the NAS -- connect via SAMBA. LAN, USB, or however your NAS accesses Windows .
Note you need to run the RSYNC FROM the NAS so files are retrieved FROM WINDOWS -- don't run on the Windows system !!!.

Perfectly safe --- note here we are just talking about DATA backups -- for the OS system (Windows) use your usual backup -- e.g Macrium Free or whatever to image the system and ensure that you use just 1 disk / partition - better a whole disk if you can do it - only for the OS. Then if necessary this can be clean re-formatted and Windows re-installed if one is worried about "Long Ransomware" !!.

For this tool to work perfectly though you will need to install the openssh-server on Windows --available in add optional features and of course SAMBA on the NAS. Required as you are RECEIVING filers from WINDOWS and running the program ON THE NAS.

Then offline scan the Windows data drives with Windows defender to make sure there's no nasty payloads lurking in your data disks. Windows defender is as good as anything else (or even better than most these days) . This method to those that have NAS type systems should keep your data and OS ransomware free.

grsync -- there's a whole slew of options !!

View attachment 3398

Cheers
jimbo
Thank you for this. Really appreciate it..
 

My Computer

System One

  • Operating System
    Windows 11
    Computer type
    PC/Desktop
    Manufacturer/Model
    Unbranded
    CPU
    AMD Phenom(tm) II X2 555 Processor 3.20 GHz
    Motherboard
    Asus M4A785T-M
    Memory
    Kingston 16GB DDR3
    Graphics Card(s)
    NVidia GeForce GTX 650
    Sound Card
    VIA HD Audio
    Monitor(s) Displays
    2x LG 20" Display
    Screen Resolution
    1600 x 900 60MHz
    Hard Drives
    WD Blue 1TB HDD
    ADATA 500GB SSD
    Midas Force 500GB SSD
    PSU
    Enermax 500W
    Case
    Unbranded
    Cooling
    Unbranded
    Keyboard
    Logitech Wired K120
    Mouse
    Logitech Wired B100
    Internet Speed
    20MB Download 1,5MB Upload
    Browser
    Firefox
    Antivirus
    McAffee, Malwarebytes, Windows Defender
    Other Info
    Are you sneaking?
Top Bottom