Ham N Egz
Max Output Level: 0 dBFS
- Total Posts : 15161
- Joined: 2005/01/21 14:27:49
- Location: Arpadhon
- Status: offline
A user here at work got Ransomwared
I am getting this second hand, but a staff employee was searching for hotel rooms and apparently clicked a malware embedded link on a webpage, not as an email attachment. It has infected a shared drive so the potential for harm is huge
Our staff has been working feverishly restoring backups from yesterday, so they will lose anything they did since yesterday, but hopefully eradicate the malware.
I will check back and see if they tar and feather the employee.
Heres the warning it was NOT an attachment, it was a webpage,, nothing is safe any more
Green Acres is the place to be I dont twitter, facebook, snapchat, instagram,linkedin,tumble,pinterest,flick, blah blah,lets have an old fashioned conversation!
|
Mesh
Max Output Level: 0 dBFS
- Total Posts : 27360
- Joined: 2009/11/27 14:08:08
- Location: Online right here!
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 13:21:31
(permalink)
Wow.....what a real pain to go through all that......I'm surprised a software didn't catch it and quarantine it,
Platinum Gaming DAW: AsRock Z77 Overclock FormulaI7 3770k @ 4.5GHz : 16GB RAM G.Skill Ripjaws X 250GB OS SSD : 3TB HDD : 1TB Sample HDDWin 10 Pro x 64 : NH-D14 CPU Cooler HIS IceQ 2GB HD 7870Focusrite Scarlett 2i4The_Forum_Monkeys
|
pwalpwal
Max Output Level: -43 dBFS
- Total Posts : 3249
- Joined: 2015/01/17 03:52:50
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 13:48:37
(permalink)
run a script-blocker browser add-in like NoScript - you have to white list sites, but it doesn't take long
hth
|
slartabartfast
Max Output Level: -22.5 dBFS
- Total Posts : 5289
- Joined: 2005/10/30 01:38:34
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 16:22:12
(permalink)
Lots of good advice is available about how to be safe on the internet. Most of it is how to avoid doing stupid stuff. But if the major banks, the defense department and the CIA cannot protect their systems, avoiding stupidity is no guarantee of security.
|
tom1
Max Output Level: -79 dBFS
- Total Posts : 559
- Joined: 2008/03/23 16:40:52
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 16:34:22
(permalink)
A nurse I know told me her hospital was victimized a few weeks back. I think it might be happening more than is publicized. Here's the story: A Hollywood hospital whose computer systems were locked up by ransomware earlier this month (original story below) has paid $17,000 in bitcoins to regain access to its data. It’s believed the hackers had originally demanded $3.4 million from the Hollywood Presbyterian Medical Center in Los Angeles, but the hospital said Wednesday that any reports suggesting it paid that amount are false.Commenting on the decision to hand over $17,000, Allen Stefanek, president of the medical center, said in a release, “The malware locks systems by encrypting files and demanding ransom to obtain the decryption key. The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.” Read more: http://www.digitaltrends....-attack/#ixzz42RZ3eWaV
Sonar Producer X2/ProTools/Cubase/Reaper Studio Cat 32 Gig Ram East West: Hollywood Strings/Brass/Woodwinds/Goliath Kontakt Ultimate / FabFilter Bundle / EaReverb / Maag4 / Izotope Ozone 5 / Izotope RX2 / Elastique / Waves
|
bapu
Max Output Level: 0 dBFS
- Total Posts : 86000
- Joined: 2006/11/25 21:23:28
- Location: Thousand Oaks, CA
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 17:30:10
(permalink)
☄ Helpfulby Mesh 2016/03/10 09:00:51
What's next?
The FSF?
They'll have to pay us to give it back.
|
bayoubill
Max Output Level: 0 dBFS
- Total Posts : 10899
- Joined: 2009/04/27 06:11:12
- Location: Shreveport Louisiana
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 20:29:27
(permalink)
This is really spooky stuff! I get e-mails from people I know telling me to hit this link to get whatever. I don't do it and everything I ask the friend about the e-mails they know nothing about it. When I tried to download Windows 10 I was hijacked and had no idea it was happening. When my PC starts running sluggish I call up task manager and find a 2nd user. I log off ASAP! I don't do much on the internet anymore
|
bapu
Max Output Level: 0 dBFS
- Total Posts : 86000
- Joined: 2006/11/25 21:23:28
- Location: Thousand Oaks, CA
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 21:29:15
(permalink)
|
craigb
Max Output Level: 0 dBFS
- Total Posts : 41704
- Joined: 2009/01/28 23:13:04
- Location: The Pacific Northwestshire
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 22:29:02
(permalink)
☄ Helpfulby bayoubill 2016/03/09 23:47:55
bapu
Where's Bill?
Bill? Who's Bill?
Time for all of you to head over to Beyond My DAW!
|
bayoubill
Max Output Level: 0 dBFS
- Total Posts : 10899
- Joined: 2009/04/27 06:11:12
- Location: Shreveport Louisiana
- Status: offline
Re: A user here at work got Ransomwared
2016/03/09 23:33:21
(permalink)
I knew it! chronic amnesia is contagious!!
|
ston
Max Output Level: -71 dBFS
- Total Posts : 965
- Joined: 2008/03/04 12:28:40
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 03:33:32
(permalink)
Don't click any adverts on web pages either; due to the convoluted, horrendous mess that is the web advertising industry it is very open to fraud and the injection of malware code behind apparently innocent ads. This is what I mean by horrendous, convoluted mess: https://regmedia.co.uk/2016/02/05/programmatic_advertising_market.jpg > "Wow.....what a real pain to go through all that......I'm surprised a software didn't catch it and quarantine it," Much harder than you might think if we're talking about clicking a web page link. On a Windows machine, you have then effectively given whatever script is hiding behind the link root-level permission to run on your machine. Due to tricks like the JSF*** one I posted about a few days ago, most (if not all) script sanitisers can't identify the mass of characters being passed to the JRE as even being script that can run.
|
craigb
Max Output Level: 0 dBFS
- Total Posts : 41704
- Joined: 2009/01/28 23:13:04
- Location: The Pacific Northwestshire
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 03:56:28
(permalink)
Heh, I just read that Forbes won't show any of their content until you turn your ad blocker off and then they have been dumping malware onto people's computers! Figures.
Time for all of you to head over to Beyond My DAW!
|
ston
Max Output Level: -71 dBFS
- Total Posts : 965
- Joined: 2008/03/04 12:28:40
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 07:49:48
(permalink)
Yup!
[Forbes:] "We noticed you still have ad blocker enabled. By turning it off or whitelisting Forbes.com, you can continue to our site and receive the Forbes ad-light experience."
That's pretty recent; I looked at a Forbes page concerning the owner of a company we're currently doing some work for not two weeks ago. Forbes can go whistle in the wind as far as I'm concerned :-)
|
Guitarhacker
Max Output Level: 0 dBFS
- Total Posts : 24398
- Joined: 2007/12/07 12:51:18
- Location: NC
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 08:00:00
(permalink)
My wife gets into those loopers from time to time. A pain, but easy to remove with a few minutes of work.
She picks them up on legitimate teacher websites that she's used for years. Go figure.
Remember the old expression: Curiosity killed the cat. Don't be curious on the internet.
My website & music: www.herbhartley.com MC4/5/6/X1e.c, on a Custom DAW Focusrite Firewire Saffire Interface BMI/NSAI "Just as the blade chooses the warrior, so too, the song chooses the writer "
|
Moshkito
Max Output Level: -37.5 dBFS
- Total Posts : 3765
- Joined: 2015/01/26 13:29:07
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 09:26:44
(permalink)
craigb
Heh, I just read that Forbes won't show any of their content until you turn your ad blocker off and then they have been dumping malware onto people's computers! Figures.
The real issue is that it is a procedure that Microsoft uses as well as anyone else ... so we saying that something is malware and Microsoft is not ... is bizarre when it is the same thing ... just doing different details!
Music is not about notes and chords! My poem is not about the computer or monitor or letters! It's about how I was able to translate it from my insides!
|
bitflipper
01100010 01101001 01110100 01100110 01101100 01101
- Total Posts : 26036
- Joined: 2006/09/17 11:23:23
- Location: Everett, WA USA
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 10:25:37
(permalink)
Even disabling scripts and whitelisting trusted sites may not save you, because everybody seems to want to get in on ad revenue, even respectable website operators. Those ads are managed by a third party, so the host rarely has any control over content. But you think "I'll just never click on any ad, anywhere, and therefore be safe". As users avoid ad links, advertisers just get more clever in obfuscating them. You can be misled into thinking you're clicking on a legitimate related page, and that trend is just starting to take off. Wait until somebody figures out how to embed malware in a YouTube video. I have, however, not previously heard of ransomware infections via web pages. If that's the case, then this is an entirely new attack vector. The latest (and most widely dispersed) version, called " Locky" is still propagated via email attachments. I've been getting as many as 30 emails per day that claim to have an invoice attached, which is Locky's M.O.
 All else is in doubt, so this is the truth I cling to. My Stuff
|
ston
Max Output Level: -71 dBFS
- Total Posts : 965
- Joined: 2008/03/04 12:28:40
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 10:48:03
(permalink)
Moshkito
craigb
Heh, I just read that Forbes won't show any of their content until you turn your ad blocker off and then they have been dumping malware onto people's computers! Figures.
The real issue is that it is a procedure that Microsoft uses as well as anyone else ... so we saying that something is malware and Microsoft is not ... is bizarre when it is the same thing ... just doing different details!
For which Microsoft websites? Neither microsoft.com nor msn.com (nor outlook.com etc.) b1tch at me for having adblock installed. I find it particularly egregious that these ransomware bastards are targeting hospitals. I doubt my solution to the problem would be accepted though, probably for being 'too medieval'.
|
ampfixer
Max Output Level: -20 dBFS
- Total Posts : 5508
- Joined: 2010/12/12 20:11:50
- Location: Ontario
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 10:50:01
(permalink)
Last week my sister called me to say that her computer crashed. I go over and find that when she turns it on it locks up with a warning screen telling her that the machine is damaged. In the middle of the screen is an 800 number to call Microsoft for help. I didn't call the number because I know that Microsoft never offers to help.
I assumed that it was a virus. I asked what the last thing she did with the computer and she said she was trying to download a Yahoo chat app. I'm willing to bet if I'd called that number I would have gotten a ransom demand. She was set up via an online dating site. A guy sends her an email and directs her to an app on the Yahoo site. She tries to get it and bam, PC is a hostage.
I reformatted and reinstalled Win 10 and that seems to have killed it. Her loss of data is the price she paid for foolishness. You have to be cynical and distrustful to survive in the 21st century.
Regards, John I want to make it clear that I am an Eedjit. I have no direct, or indirect, knowledge of business, the music industry, forum threads or the meaning of life. I know about amps. WIN 10 Pro X64, I7-3770k 16 gigs, ASUS Z77 pro, AMD 7950 3 gig, Steinberg UR44, A-Pro 500, Sonar Platinum, KRK Rokit 6
|
Mitch_I
Max Output Level: -86 dBFS
- Total Posts : 212
- Joined: 2003/11/09 12:03:19
- Status: offline
Re: A user here at work got Ransomwared
2016/03/10 11:04:24
(permalink)
John, Something very similar happened to me about a month ago. I lost keyboard and mouse control and saw the message to call an 800 number. I hit the restart button on the case and disconnected the network cable. When I restarted and reconnected, my system was OK. I ran Malwarebytes and ESET anti-virus, and everything seemed fine. My general strategy is to make monthly images of the C drive and copy the image and the data on the D drive to an external drive. Would that work to recover from a ransomware attack? Not sure. Mitch I.
post edited by Mitch_I - 2016/03/10 15:26:46
|
ston
Max Output Level: -71 dBFS
- Total Posts : 965
- Joined: 2008/03/04 12:28:40
- Status: offline
Re: A user here at work got Ransomwared
2016/03/16 05:07:36
(permalink)
|
ston
Max Output Level: -71 dBFS
- Total Posts : 965
- Joined: 2008/03/04 12:28:40
- Status: offline
Re: A user here at work got Ransomwared
2016/03/16 05:09:10
(permalink)
Mitch_I
My general strategy is to make monthly images of the C drive and copy the image and the data on the D drive to an external drive. Would that work to recover from a ransomware attack? Not sure.
Do you leave your backup media attached and write-enabled? If so, it could easily be affected. Best practice is to only attach it and enable writes when you perform your backups and at no other times.
|
craigb
Max Output Level: 0 dBFS
- Total Posts : 41704
- Joined: 2009/01/28 23:13:04
- Location: The Pacific Northwestshire
- Status: offline
Re: A user here at work got Ransomwared
2016/03/16 07:38:09
(permalink)
This is why I only use Windows 9.
Time for all of you to head over to Beyond My DAW!
|
Mitch_I
Max Output Level: -86 dBFS
- Total Posts : 212
- Joined: 2003/11/09 12:03:19
- Status: offline
Re: A user here at work got Ransomwared
2016/03/16 09:46:07
(permalink)
ston
Mitch_I
My general strategy is to make monthly images of the C drive and copy the image and the data on the D drive to an external drive. Would that work to recover from a ransomware attack? Not sure.
Do you leave your backup media attached and write-enabled? If so, it could easily be affected. Best practice is to only attach it and enable writes when you perform your backups and at no other times.
Good point. No, I leave the backup media unplugged and disconnected.
|
ston
Max Output Level: -71 dBFS
- Total Posts : 965
- Joined: 2008/03/04 12:28:40
- Status: offline
Re: A user here at work got Ransomwared
2016/03/17 06:12:54
(permalink)
|
bitflipper
01100010 01101001 01110100 01100110 01101100 01101
- Total Posts : 26036
- Joined: 2006/09/17 11:23:23
- Location: Everett, WA USA
- Status: offline
Re: A user here at work got Ransomwared
2016/03/17 11:11:25
(permalink)
And now the two most-popular Chrome ad-blockers have implemented a program wherein advertisers can pay to have the ad-blockers ignore them. What a scam.
All else is in doubt, so this is the truth I cling to. My Stuff
|
bayoubill
Max Output Level: 0 dBFS
- Total Posts : 10899
- Joined: 2009/04/27 06:11:12
- Location: Shreveport Louisiana
- Status: offline
Re: A user here at work got Ransomwared
2016/03/17 13:41:43
(permalink)
seems like everything today has become a scam and corruption is rampant. honesty is a rare trait in every day dealings and crime is everywhere
sad state we're in
|
57Gregy
Max Output Level: 0 dBFS
- Total Posts : 14404
- Joined: 2004/05/31 17:04:17
- Location: Raleigh, North Carolina
- Status: offline
Re: A user here at work got Ransomwared
2016/03/17 14:35:03
(permalink)
bayoubill
seems like everything today has become a scam and corruption is rampant. honesty is a rare trait in every day dealings and crime is everywhere
sad state we're in
Malcolm Burwell, MP 1733-1775
|