I have had to do this several times with ransom ware: Force a shut down as soon as you see the dreaded FBI message (pull your battery if you have to), then start in safe mode (F6?), then do a restore to a previously known good date. Quite simple. Didn't loose anything.
Last edited by Ole Anderson; 03-03-2015 at 10:59 PM.
NOW you tell me...
Hi-Tec Designs, LLC -- Owner (and self-proclaimed LED guru )
Trotec 80W Speedy 300 laser w/everything
CAMaster Stinger CNC (25" x 36" x 5")
USCutter 24" LaserPoint Vinyl Cutter
Jet JWBS-18QT-3 18", 3HP bandsaw
Robust Beauty 25"x52" wood lathe w/everything
Jet BD-920W 9"x20" metal lathe
Delta 18-900L 18" drill press
Flame Polisher (ooooh, FIRE!)
Freeware: InkScape, Paint.NET, DoubleCAD XT
Paidware: Wacom Intuos4 (Large), CorelDRAW X5
Here I was thinking all along that blackmail was illegal and that our fine law enforcement organizations were there to go after these crooks. I understand they probably can't help the individuals affected. I think they should have said something like "the FBI always gets its man"
The ransom ware locks the computer so badly that you can't even pull up Task Manager (control+alt+delete) to stop the program from running (doing bad things?) nor can you stop it by hitting your off button, or with a laptop, pulling the cord out of the wall if you are plugged in. So if you ever get that ransom screen, stop the computer immediately, don't even try to just stop the program from running as the first thing it does is lock you out. Maybe they were different programs or I was able to stop them before the dreaded encryption (which I imagine takes time). But the program, pretending to be the FBI, accuses you of illegal acts, (piracy or child porn and so on) and demands that you send them money as a "fine" in order to unlock your computer. Happened three times to me on various sites, which I don't even remember which ones. Not saying there are worse programs than the ones I ran into, just that I found an easy way to sidestep the ones I ran into when they occurred.
NOW you tell me...
Dan, didn't some secuity Cos. (perhaps Kaspersky?) figure out a way to reverse engineer the keys or something so as to be able to unlock the encrypted drives without having to pay? Of course the malware could have evolved. What I took from what I read is that Cryptolocker uses Microsoft's encryption engine found in all Windows versions to encrypt the disk. No Windows, no Cryptolocker. I could download the malware but it wouldn't do anything.
Last edited by Curt Harms; 03-04-2015 at 10:29 AM.
Hi-Tec Designs, LLC -- Owner (and self-proclaimed LED guru )
Trotec 80W Speedy 300 laser w/everything
CAMaster Stinger CNC (25" x 36" x 5")
USCutter 24" LaserPoint Vinyl Cutter
Jet JWBS-18QT-3 18", 3HP bandsaw
Robust Beauty 25"x52" wood lathe w/everything
Jet BD-920W 9"x20" metal lathe
Delta 18-900L 18" drill press
Flame Polisher (ooooh, FIRE!)
Freeware: InkScape, Paint.NET, DoubleCAD XT
Paidware: Wacom Intuos4 (Large), CorelDRAW X5
I had another thought. If you copied your entire hard drive onto another drive not connected to the computer except when you are updating the back up, this scam would pretty much fail as you should be able to boot to a CD and format the hard drive, then return your copy to the original hard drive.
Of course you could also avoid questionable sites and avoid opening emails with attachments.
Lee Schierer
USNA '71
Go Navy!
My advice, comments and suggestions are free, but it costs money to run the site. If you found something of value here please give a little something back by becoming a contributor! Please Contribute
Not a new scam at all...it's been around for some time now and called "ransom ware". Keep backups off the computer and instead of paying...blow away the computer and rebuild.
--
The most expensive tool is the one you buy "cheaply" and often...
The not connected to the computer is a problem. I do backups at 6pm to an external drive. Is there anyway to make the drive not available to the system except between 6pm and 6:30? That would give me a 98% chance of surviving intact. (I also do a cloud backup, so I won't lose any data, but the external drive is an image, so I would only have to format and restore to just keep going.)
It falls so short to say that. You can go to the most innocent website and by the time your antivirus arcs up it's too late. Have a comprehensive back of the data you can't afford to lose - nothing less. They can burn your computer but if you have a back up you are good to go... If you don't know how to do that then start learning how now. It's as simple as typing in "best backup for my mac, pc" and spending a couple hours reading, and then acting.
Sent from the bathtub on my Samsung Galaxy(C)S5 with waterproof Lifeproof Case(C), and spell check turned off!