The "can restore files from elsewhere" option should always be number 1 on the list. "I can pay the ransom" is only for those idiots who didn't have number 1 in place.
Nukeware: New malware deletes files and zaps system settings
Lazy but sneaky cybercrooks are slinging a new ransomware variant that falsely claims to have encrypted files when in reality it has deleted them. Ranscam tricks victims by falsely claiming that files have been moved onto an hidden, encrypted partition. In reality the malware has deleted files and comprehensively messed with …
COMMENTS
-
-
-
Tuesday 12th July 2016 20:52 GMT a_yank_lurker
Even with backups, this malware could be troublesome. How many leave the backup drive connected to the computer? Online backups are nice but are usually a subscription service and take time to upload all the data files and sync with the service. Not always a practical option for home users.
-
-
Tuesday 12th July 2016 17:32 GMT asdf
Backups in this case are actually effective (and of course should always be done for many other reasons). The problem with some of the other malware is they have gotten smart and gradually encrypt things over a long period of time so recovering from backups becomes a very laborious process if even possible.
-
Tuesday 12th July 2016 14:53 GMT Anonymous Coward
This is why...
It really pays off to run your OS as non-administrator. I have to admit that it takes getting used to on Windows because depending on what you usually do it can mean more "admin prompts". But it's worth the effort!
On my Win7 environment my account has no password (so it auto boots) but it also has no admin privileges. Good luck to any malware trying to remove system files: it won't succeed because my account has no write access at all in C:\Windows or any other system environment :P
Window updates work just fine, but only after I get an "admin prompt" (to elevate my rights) where I have to give the admin password.
The bad news? It's too late for this. People are so used to having admin privileges on Windows that I don't think it's doable anymore to change that mindset. Nice going Microsoft :)
-
Tuesday 12th July 2016 15:20 GMT Paul Crawford
Re: This is why...
Not having admin rights should be the norm, but it only take one of many privilege escalation bug in ANY operating system to be back to having your machine toasted.
Really the only sensible mitigation technique is a working, tested, backup system that is not a simple extension of the main PC's file system. Also works for lost or damaged PCs as well...
-
Tuesday 12th July 2016 15:41 GMT DropBear
Re: This is why...
Also, not running as administrator might succesfully save your OS (ie. the part of the data on your computer you shouldn't give a flying fuck about considering it should always be ultimately restorable) but does nothing to protect your irreplaceable personal data (ie. the part of the data to which you, as a user, no matter how unprivileged, NEED to have access for it to make any sense). The thing is, outside a few archive-friendly use cases, not having write access to your own data generally isn't a viable way of using a computer. Unless you only use it to browse and check email. In which case you're perfectly safe, you've got nothing to lose.
-
-
Tuesday 12th July 2016 17:38 GMT asdf
Re: This is why...
>Actually I learned the hard way about backups and viruses the hard way which is why I went the way of the Linux long ago
And then you find yourself going a step further and doing the majority of your web browsing even on Linux Mint through an OpenBSD VM (regular user, firewalled, ssh X forwarding with security extensions on ftw) with tor and privoxy. Being this is my work laptop I am currently posting this through FF on a Solaris VM instead lol. Of course VM sandboxing is not the be all end all but I sure like setting it up for personal use.
-
Tuesday 12th July 2016 20:50 GMT Paul Crawford
Re: Linux mint and no longer have this sort of problem
For now.
You see, if you can run arbitrary software on ANY platform, then you can encrypt your own files (as pointed out above).
Sure it is less likely on Linux and one reason I migrated, but if you are properly paranoid about this then you will (A) have an isolated backup anyway as that covers hardware failures and "gross administrative misconduct", and (B) set user-writable areas to non-execute so you can't accidentally run something unpacked from an archive (because your were drunk and it promised good pr0n).
-
Tuesday 12th July 2016 21:23 GMT asdf
Re: Linux mint and no longer have this sort of problem
>unpacked from an archive (because your were drunk and it promised good pr0n).
That tends to be more of an Android problem than Linux lol.
>You see, if you can run arbitrary software on ANY platform, then you can encrypt your own files
IMHO your main web browser should not even have access to a file system containing your personal files except through perhaps a shitload of 0 days and or VM/sandboxing busting. Yes its good to encrypt anyway as disk wiping (short of physical destruction) is not always a sure thing on decommission and yes on Unix apps like gpg make it trivial (actually fairly trivial to encrypt your entire home directory and swap on most *nix). Backups are must regardless because generally on *nix malware is less of a enemy than yourself.
-
Wednesday 13th July 2016 10:58 GMT Paul Crawford
Re: @asdf
"your main web browser should not even have access to a file system containing your personal files"
Except for everyone needing to upload and download email attachments if using web-mail, PDF data sheets, photos up to FB (for the vain and/or with family who pester them enough to bend over for a Zucking), etc?
Of course if you are properly paranoid you will already have an AppArmor profile for Firefox set to only allow read-only access to specific directories (e.g. 'photos') and only read/write to a sane place or two like 'downloads'.
-
-
-
-
-
Wednesday 13th July 2016 06:45 GMT JulieM
This could get interesting
If this Ranscam malware becomes widely distributed, and its irreversibility known about, that's going to put a crimp in things for the real ransomware criminals. After all, why should you bother paying the ransom, if your files might not be recoverable even if you do? So if you get hit with real ransomware, you just ignore and restore.
This is creating a sort of brand dilution. And malware distributors generally aren't the sort of people who tend to settle these sorts of disputes in a Court of Law. Just sayin' .....