User avatar
pclab
Forum Moderator
Posts: 1627
Joined: Tue Jan 13, 2015 4:55 pm
Contact: Website Facebook

Another Cryptowall victim...

Fri Jul 03, 2015 10:06 am

Hey

Today I got another Cryptowall victim... This is getting a big pain lately....
Do you guys also have this very often??
www.pclab.com.pt
facebook.com/PCLAB.Assistencia.Tecnica

User avatar
LarrySabo
Data Recovery Master
Posts: 854
Joined: Mon Jan 12, 2015 8:15 pm
Location: Ottawa, Canada
Contact: Website

Re: Another Cryptowall victim...

Fri Jul 03, 2015 10:28 am

I've only had one prospect call to ask if I could recover the data. He was shopping around and never called back. I told him, honestly, the odds of recovery are *very* slim.

HaQue
Forum Moderator
Posts: 224
Joined: Mon Jan 12, 2015 7:56 pm

Re: Another Cryptowall victim...

Fri Jul 03, 2015 11:09 am

I heard the other day on a comp security podcast that Australia had the most victims of crypto malware to population ratio in the world. Though I haven't had a case yet, I hear it mentioned a lot.
Interestingly the horror stories of what they were charged and how the "tech" actually "fixed" the problem is often way more horrific than the malware.

User avatar
lcoughey
Forum Moderator
Posts: 595
Joined: Mon Jan 12, 2015 12:46 pm
Location: Ontario, Canada
Contact: Website Facebook Twitter Google+

Re: Another Cryptowall victim...

Fri Jul 03, 2015 12:38 pm

HaQue wrote:I heard the other day on a comp security podcast that Australia had the most victims of crypto malware to population ratio in the world. Though I haven't had a case yet, I hear it mentioned a lot.
Interestingly the horror stories of what they were charged and how the "tech" actually "fixed" the problem is often way more horrific than the malware.

Unfortunately, with most strains of the malware, there are usually only two ways to restore the data. Restore from backup or pay the ransom. As the majority of users don't have a backup, the ransom is the only solution. This leaves the end user with a choice (assuming that they need the data back) of paying the ransom themselves or paying someone else to do it for them for the cost of the ransom plus the cost of the technician's services.

User avatar
Jared
Forum Admin
Posts: 3546
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Mon Jul 06, 2015 7:48 am

Yep. And since you can't write off buying bitcoin to pay criminals, I make the customer give me the cash equivalent of the bitcoin amount before I'll buy it for them.

Fortunately the criminals do keep their word usually.

HaQue
Forum Moderator
Posts: 224
Joined: Mon Jan 12, 2015 7:56 pm

Re: Another Cryptowall victim...

Mon Jul 06, 2015 10:52 pm

After recovery if the criminals do keep their word, it is imperative to go through the data with a fine tooth comb, and make sure there isn't an infection waiting to happen again, and also that the system is not still vulnerable to the way it was infected.

I have heard of scenarios that the malware will "un-patch" a different vulnerability, then a few days later own the system again. Also if the malware extracted data, your passwords could be compromised.

If the malware infected the system earlier, it may have waited a while before exploiting it. So any backups made between that time could actually have the infection present. So always check backups, do not restore backups over your running only copy of your system!

There is a lot of thought that needs to go into protecting a system from the malware of these despicable cretins.

User avatar
LarrySabo
Data Recovery Master
Posts: 854
Joined: Mon Jan 12, 2015 8:15 pm
Location: Ottawa, Canada
Contact: Website

Re: Another Cryptowall victim...

Tue Jul 07, 2015 8:17 am

It's tough getting users to make backups at all, let alone adopt a strategy that's robust.

Personally, I create/update drive images every 10 days or so and keep them offline (but that's primarily the OS partition, not vital documents and files, which I image/update monthly), run continuous backups to a MyBook (which I need to start backing up to offline storage on a regular basis real soon now and otherwise keep offline most of the day), and automatically create backups of just my most critical files to my DropBox account every 6 hours. So I am not doing such a good job myself when it comes to back-up strategy.

I run CryptoPrevent, CryptoGuard and CryptoMontor (which is purported to be crypto-robust) and use Avira as my A-V but hope I never have to say I wish they did a better job of protecting me. I'm also cautiously starting to check out RogueKiller, but it has a tendency to be over-zealous with killing tools I use for computer repairs. The more I think about it, the more nervous I become and the more naked I feel.

User avatar
Jared
Forum Admin
Posts: 3546
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Re: Another Cryptowall victim...

Tue Jul 07, 2015 10:29 am

I just keep everything that's important in a special folder which is synchronized between all my computers and my Synology NAS. Very similar to dropbox in how it works overall, but I get as much space as I have hard drives in my unit (currently 12Tb in a RAID 6). The great thing about it is it keeps the last 16 versions of files, so even a crypto virus is no match.

User avatar
Bankole Oladoja
Experienced DR Tech
Posts: 322
Joined: Tue Jan 13, 2015 11:24 am
Location: Nigeria
Contact: Website Facebook Skype

Another Cryptowall victim...

Mon Feb 08, 2016 7:31 pm

I got a Cryptowall Client today... Does this mean there is not going to be a way out this ? except I pay the hackers??
Oladoja Bankole
Exclusive Data Recovery Lab. EDARLAB
Abuja, Nigeria.
http://www.edarlab.com
Tel: 08032419528

User avatar
Jared
Forum Admin
Posts: 3546
Joined: Mon Jan 12, 2015 12:32 pm
Location: Providence, RI
Contact: Website Facebook Twitter Skype YouTube Google+

Another Cryptowall victim...

Mon Feb 08, 2016 7:55 pm

Usually. You can try doing a RAW scan to see what can be salvaged, but it's usually minimal.

Return to “Cyber Security & Malware”

Who is online

Users browsing this forum: No registered users and 0 guests