Another Cryptowall victim...

pclab

Moderator
Hey

Today I got another Cryptowall victim... This is getting a big pain lately....
Do you guys also have this very often??
 

LarrySabo

Member
I've only had one prospect call to ask if I could recover the data. He was shopping around and never called back. I told him, honestly, the odds of recovery are *very* slim.
 

HaQue

Moderator
I heard the other day on a comp security podcast that Australia had the most victims of crypto malware to population ratio in the world. Though I haven't had a case yet, I hear it mentioned a lot.
Interestingly the horror stories of what they were charged and how the "tech" actually "fixed" the problem is often way more horrific than the malware.
 

lcoughey

Moderator
HaQue":3q2kbgql said:
I heard the other day on a comp security podcast that Australia had the most victims of crypto malware to population ratio in the world. Though I haven't had a case yet, I hear it mentioned a lot.
Interestingly the horror stories of what they were charged and how the "tech" actually "fixed" the problem is often way more horrific than the malware.
Unfortunately, with most strains of the malware, there are usually only two ways to restore the data. Restore from backup or pay the ransom. As the majority of users don't have a backup, the ransom is the only solution. This leaves the end user with a choice (assuming that they need the data back) of paying the ransom themselves or paying someone else to do it for them for the cost of the ransom plus the cost of the technician's services.
 

Jared

Administrator
Staff member
Yep. And since you can't write off buying bitcoin to pay criminals, I make the customer give me the cash equivalent of the bitcoin amount before I'll buy it for them.

Fortunately the criminals do keep their word usually.
 

HaQue

Moderator
After recovery if the criminals do keep their word, it is imperative to go through the data with a fine tooth comb, and make sure there isn't an infection waiting to happen again, and also that the system is not still vulnerable to the way it was infected.

I have heard of scenarios that the malware will "un-patch" a different vulnerability, then a few days later own the system again. Also if the malware extracted data, your passwords could be compromised.

If the malware infected the system earlier, it may have waited a while before exploiting it. So any backups made between that time could actually have the infection present. So always check backups, do not restore backups over your running only copy of your system!

There is a lot of thought that needs to go into protecting a system from the malware of these despicable cretins.
 

LarrySabo

Member
It's tough getting users to make backups at all, let alone adopt a strategy that's robust.

Personally, I create/update drive images every 10 days or so and keep them offline (but that's primarily the OS partition, not vital documents and files, which I image/update monthly), run continuous backups to a MyBook (which I need to start backing up to offline storage on a regular basis real soon now and otherwise keep offline most of the day), and automatically create backups of just my most critical files to my DropBox account every 6 hours. So I am not doing such a good job myself when it comes to back-up strategy.

I run CryptoPrevent, CryptoGuard and CryptoMontor (which is purported to be crypto-robust) and use Avira as my A-V but hope I never have to say I wish they did a better job of protecting me. I'm also cautiously starting to check out RogueKiller, but it has a tendency to be over-zealous with killing tools I use for computer repairs. The more I think about it, the more nervous I become and the more naked I feel.
 

Jared

Administrator
Staff member
I just keep everything that's important in a special folder which is synchronized between all my computers and my Synology NAS. Very similar to dropbox in how it works overall, but I get as much space as I have hard drives in my unit (currently 12Tb in a RAID 6). The great thing about it is it keeps the last 16 versions of files, so even a crypto virus is no match.
 

Jared

Administrator
Staff member
Usually. You can try doing a RAW scan to see what can be salvaged, but it's usually minimal.
 
Top