Page 1 of 2

Another Cryptowall victim...

Posted: Fri Jul 03, 2015 10:06 am
by pclab
Hey

Today I got another Cryptowall victim... This is getting a big pain lately....
Do you guys also have this very often??

Re: Another Cryptowall victim...

Posted: Fri Jul 03, 2015 10:28 am
by LarrySabo
I've only had one prospect call to ask if I could recover the data. He was shopping around and never called back. I told him, honestly, the odds of recovery are *very* slim.

Re: Another Cryptowall victim...

Posted: Fri Jul 03, 2015 11:09 am
by HaQue
I heard the other day on a comp security podcast that Australia had the most victims of crypto malware to population ratio in the world. Though I haven't had a case yet, I hear it mentioned a lot.
Interestingly the horror stories of what they were charged and how the "tech" actually "fixed" the problem is often way more horrific than the malware.

Re: Another Cryptowall victim...

Posted: Fri Jul 03, 2015 12:38 pm
by lcoughey
HaQue wrote:I heard the other day on a comp security podcast that Australia had the most victims of crypto malware to population ratio in the world. Though I haven't had a case yet, I hear it mentioned a lot.
Interestingly the horror stories of what they were charged and how the "tech" actually "fixed" the problem is often way more horrific than the malware.

Unfortunately, with most strains of the malware, there are usually only two ways to restore the data. Restore from backup or pay the ransom. As the majority of users don't have a backup, the ransom is the only solution. This leaves the end user with a choice (assuming that they need the data back) of paying the ransom themselves or paying someone else to do it for them for the cost of the ransom plus the cost of the technician's services.

Posted: Mon Jul 06, 2015 7:48 am
by Jared
Yep. And since you can't write off buying bitcoin to pay criminals, I make the customer give me the cash equivalent of the bitcoin amount before I'll buy it for them.

Fortunately the criminals do keep their word usually.

Re: Another Cryptowall victim...

Posted: Mon Jul 06, 2015 10:52 pm
by HaQue
After recovery if the criminals do keep their word, it is imperative to go through the data with a fine tooth comb, and make sure there isn't an infection waiting to happen again, and also that the system is not still vulnerable to the way it was infected.

I have heard of scenarios that the malware will "un-patch" a different vulnerability, then a few days later own the system again. Also if the malware extracted data, your passwords could be compromised.

If the malware infected the system earlier, it may have waited a while before exploiting it. So any backups made between that time could actually have the infection present. So always check backups, do not restore backups over your running only copy of your system!

There is a lot of thought that needs to go into protecting a system from the malware of these despicable cretins.

Re: Another Cryptowall victim...

Posted: Tue Jul 07, 2015 8:17 am
by LarrySabo
It's tough getting users to make backups at all, let alone adopt a strategy that's robust.

Personally, I create/update drive images every 10 days or so and keep them offline (but that's primarily the OS partition, not vital documents and files, which I image/update monthly), run continuous backups to a MyBook (which I need to start backing up to offline storage on a regular basis real soon now and otherwise keep offline most of the day), and automatically create backups of just my most critical files to my DropBox account every 6 hours. So I am not doing such a good job myself when it comes to back-up strategy.

I run CryptoPrevent, CryptoGuard and CryptoMontor (which is purported to be crypto-robust) and use Avira as my A-V but hope I never have to say I wish they did a better job of protecting me. I'm also cautiously starting to check out RogueKiller, but it has a tendency to be over-zealous with killing tools I use for computer repairs. The more I think about it, the more nervous I become and the more naked I feel.

Re: Another Cryptowall victim...

Posted: Tue Jul 07, 2015 10:29 am
by Jared
I just keep everything that's important in a special folder which is synchronized between all my computers and my Synology NAS. Very similar to dropbox in how it works overall, but I get as much space as I have hard drives in my unit (currently 12Tb in a RAID 6). The great thing about it is it keeps the last 16 versions of files, so even a crypto virus is no match.

Another Cryptowall victim...

Posted: Mon Feb 08, 2016 7:31 pm
by Bankole Oladoja
I got a Cryptowall Client today... Does this mean there is not going to be a way out this ? except I pay the hackers??

Another Cryptowall victim...

Posted: Mon Feb 08, 2016 7:55 pm
by Jared
Usually. You can try doing a RAW scan to see what can be salvaged, but it's usually minimal.