From what I understand there is a toolkit that can unencrypt some cases of ransomware. Apparently some, but not all, of these guys (or gals I suppose, let's just go with scum). Anyhow some of the scum that make ransomware aren't great with encryption and simply used random values to generate keys. Since it goes on to encrypt files that creates timestamps on the files and the default random value seed is often the current time, it's possible to guess the keys from the time when the encryption started.
This is why you should use an entropy store instead of just generating a random number.
My work computer got infected with ransomware a year ago, despite having antivirus software.
The best thing to do is to have an automatic backup so if your computer is infected you can nuke it from orbit and reinstall everything.
So what should she have done? And how do you protect yourself?
Always back up stuff you need with software than can restore earlier versions and not just the latest version. Apply OS updates and use updated anti-malware software. Anti-malware software isn't so important on Mac and Linux though.
Here's a link to some decryptors if your mom is lucky enough to have gotten an infection from scum who aren't good at encryption.
[link]
She brought it to Best Buy to fix, I guess, so we'll see what they can come up with, but I'm sure she has no backups.
Note to self: Back up!
Health~ma, Matt!
I am amazed that ransomware is an issue for, like, ordinary people. I mean, of course it could be, but how weird that it is!
I love the term entropy store. I feel like I would be an excellent manager of a B&M entropy store.
IJWTS that I am having a really hard time not saying "fuck off" out loud to emails/alerts/notifications/whatever that are irritating me now that I am back from vacation. So far I have kept it under my breath, but I really need to make that an in-my-head-only thing, I think.
Which reminds me, I need to make backups.
One thing that works is to make copies of your data and put it into non-default folders. Ransomware hits my company's customers by tracking into the default data path and dropping bombs into the stored data. I guess it checks to see which programs are used most often, then checks configuration to find where the data is likely to be.
The best thing to do is to have an automatic backup so if your computer is infected you can nuke it from orbit and reinstall everything.
Yup. We've got a 200 person IT team in addition to a technical support contract with IBM and even with all that, nuke it from orbit is the answer.
We use something called CrashPlan now for continuous backup. Which actually turned out to be a life saver when I dumped a cup of coffee on my laptop a few hours before a client deadline this spring. Even though the laptop was dead like a dead thing, they were able to restore a temp file from about 20 minutes before The Incident.
As best we can figure, my team member got it from clicking a link in the calendar for her kids' Catholic school.
We use something called CrashPlan now for continuous backup.
We use CrashPlan Pro. It makes restoring backups (from various points in time) very easy.
Also, when my computer had ransomware, it went on our work network and encrypted a bunch of files on our file server too. Sneaky bastards.
The ransomware people placed documents on our computers with an email address so we could pay them. I forgot how much they wanted--maybe $1,000? I was tempted to email them with a counteroffer of one cent.
One thing I learned from this was if my antivirus software finds viruses and kills them, there are most likely more viruses the antivirus software could not detect, which will result in more infections. So even if antivirus software fixes all the viruses it finds, you're still better off nuking from orbit.
What some hackers do is get access to your computer and then sell access to other people who install viruses on it. So you can kill the viruses but more will be added to your computer by the original hackers if the antivirus software doesn't detect the original infection.
