http://www.nytimes.com/2012/12/06/technology/ransomware-is-expanding-in-the-united-states.html?pagewanted=all

The messages often demand that victims buy a preloaded debit card that can be purchased at a local drugstore — and enter the PIN. That way it’s impossible for victims to cancel the transaction once it becomes clear that criminals have no intention of unlocking their PC.

Wow, I had no idea things were this bad.

I've heard of this, I believe that the term is Ransomware,

http://en.wikipedia.org/wiki/Ransomware_%28malware%29

Even had a few e-mails like this in my works spam folder.

Regards

Aces

Bloody Hell! This is bang out of order.

Not really new, but a problem growing since quite some time now.

I can only repeat it agai n and again: when doing online banking and going online in general, PARANOIA IS A VIRTUE.

Another growing concern is are drive-by-attacks. The times when downloaded intrusive software mjust be activated by the user by making him click on something, are the past. New malware of this type installs and activates itself by the user just landing on a certain website with an infested element. Period.

Finally, rootkits and new trojans are of such a nature that antivirus software practically does not detect them. Thus my recommendation to use an additional specialized malware scanner parallel to a firewall and antivirus scanner. This doe snot delete the risk, but it reduces it. My alarm from three months ago that amde me reinstall my system was coming from the malware scanner as well, not the antivirus scanner.

I occasionally read of IT security experts who said that in their opinion antivirus scanners are already overrated and are being still sold to the private audience for profit interests only.

In general I think the web is becoming much more risky and dangerous.

Plus there is enormous lobbying for establishing more state censorship. But that is another topic.

The degrading security situation also is a primary argument against smartphones, imo, since smartphone users are even more naive and carelessly minded, than PC users.

In case of a security breahc on your system: do not repair. Format and reinstall. Always. As the phrase tells you: "once corrupted, always corrupted".

No, no it is not that bad. It is fairly easy to unlock the PC again. Going to safe mode and then using the restore point function will do the trick.

Problem is, people have to understand first that their computer actually got hacked by some crooks when the lock screen says something else, e.g. the "FBI" or some other "authority" has locked you computer for violating copyright laws, downloading child porn etc.

I have had a couple of people asking me for help because they thought they were in legal trouble now. So far I always could tell them: "no you don't have legal problems, you have a computer virus!"

A poorly written article!

I had heard of this ransomware before but didn't know how they manage to fool people. Very interesting article. Thanks Neal! :up:

No, no it is not that bad. It is fairly easy to unlock the PC again. Going to safe mode and then using the restore point function will do the trick.

Problem is, people have to understand first that their computer actually got hacked by some crooks when the lock screen says something else, e.g. the "FBI" or some other "authority" has locked you computer for violating copyright laws, downloading child porn etc.

I have had a couple of people asking me for help because they thought they were in legal trouble now. So far I always could tell them: "no you don't have legal problems, you have a computer virus!"

A poorly written article!
A loud and sounding NEGATIVE! from me! It is a modern myth that system restore points can help you to easily clean infections by rolling back to an earlier state of the system, because infected files and malware installed could get included in system restore points to which you then revert - that is you are reinfecting your system by yourself!

That is why it is an often given advice that in case you do not want to format and reinstall your system, but choose the "easy" way tro put your trust - and make a gamble - in using an antivir solution to "clean" the system, before you do so you should switch off system restore feature and make sure that all restore points get manually deleted/overwritten.

And look what I have found via Google search, page 1, entry 1: they are saying exactly the same like I do:

http://www.brighthub.com/computing/smb-security/articles/44731.aspx

P.S. And this:
http://antivirus.about.com/od/windowsbasics/a/systemrestore.htm

A loud and sounding NEGATIVE! from me! It is a modern myth that system restore points can help you to easily clean infections....


@Birdman, I agree with you with that statement but that was not my point. We were talking about regaining access to your computer again. This method has worked so far every time from my experience. What you have to do once you can access your computer again to get a clean system is something else.

You see, it is very shameful, if you can't access your own computer and ever time you turn it on, you get the lock screen, and the lock screen only, no matter what you try, and the screen says you have downloaded illegal pornographic material etc. What do you tell your wife or your boss why they can't use your pc?

Once you can access the Pc again it looks like any other infected computer and can no longer compromise you. There is the difference.

Our computers at home have gotten the old "come on" for a virus fix. Please send off the debit card number. The alert flashes on your screen. I creates foreboding of possible loss of the hard drive within a millisecond. The debit card is whipped out in a nanosecond. Eradicating the offender can be done without opening up the checkbook. Sometimes it takes some time to do it. The virus will block your antivirus and other programs that protect the computer. One virus my daughter picked up proceeded to hide all her pictures and desktop icons. She was frantic. After some searching the cure was found. Computer set straight. The key is remaining calm. When a "virus" program you did not install pops up with warnings it is a red flags you might be had. Remain calm. Close down each program through task manager. Note the name of said virus scanner. Begin the search for the cure. You will not be the first that has picked up a damn nuisance. :shifty:

@Dandyman, the cause of such locked computers in principle is a virus infection of any kind. And so the argument is the same: when manually regaining access to the system and then using a system restore point, you are still left with the residual risk of still having that malware, traces of it, sleeping parts, on your HD. You can run a viruscleaner then, yes. And still never will know for sure that it did what it claims to have done (=cleaning the system). Ergo: format and kill it all.

Virsusscanner do not get called "Virus repair kits". Their job and that of Malware scanners is not to repair systems, although they offer such features, but to scan for and find infections that do not reveal themselves to the user (trojans grabbing off data, for example, bot net trojans, keyloggers)

So save your time. In the case here, wipe the HD immediately, don't take a break at trying to reactivate Windows surface first. What for? you will never have guarantee that you really killed that damn thing.

I even would format two or three times, with power interruptions between each turn. Not before then I would physically connect an external HD with an (old!) image.

I work part time at a computer shop. Mind you, this Trojan is not nearly as sophisticated as many others, but it is cleverly done. I have managed to decompile it and take a look, technologically, its not really well done. I can probably do it in a few hours.

However, I have to fix 10 of these a day at my job, plus I hear that a lot of people actually pay. So I have to say, the business model works.

This doe snot . . .

Bless you, Rudolf :O:

This ransomware has been around for a while yet some people actually pay and that is what annoys me.

Ransomwares are a joke...

I've already removed 2 of them on PC's at work, you only need a set of tools (Anti Virus, Malware scanners, Rootkit killer and stuff that hunts and eliminated the traces)

just boot up your computer in Safe Mode with Network acces to have your PC unlocked from that crap and you can get to work.

HunterICX

This ransomware has been around for a while yet some people actually pay and that is what annoys me.

In your line of work I'm sure you noticed people are gullible and easily open to suggestion. The flashing alert with red numbers running up like mad indicating virus and porn on the computer is overkill on suggestion. People breakout in a cold sweat as soon as they realize something might be wrong with their beloved computer. Visual stimulus of their world crashing in on them. All of this takes place in a second. Second number two the card is out to pay for the program to unlock the virus and free the individual from eminent failure of all they have amassed on the computer! :o It plays on one's fears. It works quite well.

In your line of work I'm sure you noticed people are gullible and easily open to suggestion. The flashing alert with red numbers running up like mad indicating virus and porn on the computer is overkill on suggestion. People breakout in a cold sweat as soon as they realize something might be wrong with their beloved computer. Visual stimulus of their world crashing in on them. All of this takes place in a second. Second number two the card is out to pay for the program to unlock the virus and free the individual from eminent failure of all they have amassed on the computer! :o It plays on one's fears. It works quite well.

Yep, quite a rollercoaster ride for some I should imagine...especially if they've been looking at iffy sites in the past :03:

Yep, quite a rollercoaster ride for some I should imagine...especially if they've been looking at iffy sites in the past :03:

Hmmmmmm....wonder how Dowly handles these. :hmmm::haha:

Hmmmmmm....wonder how Dowly handles these. :hmmm::haha:

LOL....with just two little fingers I should imagine :O:

Ransomwares are a joke...

I've already removed 2 of them on PC's at work, you only need a set of tools (Anti Virus, Malware scanners, Rootkit killer and stuff that hunts and eliminated the traces)

just boot up your computer in Safe Mode with Network acces to have your PC unlocked from that crap and you can get to work.
Yep. I had one of these not too long ago, and completely re-installing Windows didn't help. Once I found out about doing it in safe mode, Malewarebytes was the only program that finally found the thing and killed it. It was a good thing I already had MB on my PC, because you can't get online to download stuff in safe mode.

Well Steve, with Win7 you have a choice to rreboot in Safe mode or Safe Mode with networking, which means you can get online while in Safe mode.

I picked up that stupid redirect virus or rootkit. Everytime I wanted to go to a site I normally go to, I would get redirected to somewhere else, a real PITA too,lol

I went to Symantics website, and tried a small virus proggy that they let you have for free, but it didn't work. So I checked out Kaspersky's site and found this for removing rootkits. It does run in Safe mode and fixed my system just fine without reinstalling Windows, which I really appreciated. I also picked up a virus that won't let Windows boot up, has a funnjy name (which I can't remember ATM) but you'll see a blue screen that says something about I/O problem and you should get your systems admin for help. Its name includes Harddisk, but I don't recall the full virus' name.

Should dl it and keep it handy if you pick up this rootkit, when you run this, it will update itself also, which is great!

http://support.kaspersky.com/faq/?qid=208283363

Well Steve, with Win7...
Well, you see, I still have XP. So I keep my Malwarebytes handy. :D

That's good!

http://guides.yoosecurity.com/wp-content/uploads/2012/04/Your-computer-is-lock-West-Yorkshire-Police-virus.jpg

boot safe mode, malwarebytes... presto.
or boot safemode, dos commands, activate admin accont (the hidden one!) and reboot.
log in as asmin account, check msconfig for funny stuff, and find relevant files.
remove delete burn and nuke.
reboot
malwarebytes.
Ccleaner
reboot
use regular account to check...
remove admiin account (deactivate)

basta.

1h work, 50 dollar in the pocket.
5 dollar tip and an embarassed customer... it was obvious where he got the stuff.
happened wednesday to me...:)

I guess that some people really believe the fake law enforcement ones it seems.Who ever gets the money from these must not be doing to poorly I'd say
not to much effort to make them up really.

Really common sense would be that if you really had been busted you'd have the police at your door with a search warrant but I suppose that people are gullible.

I guess that some people really believe the fake law enforcement ones it seems.Who ever gets the money from these must not be doing to poorly I'd say
not to much effort to make them up really.

Really common sense would be that if you really had been busted you'd have the police at your door with a search warrant but I suppose that people are gullible.

Precisely :yep:

boot safe mode, malwarebytes... presto.
or boot safemode, dos commands, activate admin accont (the hidden one!) and reboot.
log in as asmin account, check msconfig for funny stuff, and find relevant files.
remove delete burn and nuke.
reboot
malwarebytes.
Ccleaner
reboot
use regular account to check...
remove admiin account (deactivate)

basta.

1h work, 50 dollar in the pocket.
5 dollar tip and an embarassed customer... it was obvious where he got the stuff.
happened wednesday to me...:)


Well then you had another than our clients in Germany.
We did exactly what you did, only it came back after 5-7 reboots.

There was no other way than really wiping it -

There was one thing i did not have to try yet:
http://www.bleepingcomputer.com/download/combofix/

It seems to be like ACID for your OS... removing everything but the stuff needed to operate your programs, and leaving your files alone.

The guys that use it where i work can not praise it enough...

and this webpage says:
http://www.bleepingcomputer.com/download/windows/

Based on Total Downloads
1. ComboFix (http://www.bleepingcomputer.com/download/combofix/) 5,794,630
2. RKill (http://www.bleepingcomputer.com/download/rkill/) 882,349
3. Malwarebytes Anti-Malware (http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/) 803,527
4. Unhide (http://www.bleepingcomputer.com/download/unhide/) 258,174
5. TDSSKiller (http://www.bleepingcomputer.com/download/tdsskiller/) 188,374




and i mean... 5mill to 800k in second position... can not be bad software!
But as they say: handle with care (test in VM or something...?) and know exactly what you do!

I use ComboFix when needed.
:yeah:

Careful with Combofix, it seems to be very powerful, but can kill system elements that leave you with anm instabile system. I know of two such cases, and inb oth cases people were not able to revert via system restore points and sooner or later ended with reinstalling.

At a couple of German places I also occasionally read that it is not fully reliable/compatible under x64 OS.

For routine scans I would definitely stay away from it.

Number of downloads must not mean anything. On German sites, it does not get mentioned much, and gets mediocre ratings only. ;)

I do not blindly trust such software anyway...

I need to look, find where the bad stuff is hiding, find out how i can safely remove it without fudging up the system, and then check that the Job has been done properly.

Blindly bombarding your windows with such stuff...
That is boring, and i do not learn a damn thing.
Not learning, is not progressing.
Not progressing is doing a bad job.

and as innovative and creative one is supposed to be as an IT support tech...
doing a bad job is not an option!

so i fully agree - careful with that stuff.:yeah: