For PC Virus Victims, Pay or Else

Onkel Neal · 12-07-12, 07:49 AM

http://www.nytimes.com/2012/12/06/te...pagewanted=all

Quote:

The messages often demand that victims buy a preloaded debit card that can be purchased at a local drugstore — and enter the PIN. That way it’s impossible for victims to cancel the transaction once it becomes clear that criminals have no intention of unlocking their PC.

Wow, I had no idea things were this bad.

Aces · 12-07-12, 07:57 AM

I've heard of this, I believe that the term is Ransomware,

http://en.wikipedia.org/wiki/Ransomware_%28malware%29

Even had a few e-mails like this in my works spam folder.

Regards

Aces

STEED · 12-07-12, 08:16 AM

Bloody Hell! This is bang out of order.

Skybird · 12-07-12, 08:19 AM

Not really new, but a problem growing since quite some time now.

I can only repeat it agai n and again: when doing online banking and going online in general, PARANOIA IS A VIRTUE.

Another growing concern is are drive-by-attacks. The times when downloaded intrusive software mjust be activated by the user by making him click on something, are the past. New malware of this type installs and activates itself by the user just landing on a certain website with an infested element. Period.

Finally, rootkits and new trojans are of such a nature that antivirus software practically does not detect them. Thus my recommendation to use an additional specialized malware scanner parallel to a firewall and antivirus scanner. This doe snot delete the risk, but it reduces it. My alarm from three months ago that amde me reinstall my system was coming from the malware scanner as well, not the antivirus scanner.

I occasionally read of IT security experts who said that in their opinion antivirus scanners are already overrated and are being still sold to the private audience for profit interests only.

In general I think the web is becoming much more risky and dangerous.

Plus there is enormous lobbying for establishing more state censorship. But that is another topic.

The degrading security situation also is a primary argument against smartphones, imo, since smartphone users are even more naive and carelessly minded, than PC users.

In case of a security breahc on your system: do not repair. Format and reinstall. Always. As the phrase tells you: "once corrupted, always corrupted".

Dan D · 12-07-12, 08:25 AM

No, no it is not that bad. It is fairly easy to unlock the PC again. Going to safe mode and then using the restore point function will do the trick.

Problem is, people have to understand first that their computer actually got hacked by some crooks when the lock screen says something else, e.g. the "FBI" or some other "authority" has locked you computer for violating copyright laws, downloading child porn etc.

I have had a couple of people asking me for help because they thought they were in legal trouble now. So far I always could tell them: "no you don't have legal problems, you have a computer virus!"

A poorly written article!

kraznyi_oktjabr · 12-07-12, 08:31 AM

I had heard of this ransomware before but didn't know how they manage to fool people. Very interesting article. Thanks Neal!

Skybird · 12-07-12, 09:41 AM

Quote:

Originally Posted by Dan D

No, no it is not that bad. It is fairly easy to unlock the PC again. Going to safe mode and then using the restore point function will do the trick.

Problem is, people have to understand first that their computer actually got hacked by some crooks when the lock screen says something else, e.g. the "FBI" or some other "authority" has locked you computer for violating copyright laws, downloading child porn etc.

I have had a couple of people asking me for help because they thought they were in legal trouble now. So far I always could tell them: "no you don't have legal problems, you have a computer virus!"

A poorly written article!

A loud and sounding NEGATIVE! from me! It is a modern myth that system restore points can help you to easily clean infections by rolling back to an earlier state of the system, because infected files and malware installed could get included in system restore points to which you then revert - that is you are reinfecting your system by yourself!

That is why it is an often given advice that in case you do not want to format and reinstall your system, but choose the "easy" way tro put your trust - and make a gamble - in using an antivir solution to "clean" the system, before you do so you should switch off system restore feature and make sure that all restore points get manually deleted/overwritten.

Skybird · 12-07-12, 09:51 AM

And look what I have found via Google search, page 1, entry 1: they are saying exactly the same like I do:

http://www.brighthub.com/computing/s...les/44731.aspx

P.S. And this:
http://antivirus.about.com/od/window...temrestore.htm

Dan D · 12-07-12, 10:12 AM

Quote:

Originally Posted by Skybird

A loud and sounding NEGATIVE! from me! It is a modern myth that system restore points can help you to easily clean infections....

@Birdman, I agree with you with that statement but that was not my point. We were talking about regaining access to your computer again. This method has worked so far every time from my experience. What you have to do once you can access your computer again to get a clean system is something else.

You see, it is very shameful, if you can't access your own computer and ever time you turn it on, you get the lock screen, and the lock screen only, no matter what you try, and the screen says you have downloaded illegal pornographic material etc. What do you tell your wife or your boss why they can't use your pc?

Once you can access the Pc again it looks like any other infected computer and can no longer compromise you. There is the difference.

AVGWarhawk · 12-07-12, 10:21 AM

Our computers at home have gotten the old "come on" for a virus fix. Please send off the debit card number. The alert flashes on your screen. I creates foreboding of possible loss of the hard drive within a millisecond. The debit card is whipped out in a nanosecond. Eradicating the offender can be done without opening up the checkbook. Sometimes it takes some time to do it. The virus will block your antivirus and other programs that protect the computer. One virus my daughter picked up proceeded to hide all her pictures and desktop icons. She was frantic. After some searching the cure was found. Computer set straight. The key is remaining calm. When a "virus" program you did not install pops up with warnings it is a red flags you might be had. Remain calm. Close down each program through task manager. Note the name of said virus scanner. Begin the search for the cure. You will not be the first that has picked up a damn nuisance.

Skybird · 12-07-12, 10:23 AM

@Dandyman, the cause of such locked computers in principle is a virus infection of any kind. And so the argument is the same: when manually regaining access to the system and then using a system restore point, you are still left with the residual risk of still having that malware, traces of it, sleeping parts, on your HD. You can run a viruscleaner then, yes. And still never will know for sure that it did what it claims to have done (=cleaning the system). Ergo: format and kill it all.

Virsusscanner do not get called "Virus repair kits". Their job and that of Malware scanners is not to repair systems, although they offer such features, but to scan for and find infections that do not reveal themselves to the user (trojans grabbing off data, for example, bot net trojans, keyloggers)

So save your time. In the case here, wipe the HD immediately, don't take a break at trying to reactivate Windows surface first. What for? you will never have guarantee that you really killed that damn thing.

I even would format two or three times, with power interruptions between each turn. Not before then I would physically connect an external HD with an (old!) image.

the_tyrant · 12-07-12, 10:29 AM

I work part time at a computer shop. Mind you, this Trojan is not nearly as sophisticated as many others, but it is cleverly done. I have managed to decompile it and take a look, technologically, its not really well done. I can probably do it in a few hours.

However, I have to fix 10 of these a day at my job, plus I hear that a lot of people actually pay. So I have to say, the business model works.

Herr-Berbunch · 12-07-12, 10:41 AM

Quote:

Originally Posted by Skybird

This doe snot . . .

Bless you, Rudolf

Jimbuna · 12-07-12, 11:12 AM

This ransomware has been around for a while yet some people actually pay and that is what annoys me.

HunterICX · 12-07-12, 11:35 AM

Ransomwares are a joke...

I've already removed 2 of them on PC's at work, you only need a set of tools (Anti Virus, Malware scanners, Rootkit killer and stuff that hunts and eliminated the traces)

just boot up your computer in Safe Mode with Network acces to have your PC unlocked from that crap and you can get to work.

HunterICX

12-07-12, 07:57 AM	#2
Aces Ace of the Deep Join Date: Apr 2005 Location: London, UK Posts: 1,140 Downloads: 211 Uploads: 0	I've heard of this, I believe that the term is Ransomware, http://en.wikipedia.org/wiki/Ransomware_%28malware%29 Even had a few e-mails like this in my works spam folder. Regards Aces __________________ Gamefront: http://tinyurl.com/bpbaeyl Mediafire: http://tinyurl.com/bn2aoqt YouTube: http://tinyurl.com/clvy94f RSS Feed: http://tinyurl.com/cpbbqv9 Blog: http://tinyurl.com/cv44x82

12-07-12, 08:16 AM	#3
STEED Lucky Jack Join Date: Jan 2006 Location: Down Town UK Posts: 27,695 Downloads: 89 Uploads: 48	Bloody Hell! This is bang out of order. __________________ Dr Who rest in peace 1963-2017. To borrow Davros saying...I NAME YOU CHIBNALL THE DESTROYER OF DR WHO YOU KILLED IT!

12-07-12, 08:19 AM	#4
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,670 Downloads: 10 Uploads: 0	Not really new, but a problem growing since quite some time now. I can only repeat it agai n and again: when doing online banking and going online in general, PARANOIA IS A VIRTUE. Another growing concern is are drive-by-attacks. The times when downloaded intrusive software mjust be activated by the user by making him click on something, are the past. New malware of this type installs and activates itself by the user just landing on a certain website with an infested element. Period. Finally, rootkits and new trojans are of such a nature that antivirus software practically does not detect them. Thus my recommendation to use an additional specialized malware scanner parallel to a firewall and antivirus scanner. This doe snot delete the risk, but it reduces it. My alarm from three months ago that amde me reinstall my system was coming from the malware scanner as well, not the antivirus scanner. I occasionally read of IT security experts who said that in their opinion antivirus scanners are already overrated and are being still sold to the private audience for profit interests only. In general I think the web is becoming much more risky and dangerous. Plus there is enormous lobbying for establishing more state censorship. But that is another topic. The degrading security situation also is a primary argument against smartphones, imo, since smartphone users are even more naive and carelessly minded, than PC users. In case of a security breahc on your system: do not repair. Format and reinstall. Always. As the phrase tells you: "once corrupted, always corrupted". __________________ If you feel nuts, consult an expert.

12-07-12, 08:25 AM	#5
Dan D Grey Wolf Join Date: Jul 2002 Location: 9th Flotilla Posts: 839 Downloads: 0 Uploads: 0	No, no it is not that bad. It is fairly easy to unlock the PC again. Going to safe mode and then using the restore point function will do the trick. Problem is, people have to understand first that their computer actually got hacked by some crooks when the lock screen says something else, e.g. the "FBI" or some other "authority" has locked you computer for violating copyright laws, downloading child porn etc. I have had a couple of people asking me for help because they thought they were in legal trouble now. So far I always could tell them: "no you don't have legal problems, you have a computer virus!" A poorly written article! __________________

12-07-12, 08:31 AM	#6
kraznyi_oktjabr Sea Lord Join Date: Mar 2010 Location: Republiken Finland Posts: 1,803 Downloads: 8 Uploads: 0	I had heard of this ransomware before but didn't know how they manage to fool people. Very interesting article. Thanks Neal! __________________ You talk to God, you're religious. God talks to you, you're psychotic. - Dr. House

12-07-12, 09:51 AM	#8
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,670 Downloads: 10 Uploads: 0	And look what I have found via Google search, page 1, entry 1: they are saying exactly the same like I do: http://www.brighthub.com/computing/s...les/44731.aspx P.S. And this: http://antivirus.about.com/od/window...temrestore.htm __________________ If you feel nuts, consult an expert.

12-07-12, 10:21 AM	#10
AVGWarhawk Lucky Jack Join Date: Jun 2005 Location: In a 1954 Buick. Posts: 28,280 Downloads: 90 Uploads: 0	Our computers at home have gotten the old "come on" for a virus fix. Please send off the debit card number. The alert flashes on your screen. I creates foreboding of possible loss of the hard drive within a millisecond. The debit card is whipped out in a nanosecond. Eradicating the offender can be done without opening up the checkbook. Sometimes it takes some time to do it. The virus will block your antivirus and other programs that protect the computer. One virus my daughter picked up proceeded to hide all her pictures and desktop icons. She was frantic. After some searching the cure was found. Computer set straight. The key is remaining calm. When a "virus" program you did not install pops up with warnings it is a red flags you might be had. Remain calm. Close down each program through task manager. Note the name of said virus scanner. Begin the search for the cure. You will not be the first that has picked up a damn nuisance.

12-07-12, 10:23 AM	#11
Skybird Soaring Join Date: Sep 2001 Location: the mental asylum named Germany Posts: 42,670 Downloads: 10 Uploads: 0	@Dandyman, the cause of such locked computers in principle is a virus infection of any kind. And so the argument is the same: when manually regaining access to the system and then using a system restore point, you are still left with the residual risk of still having that malware, traces of it, sleeping parts, on your HD. You can run a viruscleaner then, yes. And still never will know for sure that it did what it claims to have done (=cleaning the system). Ergo: format and kill it all. Virsusscanner do not get called "Virus repair kits". Their job and that of Malware scanners is not to repair systems, although they offer such features, but to scan for and find infections that do not reveal themselves to the user (trojans grabbing off data, for example, bot net trojans, keyloggers) So save your time. In the case here, wipe the HD immediately, don't take a break at trying to reactivate Windows surface first. What for? you will never have guarantee that you really killed that damn thing. I even would format two or three times, with power interruptions between each turn. Not before then I would physically connect an external HD with an (old!) image. __________________ If you feel nuts, consult an expert. Last edited by Skybird; 12-07-12 at 10:35 AM.

12-07-12, 10:29 AM	#12
the_tyrant Admiral Join Date: Jun 2010 Location: Canada Posts: 2,272 Downloads: 58 Uploads: 0	I work part time at a computer shop. Mind you, this Trojan is not nearly as sophisticated as many others, but it is cleverly done. I have managed to decompile it and take a look, technologically, its not really well done. I can probably do it in a few hours. However, I have to fix 10 of these a day at my job, plus I hear that a lot of people actually pay. So I have to say, the business model works. __________________ My own open source project on Sourceforge OTP.net KGB grade encryption for the rest of us

12-07-12, 11:12 AM	#14
Jimbuna Chief of the Boat Join Date: Feb 2006 Location: 250 metres below the surface Posts: 190,712 Downloads: 63 Uploads: 13	This ransomware has been around for a while yet some people actually pay and that is what annoys me. __________________ Wise men speak because they have something to say; Fools because they have to say something. Oh my God, not again!!

12-07-12, 11:35 AM	#15
HunterICX Rear Admiral Join Date: May 2006 Location: Malaga, España Posts: 10,750 Downloads: 8 Uploads: 0	Ransomwares are a joke... I've already removed 2 of them on PC's at work, you only need a set of tools (Anti Virus, Malware scanners, Rootkit killer and stuff that hunts and eliminated the traces) just boot up your computer in Safe Mode with Network acces to have your PC unlocked from that crap and you can get to work. HunterICX __________________