We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
The Forum now has a brand new text editor, adding a bunch of handy features to use when creating posts. Read more in our how-to guide
Is this true
Comments
-
My humble opinion is that no anti virus software whether free or paid for can guarantee you'll never get infected. Think about it, viruses, malware evolves at a rapid rate, once new ones are discovered the anti virus companies then have to play catch-up and issue a solution via a definitions update. That takes anything from a few hours to a few days depending on the sophistication of the virus/malware. Hence the numerous and regular warnings about keeping your installed anti virus / malware programs up to date and maintaining regular backups of your system/data.
Cryptolocker so far has managed to evade whatever anti virus programs have been installed and you can guarantee the person or people behind it will already be issuing new variants of it and /or making it even harder to detect and remove.0 -
Cryptlocker is, IMHO, even worse than ZeroAccess.... at least with ZA you can remove it and have acces to your data without re-installing everything. And let's face it, the majority don't have a clue about full-image backups.........Gettin' There, Wherever There is......
I have a dodgy "i" key, so ignore spelling errors due to "i" issues, ...I blame Apple
0 -
Cryptolocker seems to be causing major problems everywhere at the moment, for both businesses and home users.
I've yet to encounter it myself, but have read up on it just in case.
It appears that paying the ransom does actually get your files back, which makes sense because then folk post about this like I'm doing now and more folk decide to pay the ransom.
If you remove the infection from your system first, then the necessary info needed to get your decryption key is lost and then your files are worthless.
No-one has broken the encryption yet.
Best source of info about it seems to be Reddit.0 -
-
Jivesinger wrote: »I have seen reports that some people do get their files back when they pay though.
If you think about it, if they didn't there would be no reason to pay.0 -
....to my mind, wiping the drive was not the only option...
It's not.
Let's say it was cryptolocker (but as pointed out earlier, we don't know). Removing the malware itself is the easy part, it's the files that are encrypted that is the problem - you've no need to wipe a drive that has encrypted files.
It's a possibility that you could recover some files from the Shadow Volume Copies.
http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information#shadow
Generally, wiping the drive is the most cost effective way for the tech - I have found there are some that offer "virus removal" as a service when they don't actually understand malware and/or don't know how to clean it other than scanning it with as many generic scanners as they can lay their hands on, or wiping it.
Personally, I've only ever wiped a drive that has a true file infecting virus on it - and that's purely because I find it the best solution for that particular type of malware - clean it and miss just one file and the system's reinfected - so it's easiest and best to just wipe it & start again.0 -
Yes agree closed, you shared that hint some while ago, and I did it. It saved me hours when had to return laptop under warranty for hardware fault, and they unnecessarily re-load OS.
Still does not answer the question, would virus ptotection keep you save from this?
DG
No, up to date virus protection could not stop Cryptolocker initially as the AV vendors need the malware itself to be able to update their definitions and protect machines. Even then you're not necessarily protected because the malware is likely to be modified to avoid detection. I don't know how well AV software is currently stopping Cryptolocker as there's been at least one variant since release, possibly two looking at the thread on Bleepingcomputer -http://www.bleepingcomputer.com/forums/t/506924/cryptolocker-hijack-program/ . That's the best place to get details on the malware and how it's adapting.
If malware uses a vulnerability in Windows to infect a machine and it's been patched by Microsoft then a fully patched machine would be protected by any malware that used the vulnerability. This malware doesn't use a Windows exploit nor does it need admin privileges, all it needs is write access to the files to encrypt them.
Someone has written a tool which blocks executables from running in the appdata folder which prevents Cryptolocker from working as this is where it stores itself. It may block some legimate software but it's not a bad solution overall as it tends to be malware that runs from appdata as it can get write access there under a normal user profile whereas other locations particularly program files needs elevated permissions.
In particular this malware highlights not just the importance of backups but also backup strategy. The software infects all local drives, all USB drives and also any mapped network drives so if your system is infected and you have your backup on a USB drive connected to the machine or running on a NAS it would get infected as well. Also if you're using RAID 1 (where the data is mirrored) with the belief this automatically backups your data, you'd lose it all because both drives would be encrypted.
John0 -
The OH is the 'computer expert' amongst his friends (those quotes look like I'm being sarcastic but he really is good with computers!), and the amount of times he's had to f@nny about with their laptops and PCs and/or wipe and re-install operating systems because they haven't listened to a word he's told them (back up data often, update anti-malware software regularly and DO NOT go to dodgy sites/click dodgy links) is incredible. Simple, you would think? And these, on the whole, are intelligent people. People just get lazy and hackers take advantage of that.Dry January: 31/31 days. :T0
-
I agree with the above that you can't rely on an anti virus product to protect yourself, although having one will reduce the odds of it happening. So the only reliable way to prevent this from hurting you is to back up your files. I've just posted separately on the service that now comes free with Windows 8 and 8.1 - 'File History'. Look at my post history if you need a Microsoft link to help.
Personally I would never pay a blackmailer, no matter what the loss.0 -
The OH is the 'computer expert' amongst his friends (those quotes look like I'm being sarcastic but he really is good with computers!), and the amount of times he's had to f@nny about with their laptops and PCs and/or wipe and re-install operating systems because they haven't listened to a word he's told them (back up data often, update anti-malware software regularly and DO NOT go to dodgy sites/click dodgy links) is incredible. Simple, you would think? And these, on the whole, are intelligent people. People just get lazy and hackers take advantage of that.
Yep, you would think simple and these days cheap as well to get a small USB hard drive just to plug in and back up occasionally and/or use cloud services. It's not just a case of people failing to back up often as it's frustratingly common that people haven't backed up at all despite telling me how vital and irreplaceable their data was when I explain to them the hard drive has completely failed and there is nothing I can do to get the data back. Even worse are the cases where I've managed to get data back off a failing hard drive and the same person has come to me later with another failing drive (laptops and delicate mechanical devices are not a great combination at times) and they still haven't backed up any of the data they urgently need?!
Thankfully I haven't been asked for help with Cryptolocker yet but I'm concerned that when it inevitably uses a different method of infection that it's going to spread much wider. So far it looks like it's been updated to kill shadow copies and the price for decryption could now be as high as $2,100.
John0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 353.5K Banking & Borrowing
- 254.2K Reduce Debt & Boost Income
- 455K Spending & Discounts
- 246.6K Work, Benefits & Business
- 602.9K Mortgages, Homes & Bills
- 178.1K Life & Family
- 260.6K Travel & Transport
- 1.5M Hobbies & Leisure
- 16K Discuss & Feedback
- 37.7K Read-Only Boards