Announcement

Collapse
No announcement yet.

Thank You Charlie!

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Thank You Charlie!

    Yesterday morning, I opened an e-mail and the file that had is attached. It was sent on the pretense that it was my company and the attachment was in the form of a PDF file. During the closing of my current assignment, it is not uncommon to get various e-mails with attachments. This however is virus of sorts. It is called Crypto Locker, what as done as attached its self to my files, Vids and, Photos. rendering me unable to access them. The Kicker is the message comes with a ransom note (Blackmail) that if I send them $300.00 they will send me the key code to unlock my files. This is done through a third party MoneyPak. It comes with a countdown (3 days) to when the key code will be destroyed. I have read up on this and there are no other options if I want my files back, but no guarantee if I pay this ransom I will get that key either. I have choose that I will not pay to get my files back, virtually killing all files stored on laptop. Now I have some decisions to make, and still need to explore my options. I have to schools of thought. One I let it lock them up see what I have access left delete all files and go into the system and remove the virus. Two do a hard factory restore to original status. three turn my computer off leave it and buy a new one. Like I said I am wrapping up this assignment, and my Outlook holds this current jobs correspondence, and professional contacts. This is the only thing that concerns me.
    Like I had put in the title, Thank you Charlie, I had backed up my files a month ago so there is little impact on my files. since his situation I took heed and backed it up.
    I will be working on this for the next few days and should be on intermittently.
    Look to the ground for it holds the past!

  • #2
    That sucks Chase, have you tried something like Geek Squad?
    Searching the fields of Northwest Indiana and Southwestern Michigan

    Comment


    • #3
      Don't know if it's the same thing but got this from our local PD in my Town email. It has a few links that may or may not be helpful......
      The Guilford Police Department wishes to make the public aware of a computer related fraud.
      The user will be on line when a notice will pop up purporting to be generated from a law enforcement agency such as the FBI. It informs the user that the computer has been locked due to unauthorized activity such as use of pirated software or media, or illegal content such as child pornography,  and requires the user to pay a fine to unlock the computer and remove the content. The payments are often delivered using a wire transfer or an online payment voucher.  The user will be instructed to pay the fine and their computer will be unlocked and the content will be removed.  This type of fraud is commonly referred to as "Ransonware". Pop-up messages will look very official, contain images and logos that are readily recognizable but are not legitimate.There are many resources for more information on these types of attacks. Generally all unsolicited requests for money to be wired, transferred or by pre-paid credit/debit cards are frauds. Law enforcement agencies do not accept fines or adjudicate crimes over the internet. Below are some links to more information on this type of fraud. Remember: Your computer should have Anti-virus software whether commercially purchased or reputable free software running and kept up to date. New attacks are being developed and released into the wild everyday. It is important to protect yourself with the available tools.
        US-CERT an Official website of the Department of Homeland Security
      http://www.us-cert.gov/ncas/alerts/TA13-309A
      Wikipedia info on Ransomware
      http://en.wikipedia.org/wiki/Ransomware_%28malware%29
      Microsoft Malware Protection Center
      http://www.microsoft.com/security/po...ansomware.aspx
      Info from Symantec Anti-virus
      http://www.symantec.com/content/en/u...ing-menace.pdf
        If you can not click on any of the links above please copy the whole line and paste it into your browser address bar.
      Southern Connecticut

      Comment


      • #4
        Hi Chase
        That’s a real bummer. At least you have back-ups. There are several options to ultimately clean your PC and you certainly won’t need to buy a new one. It will just be tedious to restore back to its original settings.
        There is a possibility that it’s not as bad as you think. There is a variant of this “ransomware” that prevents you from doing just about anything in “Normal Mode” on your PC but which is an empty threat as regards encryption and the unique key. A bluff that has disabled your ability to access files but not via encryption.
        Start your computer via a cold boot in “Safe Mode” and use the command prompt to run MSCONFIG. Click on “Start” / “Run”, type MSCONFIG and hit [Return]. Then click on the “Startup” tab and you should be able to see the path for the ransomware file… ie where it is loading from and what the file is called.
        There’s a tick-box that should enable you to disable it but that won’t help. That’s because it appends your “shell=” line in the Windows registry to include itself whenever Windows Launches (even in Safe Mode). But, in Safe Mode with Command Prompt, it doesn't load because you're not using the “shell=” command line in the registry. That means you can actually delete the file via the Command Prompt in Safe Mode once you know where it is and what it’s called.
        Running MSCONFIG doesn't risk anything. You're only looking at that point. What I don’t know is the effect the deletion might have if the threat is genuine. Probably it will result in the unique key being destroyed as threatened. But if you reach the point of no return, then you don’t have much to lose by trying this.
        If you need more info about how to do this, let me know and post details of the file path here together with the Windows version you are using.
        I keep six honest serving-men (they taught me all I knew); Their names are What and Why and When and How and Where and Who.

        Comment


        • #5
          For the benefit of others (and for when you finally get your system back) there is a simple way to reduce the risk of getting caught by this particular scam. The file they send you is not a pdf file with a “.pdf” extension, it’s an executable file that has an “.exe” extension. The default Windows setup is that file extensions are hidden, so in those circumstances you don’t realise it’s an executable.
          For example, with the default Windows setup, the file they send you might actually be called:
          “Address Details.pdf.exe”
          The “.pdf” is part of the file name, not actually the file extension. But Windows hides the file extension (the “.exe” part) so that the file appears as:
          “Address Details.pdf”
          Although it’s never a good idea to launch any file that comes to you by e-mail from an unknown source, they’re relying on an assumption that most people will be suspicious of executable files (with extensions like .exe and .bat and .com etc), whereas pdf and other data files will normally be regarded as less suspicious.
          It’s always a good idea to change the Windows file and folder view options so that file extensions are not hidden. You then have a much better chance of spotting malicious files that are executables rather than just data files.
          I keep six honest serving-men (they taught me all I knew); Their names are What and Why and When and How and Where and Who.

          Comment


          • #6
            Sorry to hear this happened, chase, but glad my experience did help you take precautions. My desktop is still put aside until someone with real knowledge of computers can do what needs to be done. Hope you get it straightened out. Saw a similar warning about these ransom scams on our local news a few days ago.
            Rhode Island

            Comment


            • #7
              Thank Roger, I have already bought a new computer and am working on it now. I have set up most everything I need on it, accept my contacts from Outlook. Once that has been done, I will wipe it clean. I now have Cloud, and now all files are safe and up to date. Not that I will stop doing a hard backup, but its comforting to know those b******s wont win with me anyway. What is disturbing is where the money the extort goes, my guess is terrorist activity's.
              Last edited by painshill; 09-28-2021, 06:46 PM.
              Look to the ground for it holds the past!

              Comment


              • #8
                Cryptolocker only targets files with the following extensions:
                *.odt, *.ods, *.odp, *.odm, *.odc, *.odb, *.doc, *.docx, *.docm, *.wps, *.xls, *.xlsx, *.xlsm, *.xlsb, *.xlk, *.ppt, *.pptx, *.pptm, *.mdb, *.accdb, *.pst, *.dwg, *.dxf, *.dxg, *.wpd, *.rtf, *.wb2, *.mdf, *.dbf, *.psd, *.pdd, *.pdf, *.eps, *.ai, *.indd, *.cdr, *.jpg, *.jpe, img_*.jpg, *.dng, *.3fr, *.arw, *.srf, *.sr2, *.bay, *.crw, *.cr2, *.dcr, *.kdc, *.erf, *.mef, *.mrw, *.nef, *.nrw, *.orf, *.raf, *.raw, *.rwl, *.rw2, *.r3d, *.ptx, *.pef, *.srw, *.x3f, *.der, *.cer, *.crt, *.pem, *.pfx, *.p12, *.p7b, *.p7c
                Unfortunately that includes .pst files which is how your Outlook contacts are stored.
                Since you have purchased a new computer anyway, when it's set up and restored with whatever back-ups you have, why not try tracking the hostile file on the old computer and deleting it via the command prompt in Safe Mode? You really have nothing to lose and you might just get your files back.
                If the new computer is Windows 8, have a look in "Control Panel" for “System and security” then “File history” and check whether it says it’s On or Off. If it's on, you can then set your system so that earlier versions of files can be retrieved, whatever drive they're stored on. So, if they get encrypted (or corrupted), you can easily retrieve a version that pre-dates the problem. It only works on drives formatted as NTFS. You can also do this in a less sophisticated way on other versions of Windows.
                Don't forget to "unhide" your file extensions.
                [It's also worth remembering that if the hostile file was actually encrypting your data then it would have taken a while to work through all of your files. For anyone else who might experience this kind of attack, the sooner you switch off, the less damage that can be done.]
                I keep six honest serving-men (they taught me all I knew); Their names are What and Why and When and How and Where and Who.

                Comment


                • #9
                  Just want to share my misfortune with everyone.
                  Look to the ground for it holds the past!

                  Comment


                  • #10
                    Chase sorry to hear that. I hope you get it fixed soon. It seems that law enforcement does too little to stop this kind of attack. Of course some of this comes from another country and our law enforcement has little influence there.
                    Michigan Yooper
                    If You Don’t Stand for Something, You’ll Fall for Anything

                    Comment


                    • #11
                      Thanks for the info Chase, Roger, and Charlie! I am going to work on some things this weekend.
                      Like a drifter I was born to walk alone

                      Comment

                      Working...
                      X