- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
WARNING: Just had a Ransom Ware attack on my computer
Posted on 5/22/16 at 3:49 pm
Posted on 5/22/16 at 3:49 pm
No, I was not on a porn site.
I had just clicked on a college baseball website when the ransom note popped up on my screen. Computer froze up completely. I had to restore to factory settings just to get it operating again.
Word of advice...back up your files often. Luckily I backed up all of my critical files earlier this week.
But it's still a pain in the butt.
Anybody know a better way to repair such a situation? Also is there a way to prevent it?
I had just clicked on a college baseball website when the ransom note popped up on my screen. Computer froze up completely. I had to restore to factory settings just to get it operating again.
Word of advice...back up your files often. Luckily I backed up all of my critical files earlier this week.
But it's still a pain in the butt.
Anybody know a better way to repair such a situation? Also is there a way to prevent it?
Posted on 5/22/16 at 4:32 pm to LSURussian
We've been hit at work 4 times.
We backup nightly, but we still lose a lot of money when it hits and folks lose their work since last backup.
We backup nightly, but we still lose a lot of money when it hits and folks lose their work since last backup.
Posted on 5/22/16 at 6:18 pm to LSURussian
what anti virus/malware software do you use?
Posted on 5/22/16 at 7:17 pm to LSURussian
quote:
Word of advice...back up your files often
Every day.
quote:
No, I was not on a porn site
But I bet you were on a russian site at some point during the day.
Posted on 5/22/16 at 8:53 pm to colorchangintiger
Mother in law had this damn thing and it was impossible to fight
Posted on 5/22/16 at 9:17 pm to CE Tiger
Uninstall flash, reader, and dont use IE.
Posted on 5/22/16 at 9:47 pm to CE Tiger
quote:What is the payoff to the bad guys who distribute the virus?
Mother in law had this damn thing and it was impossible to fight
Posted on 5/22/16 at 10:32 pm to foshizzle
No Russian site today or any day for years. I can't remember the last Russian site I went to.
I was on Tigerdroppings and a thread on the Rant got me thinking about likely baseball host sites for the post season tournament.
So, I googled "NCAA baseball regional host site projections." I read articles from a couple of links and when I clicked on the third link, BAM!, the ransom ware message window opened and I was screwed.
To answer the other poster's question, I use McAffee. I just renewed it last week and updated it. Right now I'm obviously not too pleased with McAffee.
I was on Tigerdroppings and a thread on the Rant got me thinking about likely baseball host sites for the post season tournament.
So, I googled "NCAA baseball regional host site projections." I read articles from a couple of links and when I clicked on the third link, BAM!, the ransom ware message window opened and I was screwed.
To answer the other poster's question, I use McAffee. I just renewed it last week and updated it. Right now I'm obviously not too pleased with McAffee.
This post was edited on 5/22/16 at 10:34 pm
Posted on 5/22/16 at 10:46 pm to LSURussian
quote:
Anybody know a better way to repair such a situation? Also is there a way to prevent it?
If you don't have a recent regular backup, your system may have a recent shadow copy. There's a tool called ShadowExplorer that allows pulling files from a shadow copy. I had to use this method once to recover an infected machine's files at work prior to reformatting because the user that got infected had none of her critical files on her network share.
This post was edited on 5/22/16 at 10:47 pm
Posted on 5/23/16 at 5:21 am to LSURussian
quote:
" I read articles from a couple of links and when I clicked on the third link, BAM!, the ransom ware message window opened and I was screwed.
So you followed the third link "within" a page you found doing a Google search?
Posted on 5/23/16 at 7:55 am to LSURussian
Checkout Commvault. It is a great backup option.
Posted on 5/23/16 at 8:44 am to LSURussian
quote:
So, I googled "NCAA baseball regional host site projections." I read articles from a couple of links and when I clicked on the third link, BAM!, the ransom ware message window opened and I was screwed.
most likely a crappy wordpress site with default configs
Posted on 5/23/16 at 8:45 am to BayouFann
Posted on 5/23/16 at 8:48 am to LSURussian
Task manager/end process has always worked for me.
Posted on 5/23/16 at 9:02 am to AlxTgr
I've seen that pop up box more than once. I've always just task manager-ed my way out of it. No problems here.
Posted on 5/23/16 at 10:14 am to gmrkr5
quote:
Macs can get ransomwared too
of course they can. The link you provided though is the only known instance of Mac ransomware. Less than 8,000 Macs were affected total. Symantec found in 2012 that one hacker group was infecting 5,700 PCs per day.
quote:
In 2012, Symantec gained access to a command-and-control server used by the CryptoDefense malware and got a glimpse of the hackers’ haul based on transactions for two Bitcoin addresses the attackers used to receive ransoms. Out of 5,700 computers infected with the malware in a single day
LINK
I've found some more info. Cryptolocker, the most widely encountered ransomware was infecting 50,000 PCs a month most months and peaked at 150,000 infections in October 2013.
LINK
This post was edited on 5/24/16 at 10:51 am
Posted on 5/23/16 at 10:20 am to FalseProphet
Just because you hit a website that flags your machine as being "infected" does not mean the ransomware was installed.
I just recently had a user land on an infected page while researching brownie recipes of all things
Disconnect the machine from the network
task manager or hard shutdown to end the process
Start up in safe mode and run Av scan
The scan in the case I am speaking about came up clean
We use Applocker on all of our computers and have had 0 infections since implementation.
I cannot stress how amazing Applocker has been for our organization. Highly recommend
Microsoft AppLocker
I just recently had a user land on an infected page while researching brownie recipes of all things
Disconnect the machine from the network
task manager or hard shutdown to end the process
Start up in safe mode and run Av scan
The scan in the case I am speaking about came up clean
We use Applocker on all of our computers and have had 0 infections since implementation.
I cannot stress how amazing Applocker has been for our organization. Highly recommend
Microsoft AppLocker
This post was edited on 5/23/16 at 10:23 am
Posted on 5/23/16 at 10:26 am to colorchangintiger
quote:
of course they can. The link you provided though is the only known instance of Mac ransomware. Less than 8,000 Macs were affected total. Symantec found in 2012 that one hacker group was infecting 5,700 PCs per day.
all i did was link an article stating that Macs are in fact affected by some variants of the same things that affect windows PCs.
i didnt know certain thresholds must be met for it to be relevant
Posted on 5/23/16 at 10:27 am to Tigeralum2008
quote:
We use Applocker on all of our computers and have had 0 infections since implementation. I cannot stress how amazing Applocker has been for our organization. Highly recommend
properly implemented application white-listing is one of the biggest wins an organization can have in protecting against malicious code running within their environment
that being said, like any security platform, it can be exploited/by passed.
This post was edited on 5/23/16 at 10:29 am
Popular
Back to top
Follow TigerDroppings for LSU Football News