Your browser is obsolete!

The page may not load correctly.

Encrypt everything

Закодировать всё

Other issues in this category (24)
  • add to favourites
    Add to Bookmarks

Encryption ransomware lessons. There is no room for haste

Read: 34808 Comments: 2 Rating: 9

Friday, June 30, 2017

Encryption ransomware makers carefully examine the reviews of security experts, as well as security standards, and continuously perfect their "creations".

For example, here is a quotation from a malware incident investigation guide:

  • Under no circumstances should a computer undergoing examination be used—it is the object of an investigation.
  • A computer shouldn't even be powered on prior to being handed over to investigators. No tasks whatsoever should be performed on a seized computer without taking the required precautions (e.g., create a backup or make sure that no files can be modified).
  • The system must not be booted up using the installed operating system.

Powering up the computer may result in the destruction of the data on its hard drive.

Pulling the plug is another appropriate step following the discovery of an infection. The reason is simple: a "smart" Trojan can detect when a computer is being powered up or shut down and make sure that its own routines are executed when those events occur.

Our office was also affected just as many others were.

When we first booted up from LiveCD, we were able to access the files, but they all turned out to be encrypted. We then ran several standard scripts to make the system bootable. The system restarted, a disk check was initiated, and after that we lost access to the disks and data.

https://geektimes.ru/post/290525

The Anti-virus Times recommends

  1. Haste is only good for catching fleas. Actions are most effective when performed calmly and methodically and after taking time out for coffee or tea.
  2. Hasty actions aimed at recovering data tend to result in lost traces of infection or even a complete loss of encrypted data.
  3. If your system gets infected, contact your anti-virus company’s technical support service, provide all the necessary information, wait for a reply, and follow their instructions.

[Twitter]

Tell us what you think

To leave a comment, you need to log in under your Doctor Web site account. If you don't have an account yet, you can create one.

Comments