No More Ransom Project Gets Bigger

[Schtask]

Ransomware attacks have increased over 300% between 2015 and 2016 as it exploded into a billion dollar industry. Luckily, Europol is taking steps to reduce the flow of money to these groups. The No More Ransom Project is a joint effort between Europol and various AV Vendors with the goal of releasing decryption software to the masses. This will give end users the ability to decrypt ransomware infections on their own without paying out hundreds of dollars in bitcoin to get their data back. Europol released a progress report today stating that since December 2016, the projects decryption library has gained 15 new decryption tools and saved over 10,000 users from paying out to evil malwarians.

 

[Quartz-1]

I wish Europol would start arresting the miscreants.

 

[Jim Kim]

I wish Europol would offer free mandatory computer training including a 2 week course on why cold backups are your friend.

 

[CacaSapo]

I wish people would stop PAYING the ransom. No supply, no demand. The end.

 

[vegeta535]

I wish people would stop PAYING the ransom. No supply, no demand. The end.

But how are they going to get back all those baby photos that they will never look at til they about dead.

 

[arentol]

Guaranteed solution that everyone should be doing anyway:

Depending no how much data you generate, once a day/week/month/year:
Verify your data is accessible (not encrypted).
Plug in external HDD, and run an incremental backup on said data.
Disconnect external HDD as soon as completed.

If you get hit with ransomware, verify it isn't one that has a method to remain resident on a wiped system, reinstall OS, and restore data from external HDD.

Not. That. Hard.

 

[Twisted Kidney]

I wish Europol would start arresting the miscreants.

Close to 80% of this shit comes from Russia, I know we aren't allowed to say bad things about mother Russia because we were told not to and all, but it's more than a bit of a source of pride for their hacking "community". The Yurpinians can't do much about it.

 

[Deleted member 88301]

Vee must not offend Muther Russia. Our dear leader, Vladibuster Trump would not be happy. Vee must keep him happy, lest we get fired.

 

[CRaschNet]

And people wonder why I used Carbon Black Protect and Response on my home computers.

 

[Schtask]

Vee must not offend Muther Russia. Our dear leader, Vladibuster Trump would not be happy. Vee must keep him happy, lest we get fired.

Well ya know.... Ted Kennedy started our political ties with Russia when he was caught colluding with the Kremlin. Something about influencing the election to keep Reagan from being elected. The precedent was set long ago.

 

[Cyraxx]

Guaranteed solution that everyone should be doing anyway:

Depending no how much data you generate, once a day/week/month/year:
Verify your data is accessible (not encrypted).
Plug in external HDD, and run an incremental backup on said data.
Disconnect external HDD as soon as completed.

If you get hit with ransomware, verify it isn't one that has a method to remain resident on a wiped system, reinstall OS, and restore data from external HDD.

Not. That. Hard.

But... That's too much pr0n to backup! No but seriously, I would need a 10TB+ hard drive to backup all my data unless there is a backup that can compress the files by a good chunk in the backup.

 

[Deleted member 93354]

I wish Europol would start arresting the miscreants.

Easier said than done with hijacked servers using proxies and crypto currency as payment.

And oh yeah, Russia not giving a flying Fook if western countries get screwed. In fact they secretly like that idea.

 

[ZeqOBpf6]

How are they able to decrypt this stuff? Aren't we talking about high level encryption? The kind we think nobody, except for major governments can crack?

 

[relapse808]

Also create group policys that stop any kind of archive file from being extracted in appdata. I also set all exe files to not be executed if in the appdata folder or any subfolder.

 

[Deleted member 93354]

How are they able to decrypt this stuff? Aren't we talking about high level encryption? The kind we think nobody, except for major governments can crack?

They capture command and control servers.

Plus a few of these idiots are dumb enough to write it in .NET using standard encryption libs which is easily reversible as all .NET code gets written into a .il which is a pseudo language that can be decompiled.

 

[Deleted member 93354]

Also create group policys that stop any kind of archive file from being extracted in appdata. I also set all exe files to not be executed if in the appdata folder or any subfolder.

This could also cripple VALID programs for distributed apps....like net delivered WPF apps, or windows packagers apps. For a home user this isn't a problem. But I would not recommend it on a corporate network.

 

[Schtask]

This could also cripple VALID programs for distributed apps....like net delivered WPF apps, or windows packagers apps. For a home user this isn't a problem. But I would not recommend it on a corporate network.

Canary Files that replicate on file changes combined with process PID kill for open handles (BE CAREFUL and know that better solutions exist)

Nest canary files inside $ files mounted in a recursive loop...In some cases this can work wonders for delaying RW infection....depending on how it parses directories and picks a starting point. Sometimes they start randomly in a tree and move from there.

Adding VMWare and Virtual Box registry keys works on occasion. RW thinks it could be in a VM so loops sleep or self destructs. This is done to prevent analysis / reverse engineering.

Russian language packs work sometimes as well.

There are AVs that will halt or hinder a RW infection... for awhile at least.

Last ditch effort! Detonate a fork bomb on canary file change to consume all resources and slow encryption to a crawl until system crash. Evil minds....No seriously...it's fun and works but don't do this.

The very best prevention involves the end user not getting all clicky in a phishing email. Good luck with that.

 

[whateverer]

But... That's too much pr0n to backup! No but seriously, I would need a 10TB+ hard drive to backup all my data unless there is a backup that can compress the files by a good chunk in the backup.

How much of that do you really need?

I'm an old fart with a TON of data, and I still haven't topped 750GB. That's thousands of my own 10MP photos, well over a thousand downloaded and ripped videos, hundreds of thousands of downloaded pictures, a 400-album music collection, and tons of other crap.

I can't imagine you need more than 2TB of that. The rest is just crap. Unless you're the laziest fuck on earth and insist that everything be ripped, unconverted Blu-Ray, and your entire music collection be FLAC just because. Or that all those movies of your kid must be in unadulterated 4k glory

It's time to go on a spring cleaning binge. Anything not-family-related you haven't touched in three years goes into the garbage. And no, you WON'T notice the difference if you recompress those Blu-Ray rips to save more space. OR cut those family videos in quality, because you sure can tell the difference between 4k and 720p?

If the data really is important to you, you'll grow enough backbone to learn how to better manage and protect it. And that STARTS with being able to compromise on quality OR learn to throw it away. Unless you're IN THE CONTENT CREATION/MANAGEMENT BUSINESS, you don't need a whole lot of space.

 

[Quartz-1]

Some people scan every single document they receive. Letters, bank statements, tax, insurance, the lot. That'll consume space real fast, and HMRC demand records be kept for 6 years.

 

[whateverer]

Some people scan every single document they receive. Letters, bank statements, tax, insurance, the lot. That'll consume space real fast, and HMRC demand records be kept for 6 years.

Cyraxx was talking PORN here, not a fucking business. I made the distinction VERY CLEARLY above.

And fully-legible JPEG document scans are not that large. I have over two thousand full-resolution JPEG photos on my Canon G11's 8GB card, and it's JUST OVER halfway full. 2MB-average-per-photo is enough detail to capture CANVAS DETAIL on this picture of an oil painting, so I'd call that overkill for a document that just has to be LEGIBLE.

Full zoom of canvas detail is included below!


It's VIDEO or massive porn picture sets that takes up space, not your average person's captured still images, or scanned documents.

Those two thousand photos are eight years worth, so no, a prolific document scanner or picture taker won't need much storage, unless they're shooting in RAW for pay, or throwing that document into a content management system for a company.