Hacked By Ransomware
Nov 20, 2013, 8:12 pm
#1
Original Poster
Join Date: Apr 2006
Location: New York City/NY22
Programs: AA Platinum 2.3MM (Lifetime PLT)
Posts: 5,285
Hacked By Ransomware
My primary laptop was just hacked by ransomware. I am no sure if this is the kind I heard about recently on CNBC. I don't know if it has encrypted my files or is just blocking my computer.
The are demading $300 by MoneyPak or MoneyGram within 48 hours.
Any helpful advice will be appeciated. Please do not tel me I should have a Mac. That's not very hepful.
Note: I have and use regularly McAfee, Malwareytes (the free version) and SuperAntiSpyware (also the free version).
The are demading $300 by MoneyPak or MoneyGram within 48 hours.
Any helpful advice will be appeciated. Please do not tel me I should have a Mac. That's not very hepful.
Note: I have and use regularly McAfee, Malwareytes (the free version) and SuperAntiSpyware (also the free version).
Last edited by Landing Gear; Nov 21, 2013 at 3:57 pm Reason: Corrected 30 to 300
Nov 20, 2013, 8:46 pm
#3
Original Poster
Join Date: Apr 2006
Location: New York City/NY22
Programs: AA Platinum 2.3MM (Lifetime PLT)
Posts: 5,285
Nov 20, 2013, 8:53 pm
#4
FlyerTalk Evangelist
Join Date: Apr 2001
Location: Denver, CO
Programs: UA Silver, Bonvoy Gold, Hyatt Discoverist
Posts: 21,537
Nov 20, 2013, 9:04 pm
#5
Join Date: Aug 2006
Location: San Jose CA
Posts: 1,100
I have a friend whose father was similarly attacked. In his case, the files were not actually encrypted and my friend was able to get around the problem. As I recall, this involved booting the PC in Safe Mode and manually removing the offending virus after many tedious hours. If you don't have technical chops, I wouldn't attempt the removal on your own.
In the worst scenario, your files may actually be encrypted, which I hope is not the case. As I understand it, you actually will get access to your files if you pay the ransom, but not for long.
What interests me is that these attacks are on the rise and extortion like this would clearly seem to be a felony, but I guess most prosecuting attorneys are uninterested in complex property crimes.
In the worst scenario, your files may actually be encrypted, which I hope is not the case. As I understand it, you actually will get access to your files if you pay the ransom, but not for long.
What interests me is that these attacks are on the rise and extortion like this would clearly seem to be a felony, but I guess most prosecuting attorneys are uninterested in complex property crimes.
Last edited by boberonicus; Nov 20, 2013 at 9:53 pm
Nov 20, 2013, 11:46 pm
#6
Original Poster
Join Date: Apr 2006
Location: New York City/NY22
Programs: AA Platinum 2.3MM (Lifetime PLT)
Posts: 5,285
I have a friend whose father was similarly attacked. In his case, the files were not actually encrypted and my friend was able to get around the problem. As I recall, this involved booting the PC in Safe Mode and manually removing the offending virus after many tedious hours. If you don't have technical chops, I wouldn't attempt the removal on your own.
In the worst scenario, your files may actually be encrypted, which I hope is not the case. As I understand it, you actually will get access to your files if you pay the ransom, but not for long.
What interests me is that these attacks are on the rise and extortion like this would clearly seem to be a felony, but I guess most prosecuting attorneys are uninterested in complex property crimes.
In the worst scenario, your files may actually be encrypted, which I hope is not the case. As I understand it, you actually will get access to your files if you pay the ransom, but not for long.
What interests me is that these attacks are on the rise and extortion like this would clearly seem to be a felony, but I guess most prosecuting attorneys are uninterested in complex property crimes.
It seems that the files are not encrypted, only that the computer is locked.
I'm going to look into pseudoswede's suggestion.
Nov 21, 2013, 12:31 am
#7
Original Poster
Join Date: Apr 2006
Location: New York City/NY22
Programs: AA Platinum 2.3MM (Lifetime PLT)
Posts: 5,285
I did try their manual removal steps. Taking a deep breath, I opened REGEDIT but was unable to find either of the two things they referenced. Perhaps I am not doing it right.
The Level 2 McAfee guy sent me a couple of links to download some ziped files which and instructions for a BAT file. This should turn into a "deep scan" of the hard drive that you are supposed to run from the comman line over a few hours.
Q. Is there anybody outside the tech field, under the age of 40, who would have a bloody clue how to run a program from a thumb drive onto the root directory? Fortunately, I grew up on DOS so I can at least get this rolling.
McAfee, you suck!
Nov 21, 2013, 1:22 am
#8
Join Date: Jul 2006
Location: SEA
Programs: A3*G, AC, IHG Plat AMB
Posts: 1,604
Thanks for this reference. As you can imagine, I canot run the scanner from that website since I cannot get online with the infected computer.
I did try their manual removal steps. Taking a deep breath, I opened REGEDIT but was unable to find either of the two things they referenced. Perhaps I am not doing it right.
The Level 2 McAfee guy sent me a couple of links to download some ziped files which and instructions for a BAT file. This should turn into a "deep scan" of the hard drive that you are supposed to run from the comman line over a few hours.
Q. Is there anybody outside the tech field, under the age of 40, who would have a bloody clue how to run a program from a thumb drive onto the root directory? Fortunately, I grew up on DOS so I can at least get this rolling.
McAfee, you suck!
I did try their manual removal steps. Taking a deep breath, I opened REGEDIT but was unable to find either of the two things they referenced. Perhaps I am not doing it right.
The Level 2 McAfee guy sent me a couple of links to download some ziped files which and instructions for a BAT file. This should turn into a "deep scan" of the hard drive that you are supposed to run from the comman line over a few hours.
Q. Is there anybody outside the tech field, under the age of 40, who would have a bloody clue how to run a program from a thumb drive onto the root directory? Fortunately, I grew up on DOS so I can at least get this rolling.
McAfee, you suck!
I wish I could say more right now, but I'm not in a position to research this. I suspect someone else may have had success if google fails?
Nov 21, 2013, 1:25 am
#9
Join Date: Aug 2009
Location: SFO/SJC/SQL
Posts: 1,412
There is one out there that simply hides the files. Set Windows Explorer to show hidden files and folders to see if files have been "greyed out." Unhiding cannot be done in the graphical interface. A bit a command line fixes things.
Nov 21, 2013, 3:25 am
#10
Join Date: Aug 2012
Posts: 668
I don't know if it will help you, but maybe you should take your hard drive out of your laptop and use a USB external case to get access to your files using another computer.
If it worked, if you got all your files, then you would simply have to reinstall Windows and your softwares. It would be long and boring, but then you would have a computer with a "fresh" had drive and would only need to copy your files back.
If it worked, if you got all your files, then you would simply have to reinstall Windows and your softwares. It would be long and boring, but then you would have a computer with a "fresh" had drive and would only need to copy your files back.
Nov 21, 2013, 5:12 am
#11
Join Date: Sep 2012
Location: ZRH
Posts: 118
Thanks for this reference. As you can imagine, I canot run the scanner from that website since I cannot get online with the infected computer.
I did try their manual removal steps. Taking a deep breath, I opened REGEDIT but was unable to find either of the two things they referenced. Perhaps I am not doing it right.
The Level 2 McAfee guy sent me a couple of links to download some ziped files which and instructions for a BAT file. This should turn into a "deep scan" of the hard drive that you are supposed to run from the comman line over a few hours.
Q. Is there anybody outside the tech field, under the age of 40, who would have a bloody clue how to run a program from a thumb drive onto the root directory? Fortunately, I grew up on DOS so I can at least get this rolling.
McAfee, you suck!
I did try their manual removal steps. Taking a deep breath, I opened REGEDIT but was unable to find either of the two things they referenced. Perhaps I am not doing it right.
The Level 2 McAfee guy sent me a couple of links to download some ziped files which and instructions for a BAT file. This should turn into a "deep scan" of the hard drive that you are supposed to run from the comman line over a few hours.
Q. Is there anybody outside the tech field, under the age of 40, who would have a bloody clue how to run a program from a thumb drive onto the root directory? Fortunately, I grew up on DOS so I can at least get this rolling.
McAfee, you suck!
Anyway, we have had tons of such cases, depending on which version of the virus you got, you can unlock the PC with this:
Kaspersky Rescue Disk
And this is a guide on how to use the disk.
If you should have any questions, you can write me a PM if you'd like.
One important thing, after you used the windows unlocker, scan your pc for viruses with the disk. If you just boot the pc after unlocking it, the virus will lock the pc again...
Good luck!
Nov 21, 2013, 5:31 am
#12
Join Date: May 2013
Posts: 916
Oh boy...
Anyway, we have had tons of such cases, depending on which version of the virus you got, you can unlock the PC with this:
Kaspersky Rescue Disk
And this is a guide on how to use the disk.
If you should have any questions, you can write me a PM if you'd like.
One important thing, after you used the windows unlocker, scan your pc for viruses with the disk. If you just boot the pc after unlocking it, the virus will lock the pc again...
Good luck!
Anyway, we have had tons of such cases, depending on which version of the virus you got, you can unlock the PC with this:
Kaspersky Rescue Disk
And this is a guide on how to use the disk.
If you should have any questions, you can write me a PM if you'd like.
One important thing, after you used the windows unlocker, scan your pc for viruses with the disk. If you just boot the pc after unlocking it, the virus will lock the pc again...
Good luck!
Nov 21, 2013, 7:38 am
#13
Join Date: Apr 2013
Posts: 33
Recently my office server/computer was hit by the Cryptolocker ransom ware.
After hiring an IT specialist and messing around with it for 2 days, we just had to give in and pay the $300 to get the files unencrypted.
I hated to send money to the %*#!ers but, it would have exterminated months of work.
(It got through to the backup EHD as well)
Now, I backup to the EHD and then unplug it as soon as it's finished.
If you get rid of the virus that's currently on the computer, it will not decrypt your files and they'll be gone forever.
After hiring an IT specialist and messing around with it for 2 days, we just had to give in and pay the $300 to get the files unencrypted.
I hated to send money to the %*#!ers but, it would have exterminated months of work.
(It got through to the backup EHD as well)
Now, I backup to the EHD and then unplug it as soon as it's finished.
If you get rid of the virus that's currently on the computer, it will not decrypt your files and they'll be gone forever.
Nov 21, 2013, 7:59 am
#14
FlyerTalk Evangelist
Join Date: Nov 2002
Location: ORD
Posts: 14,231
Others may just display a prompt saying that files are encrypted, but not actually encrypting them, or hiding them, or something else.