How would you deal with the threat of ransomware? How would you deal with being a victim of it ?

2015-10-29T09:02:08-04:00

FBI recommends you simply pay the fee.

http://www.neowin.net/news/fbi-gives-shocking-advice-to-ransomware-victims

FBI gives shocking advice to ransomware victims

New information surfacing at the Cyber Security Summit 2015 suggests that the FBI is totally useless when it comes to ransomware. Their advice to ransomware victims is quite surprising.

Response by SGT Private RallyPoint Member made Oct 29 at 2015 9:09 AM

2015-10-29T09:09:16-04:00

I'm going to say use linux or BSD, do more backups, and simply wipe the hard drive. However, I haven't seen any stats stating how often this happens on Win, Mac, linux, or BSD.

Response by Cpl Private RallyPoint Member made Oct 29 at 2015 9:20 AM

2015-10-29T09:20:58-04:00

I've been a victim of it. First thing is not to panic. The malware gave a "deleting" files dialog followed by a "pay me" to recover the files dialog. It didn't really delete the files, it hid them. I had to boot into safe mode, remove the malware entries in the registry and unhide the files . I was back up and running in less than an hour.

Response by Sgt Aaron Kennedy, MS made Oct 29 at 2015 9:32 AM

2015-10-29T09:32:22-04:00

1) Go online and look for the code. Usually someone else has already paid it, or has the "fix."

2) Realize that you were doing something that opened yourself up to it, and correct said behavior.

3) Adjust for future.

Response by Cpl Tou Lee Yang made Oct 29 at 2015 9:56 AM

2015-10-29T09:56:52-04:00

You use a standard account. My brother-in-law received a similar message, except the ransomware stated that the FBI has lock his computer down and he needed to make a payment of $80 or so dollars to have it unlock. I turned his computer off ran the Malwarebytes and remove the program. I told him to create himself a standard account so that he won't have programs taking control of his computer.

Response by PO1 John Miller made Oct 29 at 2015 12:37 PM

2015-10-29T12:37:03-04:00

You've already gotten some great advice here, the same advice that I would give (and have done myself when my wife's computer got infected with RansomWare) so I won't spout the same thing. Just follow the advice given. I would further say that wiping your HD is only a last resort. There are so many methods and programs you can use to get rid of the RW that wiping the HD is like burning your house down because you have spiders.

Response by SGT Private RallyPoint Member made Oct 29 at 2015 3:23 PM

2015-10-29T15:23:20-04:00

Someone, though lacking tact, sent me an message with the following link provided, which states do the exact opposite of this post. Fishy, right?

http://www.ic3.gov/media/2015/150623.aspx

Internet Crime Complaint Center (IC3) | Criminals Continue to Defraud and Extort Funds from...

Data from the FBI's Internet Crime Complaint Center (IC3) shows ransomware continues to spread and is infecting devices around the globe. Recent IC3 reporting identifies CryptoWall as the most current and significant ransomware threat targeting U.S. individuals and businesses.1 CryptoWall and its variants have been used actively to target U.S. victims since April 2014. The financial impact to victims goes beyond the ransom fee itself, which is...

Response by SSG Private RallyPoint Member made Oct 29 at 2015 10:26 PM

2015-10-29T22:26:04-04:00

Most of the time, it can be trivial to reverse the malware. But there are times when the con has done it proper and has fully encrypted your filing system and recovering it is nigh impossible. At this point I would hope a proper backup has been done. If you're caught with all your sensitive and valuable data encrypted by a hacker, you messed up.
Personally I would never pay the fee. I would try everything in my power to reverse the malware or just roll back to a known good. If you can't do either one of those, then wiping is your best bet. It can be very difficult (depending on the sophistication of your attacker) to tell if they installed a kernal level root kit or something. Best to just wipe and not chance it.