Ransom Ware

[Bobacuda]

Before you read this, yes, I have the ability to back my computer up and I had not done it recently enough.  And yes, I need the info on the machine.

Had an email on my computer yesterday from a "Mary Cummings" (or Cunningham, can't remember which) that had a tag line concerning an invoice and follow up I have been waiting for.  I opened the email, and WHAM!  Ransom ware on my computer, telling me all of my files are encrypted (they are) and giving me directions on how to get them decrypted and what it will cost me - in untraceable Bitcoins.  From what I have read online, its going to cost me at least $500 to get them to decrypt my files.

There are two different anti-virus programs on my computer, this damn ransom ware got right by both of them.  Apparently, it does not register as a virus.

Hopefully my misfortune will help someone else avoid this.

 

[casper50]

https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=ransomware removal

[Don Coatney]

Have you done a system restore? Open your computer in safe mode and restore the operating system to a date prior to catching the bug.

[Los_Control]

Look for malware bytes, just try the free version. It will download to your Download folder, double click on it and accept terms as it installs and then will update itself, then let it run a full scan.

This is one of the best programs for windows operating system that I have found.

I just run the anti virus that comes with windows, it actually runs pretty good and is updated often, or as needed.

Then when needed, I break out malware bytes like a tool, run it and then put it away when finished.

Along with ccleaner, you can keep your system clean and running snappy. Or Like my personal computer, I just run linux and not mess with malware.

[Eneto-55]

I have not had to deal with this type of malware, but heard about it from another tech friend, and he said that there is no way around it, that you either wipe the system & start over, or pay the ransom.  (I suspect that it blocks you from running a Restore Point, but like I said, I have not dealt with it myself.)  One of the best things you can do is to use a non-administrator account, especially anytime you are connected to the internet.  I have been doing this for 5 years or so, and have not gotten any infections on my system, even though I don't run any anti-virus software, either.  But you do have to be very careful about OKing any process that wants to run - If you're not sure that you personally implemented it, then don't enter the Admin password to allow it to continue.  

I have gotten a LOT of those emails with attachments, claiming to be invoices, etc., but I only ever view the email in Print Preview (I don't actually open the message), and so I also don't open the attachment.  I frankly don't know what would happen if I did - maybe my security approach would protect me, but I don't want to take a chance.  (By looking at the message in Print Preview, you can also see a bit more information about the sender, etc.)

[JBNeal]

There are different levels of ransomware out there:  some are easily defeated, others can detect removal efforts and increase the ransom.  Rarely do these malware pkgs have a domestic source... 

[Bobacuda]

The SOB's wanted 3.5 bitcoin (about $2,645) to release my files.  I finally went for professional help.  They used a multitude of programs to root the ransom ware out of my computer, but all of my Excel, Word and Power Point files were permanently encrypted.  The vast majority of my photos were encrypted, as well.  Once the pros were finished, they told me that restoring to a previous time would not help and that it might remove the programs used to oust the Osiris ransomware. 

Once all of the work was done, I ran "DiscDigger" for file recovery and was able to get a few photos back, and I confirmed the Osiris ransom ware encrypts every file, including the ones you cannot see, that it can find. 

So, I am rebuilding my lost business files and will be backing stuff up in the future.

[Bobacuda]

Another bit of info, Osiris had imbedded itself in over 460 (or was it 640?) sectors in the register.  It had to be rooted out of all of them or it would have re-activated.  I am not a PC Nerd, so that level of "imbedding" seemed pretty damn devious to me.