Many are already familiar with CryptoLocker, the insidious malware which encrypts one's personal files, then demands a ransom in Bitcoins for the key password that unlocks them. Failure to do so in a timely manner results in the ransom escalating substantially, or the unlock key being destroyed. Of course, paying the ransom was no guarantee of getting the unlock key anyway. Who would you complain to if you didn't receive it?CryptoLocker snagged not only individual PC users, but corporations and even local Sheriff/Police departments forced to pay up to unlock their evidence files. Fortunately, the FBI/Interpol took down the CryptoLocker servers back in June 2014. But, sure enough, variants popped up almost immediately. And still a threat. Not surprisingly due to the estimated tens of millions of dollars the hackers gain from their ransomware.Notwithstanding, most up to date AV software detects this types of ransomware. Another argument for having a real-time security package installed since several are available for free. Along with routine backups of personal data should provide adequate protection.However, users still fall prey to this type of encryption ransomware. Many being mislead into installing the malware and allowing it to run. Among the most visible being the CoinVault ransomware.Luckily, Kaspersky just release a tool that may be able to decrypt files infected with CoinVault codenamed NoRansom. You can find it here at noransom.kaspersky.com.Commonsense can go a long way in preventing these types of malware from invading one's systems. Keeping system, browser, and AV software updated, along with a backup plan can also ensure that you're not contributing to these fraudsters bank account.

Thank you, I'm going to check that outI have few friends that I maintain..always seem to get some problem every couple of months, so far nothing this bad

my brother got hit by ransomware once. not pretty

1492 wrote:Many are already familiar with CryptoLocker, the insidious malware which encrypts one's personal files, then demands a ransom in Bitcoins for the key password that unlocks them. Failure to do so in a timely manner results in the ransom escalating substantially, or the unlock key being destroyed. Of course, paying the ransom was no guarantee of getting the unlock key anyway. Who would you complain to if you didn't receive it?CryptoLocker snagged not only individual PC users, but corporations and even local Sheriff/Police departments forced to pay up to unlock their evidence files. Fortunately, the FBI/Interpol took down the CryptoLocker servers back in June 2014. But, sure enough, variants popped up almost immediately. And still a threat. Not surprisingly due to the estimated tens of millions of dollars the hackers gain from their ransomware.Notwithstanding, most up to date AV software detects this types of ransomware. Another argument for having a real-time security package installed since several are available for free. Along with routine backups of personal data should provide adequate protection.However, users still fall prey to this type of encryption ransomware. Many being mislead into installing the malware and allowing it to run. Among the most visible being the CoinVault ransomware.Luckily, Kaspersky just release a tool that may be able to decrypt files infected with CoinVault codenamed NoRansom. You can find it here at noransom.kaspersky.com.Commonsense can go a long way in preventing these types of malware from invading one's systems. Keeping system, browser, and AV software updated, along with a backup plan can also ensure that you're not contributing to these fraudsters bank account.Excellent information, but one very important thing to remember with Backups is, for them to also not get hit by the Ransomware, it must be offline backup as most variants of the Ransomware will also hit attached network devices. If for example you have a WD My Cloud drive on your network and you setup all your computers to automatically backup across the network to it on a regular basis ie weekly, it is also vulnerable if one of your computers gets hit. A good backup plan involves two backup copies and one offline in a secure fireproof safe (or even better offsite or using a third party service like Carbonite). With personal files, if you have a disaster like Ransomware there is a saying, "Two copies = one and one copy = none".

Thanks for passing this along!One of my staff got hit with this a year or so ago. Of course the one staff person that doesn't know much about computers and oped that .zip attachment and ran it (argh!) thankfully it didn't hit the network and she just lost the files she had worked on that were not on the network drives. She learned a few valuable lessons, and I learned more about this stuff then I ever wanted to know.

I keep telling folks about firewalls and anti-mal-ware (I run multiple layers)They say "Oh that slows down my computer too much"Just like the auto safety commerical where the guy says in one shot: "Oh Seat Belts... Too confining.. Cut to a new photo of him in a full body cast and traction.Yup. I run multiple layers for a reason.(I also wear my seat belt)

Free Tool May Unlock Encrypted Ransomware Files

18 Replies

1492
Moderator
Apr 18, 2015
rwbradley wrote:

Excellent information, but one very important thing to remember with Backups is, for them to also not get hit by the Ransomware, it must be offline backup as most variants of the Ransomware will also hit attached network devices. If for example you have a WD My Cloud drive on your network and you setup all your computers to automatically backup across the network to it on a regular basis ie weekly, it is also vulnerable if one of your computers gets hit. A good backup plan involves two backup copies and one offline in a secure fireproof safe (or even better offsite or using a third party service like Carbonite).

With personal files, if you have a disaster like Ransomware there is a saying, "Two copies = one and one copy = none".

Encrypted ransomware targets specific file types on all accessible drives that have a letter assigned, including network and cloud based drives. Which potentially makes all affected personal files vulnerable.

Much of these problems with malware can be avoided if Windows Users would just do the one thing that the vast majority still do not, or know how to do. Even though, it's fairly easy to setup and takes just minutes. Create a separate User account when accessing the Net that does not have Admin privileges, and further limits drive access. Unfortunately, most still do the opposite.

Personally, I also use two separate drives for routine backups. One automated to backup personal files, photos, emails, and browser data, all of which are encrypted, to a separate encrypted backup drive twice a day. And a secondary external drive for system image backups, updated when any significant changes are made. Neither of these backup drives accessible from a User account.
OutdoorPhotogra
Explorer
Apr 18, 2015
Thanks. I'll have to check it out. I have a family member that got hit a few months ago. He was running virus protection but I'm not sure what flavor. Big issue was he was still on XP after support had run out.

I'm all Mac these days and keep a time machine backup that does not stay attached. Regular work doesn't need backing up daily and Word docs are on OneDrive (would that get encrypted with ransom ware?). I do multiple external backups immediately after a session of processing photos.

I just cloned the drive with SuperDuper and I'm going to put it in a safety deposit box to have offsite storage beyond cloud.
8ntw8tn
Explorer
Apr 17, 2015
Makes me really glad I have a firewall and virus protection installed and that I back-up manually to a physical hard drive. I'm no techie so I may still not be protected as much as I should be (what are "multiple layers"?), but so far, so good.
wa8yxm
Explorer III
Apr 17, 2015
I keep telling folks about firewalls and anti-mal-ware (I run multiple layers)

They say "Oh that slows down my computer too much"

Just like the auto safety commerical where the guy says in one shot: "Oh Seat Belts... Too confining.. Cut to a new photo of him in a full body cast and traction.

Yup. I run multiple layers for a reason.
(I also wear my seat belt)
Y-Guy
Moderator
Apr 17, 2015
Thanks for passing this along!

One of my staff got hit with this a year or so ago. Of course the one staff person that doesn't know much about computers and oped that .zip attachment and ran it (argh!) thankfully it didn't hit the network and she just lost the files she had worked on that were not on the network drives. She learned a few valuable lessons, and I learned more about this stuff then I ever wanted to know.
rwbradley
Explorer
Apr 17, 2015
1492 wrote:
Many are already familiar with CryptoLocker, the insidious malware which encrypts one's personal files, then demands a ransom in Bitcoins for the key password that unlocks them. Failure to do so in a timely manner results in the ransom escalating substantially, or the unlock key being destroyed. Of course, paying the ransom was no guarantee of getting the unlock key anyway. Who would you complain to if you didn't receive it?

CryptoLocker snagged not only individual PC users, but corporations and even local Sheriff/Police departments forced to pay up to unlock their evidence files. Fortunately, the FBI/Interpol took down the CryptoLocker servers back in June 2014. But, sure enough, variants popped up almost immediately. And still a threat. Not surprisingly due to the estimated tens of millions of dollars the hackers gain from their ransomware.

Notwithstanding, most up to date AV software detects this types of ransomware. Another argument for having a real-time security package installed since several are available for free. Along with routine backups of personal data should provide adequate protection.

However, users still fall prey to this type of encryption ransomware. Many being mislead into installing the malware and allowing it to run. Among the most visible being the CoinVault ransomware.

Luckily, Kaspersky just release a tool that may be able to decrypt files infected with CoinVault codenamed NoRansom. You can find it here at noransom.kaspersky.com.

Commonsense can go a long way in preventing these types of malware from invading one's systems. Keeping system, browser, and AV software updated, along with a backup plan can also ensure that you're not contributing to these fraudsters bank account.

Excellent information, but one very important thing to remember with Backups is, for them to also not get hit by the Ransomware, it must be offline backup as most variants of the Ransomware will also hit attached network devices. If for example you have a WD My Cloud drive on your network and you setup all your computers to automatically backup across the network to it on a regular basis ie weekly, it is also vulnerable if one of your computers gets hit. A good backup plan involves two backup copies and one offline in a secure fireproof safe (or even better offsite or using a third party service like Carbonite).

With personal files, if you have a disaster like Ransomware there is a saying, "Two copies = one and one copy = none".
pconroy328
Explorer
Apr 17, 2015
my brother got hit by ransomware once. not pretty
MrWizard
Moderator
Apr 17, 2015
Thank you, I'm going to check that out
I have few friends that I maintain..always seem to get some problem every couple of months, so far nothing this bad

Forum Discussion

Free Tool May Unlock Encrypted Ransomware Files

18 Replies

About RV Must Haves

Related Content

Ransomware Protection

Encryption software

Locked or Unlocked

Is your PC encrypted?

Ransomware... Just in case question