Ramblings of an old Doc
Published on April 23, 2016 By DrJBHL In Personal Computing

 

The Windows Club has published a pretty extensive list of tools to help you if you get zapped. First of all, it’ll probably be Petya or Locky as they’re the most common ones encountered currently. First you have to identify the malware. You upload the ransom note or a file which has been encrypted by the malware (and hope it identifies the malware) here: https://id-ransomware.malwarehunterteam.com/index.php

There’s a great list of the tools here: http://www.thewindowsclub.com/list-ransomware-decryptor-tools and each tool is specific to the malware identified, so…step one is very important.

There are also several intrusion detection tools, but according to the Windows Club, WinPatrol is free and probably the best. You can read about it at the linked url.

There are also free anti-Ransomware tools. I've written about one, but there are several, and you can read about (and get links to them) here: http://www.thewindowsclub.com/free-anti-ransomware-tools 

Probably another article to read to help you get organized about what you should do if you get attacked is located here: http://www.thewindowsclub.com/what-to-do-after-ransomware-attack

The most important thing to is have recent backups, so don't be lazy: Make one now. The only backup you'll ever regret making is the one you didn't make.

Hope this helps in case you get hit. I’ve bookmarked the links above…and you might consider doing the same.

Have a great weekend!

Sources:

http://www.thewindowsclub.com/list-ransomware-decryptor-tools 

https://www.winpatrol.com/ 

http://www.thewindowsclub.com/free-anti-ransomware-tools

 

 

 

 


Comments (Page 2)
3 Pages1 2 3 
on Apr 29, 2016

Just ran CCleaner registry again and Locky was back along with another obsolete reg key, 4T54zly5. I don't know if it has anything to do with Locky though. Did a quick search in the registry but didn't find any more. Would help if I knew where else to look. HKEY_CURRENT USER_SOFTWARE and...

on Apr 29, 2016

Did you see that alphanumeric key in the same section as the Locky key?  If so, it's likely a companion key, especially if it's empty.  I ran my searches on the entire registry.  It's looking like if all we have is the reg keys, we're OK.  Risk of ransomware attack would seem to be low if good AV is running.

on Apr 29, 2016

Has either of you looked up the topic in the anti-ransomware forums of each program?

 

on Apr 29, 2016

Yes.

Nothing in the way of this detail on the Avast forums, though ransomware in general discussed.

This BD-related thread mentions the Locky reg key and suggests it prevents Locky infection.

Still not clear what's going on, but based on the email hits Avast is blocking, Locky is getting around.

Edit:  Indeed, just launched Outlook again & Avast blocked another email with Locky.

on Apr 29, 2016

It's a gmail-hosted address that is bearing the Locky traffic.  May have to get them involved.

on Apr 29, 2016

According to post #13 Minimalist suggested not removing the reg keys. I ran CCleaner again but found nothing.

on Apr 29, 2016

My tech guy suspected that, too, at first but he would have expected the antiransomware to lock down permissions for those keys as a way to block access to them & it didn't.  I'm inclined to leave the keys alone if/when they show up again, but the guys making this stuff keep massaging it to avoid AV detection so who knows?

on Apr 30, 2016

What's ransomewhare.

on Apr 30, 2016

admiralWillyWilber

What's ransomewhare.

http://lmgtfy.com/?q=Ransomware

 

on Apr 30, 2016

Some ransomeware lock up the internet if they do just clear your history and exit out of the internet. This seems to work.

on Apr 30, 2016

admiralWillyWilber

Some ransomeware lock up the internet if they do just clear your history and exit out of the internet. This seems to work.

That one was just a little bit outside.

on May 02, 2016

admiralWillyWilber

Some ransomeware lock up the internet if they do just clear your history and exit out of the internet. This seems to work.

\

I did not know this.  The one time I thought I was getting ransomeware I immediately cut the power to my PC.  all was fine afterward.

on May 02, 2016

Folks. Seriously.

Ransomware does THIS:

It installs on your computer while being disguised as another type of file.

There are two stages to the infection but let's forget about that for a minute. It encrypts your data files. It demands ransom for the encryption key. The ransom is in bitcoin paid to some web address. If it is not paid within 24-48 hrs., it doubles.

If you decide not to pay, and if it's of a type which cannot be identified and solved with various software/websites, you can throw that hard drive away, and buy a new one. If you have no recent backup? Adios to all that data, OS, etc.

It does nothing with your internet connection since they want the ransom and the only way you can pay is over the internet. 

It has nothing to do with the power to your computer for the same reason.

on May 02, 2016

Well i don't download anything i don't know. My computer automatically updates so there's no issue there. So all they can do is freese my internet. Anyways what is that called.

on May 02, 2016

Willy -

The free antiransomware tools are "money well spent" and can only protect you.

3 Pages1 2 3