Windows 10: Ransomware attacks reported on Windows machines internationally

Page 2 of 11 FirstFirst 1234 ... LastLast
  1.    12 May 2017 #11

    Like I said technically it can be easy to block, but office politics and such is always the painful part.
      My ComputerSystem Spec

  2.    13 May 2017 #12

    What are your thoughts on:

    a. a white listing program (only 'approved' programs are allowed to be run- suitable for systems such as the NHS runs day to day that always run the same programs

    b. Cryptoprevent
    CryptoPrevent Malware Prevention Foolish IT

    c. RansomFree by Cybereason
    Ransomware Protection - RansomFree by Cybereason

    (I have these last two installed)
      My ComputerSystem Spec


  3. Posts : 2,096
    Windows 10 Home x64 (Laptop), Windows 10 Pro x64 (Desktop)
       13 May 2017 #13

    dalchina said: View Post
    What are your thoughts on:

    a. a white listing program (only 'approved' programs are allowed to be run- suitable for systems such as the NHS runs day to day that always run the same programs

    b. Cryptoprevent
    CryptoPrevent Malware Prevention Foolish IT

    c. RansomFree by Cybereason
    Ransomware Protection - RansomFree by Cybereason

    (I have these last two installed)
    How do these programs interact with antivirus software - any problems? Ransomfree must be quite uncommon since it is not recognised by Kaspersky Application Advisor.
    Last edited by Steve C; 13 May 2017 at 02:49.
      My ComputersSystem Spec

  4.    13 May 2017 #14

    What I'd like to know is how they get files encrypted...

    Is UAC the weak link here?
    Lets say one adds a block of random bytes at certain offsets (including the header), not encryption as such, but that altered file needs to be saved in it's corrupt state - can that be done as standard user?

    Edit..
    Yep, of course... was focusing on system files... which is not the case... need some coffee to wakey, wakey
      My ComputerSystem Spec

  5.    13 May 2017 #15

    Steve C said: View Post
    How do these programs interact with antivirus software - any problems? Ransomfree must be quite uncommon since it s not recognised by Kaspersky Application Advisor.
    Hi, no issues with Avast... and I can't speak at all for their effectiveness other than what's on their site... just thought I'd give them a whirl. Cryptoprevent is updated periodically- the commercial version auto-updates. I've had that on my PC for months. The other one I came across recently.

    CryptoPrevent: Does it work? - Anti-Virus, Anti-Malware, and Privacy Software
    Another nice tool is HitmanPro.Alert with CryptoGuard. There is an entire topic devoted to it with questions any answers by an Authorized SurfRight Rep.

    * CryptoGuard prevents your files from being taken hostage
      My ComputerSystem Spec


  6. Posts : 1,829
    Windows 10 x86 14383 Insider Pro and Core 10240
       13 May 2017 #16

    This may give some idea how it works, Craig:

    From: The Rise of Locky: Dridex Crew Bets on Ransomware | Invincea
    Anatomy of a Locky Infection


    In Figure 3 below, we show the event timeline from Invincea’s Threat Management console for an attempted Locky infection. In this example, a Microsoft Word document attached to an email with a file name beginning with “invoice” was opened by a user protected by Invincea.

    The weaponized Word document – likely using malicious macro scripts – launched a program to drop and run Locky ransomware. Next, back-up versions of the OS were deleted, and the data was encrypted. Finally, the ransomware instructions were presented to the user and the original Trojan was deleted from the machine to defeat forensic analysis. Of course, none of these actions actually damaged the user’s computer or data because Invincea’s spear-phishing protection was in place.
      My ComputersSystem Spec

  7.    13 May 2017 #17

    Fafhrd said: View Post
    This may give some idea how it works, Craig:

    From: The Rise of Locky: Dridex Crew Bets on Ransomware | Invincea
    Anatomy of a Locky Infection


    In Figure 3 below, we show the event timeline from Invincea’s Threat Management console for an attempted Locky infection. In this example, a Microsoft Word document attached to an email with a file name beginning with “invoice” was opened by a user protected by Invincea.

    The weaponized Word document – likely using malicious macro scripts – launched a program to drop and run Locky ransomware. Next, back-up versions of the OS were deleted, and the data was encrypted. Finally, the ransomware instructions were presented to the user and the original Trojan was deleted from the machine to defeat forensic analysis. Of course, none of these actions actually damaged the user’s computer or data because Invincea’s spear-phishing protection was in place.
    Thanx Faf

    This thing is becoming a real concern.. we need to get to the bottom of it.
      My ComputerSystem Spec

  8.    13 May 2017 #18

    Hi there

    @Superfly and @Fafhrd

    Scrambled ASCII text based stuff doesn't need anything like Word Macros etc etc.

    The usual way is to scan / check email attachments -- but that is no good against a LOW TECH attack that doesn't use attachments, macros or anything else in Ms Office or equivalent.

    You can very easily code a binary file into a bog standard ASCII TEXT message so the email server won't recognize say an illegal inbound .exe file or Ms word macros etc.

    Now on the workstation the email message does it's nasty business -- it's really a program - and won't be detected by any Virus scanning stuff and there you are --it's only a matter of time before the backend database is corrupted to such an extent it becomes inoperable without a restore etc.

    Old XMODEM / YMODEM / ZMODEM protocols for example. Since ASCII compresses down very much a trick was to convert the file to ascii and compress it before transmission -- this made for shorter transmission times -- very important back in the days where BAUD rates were still being used -- 2400 BAUD (old Hayes Modem) was regarded as a state of the art bit of kit !!!!!.

    It's almost impossible these days to ban emails in a workplace and confidential emails are often transmitted in scrambled form as people don't want this in plain text all over the Internet.

    Unfortunately there is always a fundamental weakness in CLIENT / SERVER systems -- it doesn't matter HOW SECURE the server is because an authorised user will always be allowed to update the real data base from some sort of front end terminal. Most countries have fairly stringent "Data Protection Acts" so if confidential data is being updated on to the backend it's almost impossible to verify the "compliance" of the data without breaking the various laws governing the storage of confidential data.

    In large organisations where you could have serveral 1000's of terminals with all sorts of levels of staff it is virtually impossible to ensure these machines won't get hacked.


    It's not easy solving this stuff -- but a better solution is to use distributed systems rather than central Client / Server systems --in fact even the "Dreaded Cloud" would be more effective.

    It will require expense and initiative to bind this all together so people can get data from various sources to get a complete record -- that's where I believe the guys who want to make money in I.T will be involved in next -- not a trivial problem at all.

    Cheers
    jimbo
      My ComputerSystem Spec


  9. Posts : 6,027
    Windows 10 Pro x64
       13 May 2017 #19

    The thing with this hack is looks like it's being spread by the NSA's eternal blue hack which doesn't require a user to run a compromised file on their system, it just hits systems that haven't had the MSFT patch against it that was released a few months back.
      My ComputersSystem Spec


  10. Posts : 1,829
    Windows 10 x86 14383 Insider Pro and Core 10240
       13 May 2017 #20

    It all depends on what your email client opens the ascii file with.

    Notepad would just try to send it to the screen and fail to show the binary characters properly.

    If it's your browser, or an email client like outlook, then anything may happen.
      My ComputersSystem Spec


 
Page 2 of 11 FirstFirst 1234 ... LastLast

Related Threads
Read more: Today's leading causes of DDoS attacks | ZDNet
Source: Windows 10: protection, detection, and response against recent Depriz malware attacks Microsoft Malware Protection Center
Multi-Vector DDoS Attacks Are Becoming the Norm 47% of all multi-vector DDoS attacks were launched in Q4 '15 72430 Read more: http://news.softpedia.com/news/multi-vector-ddos-attacks-are-becoming-the-norm-502416.shtml
Our Sites
Site Links
About Us
Windows 10 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 10" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 22:46.
Find Us