What to do if your computer gets taken Ransom! And a ? for the Site Admin.

Saw this and it got me wondering about something. What happens if someone post something as a link on ATS and it causes other members to experience the issue with ransom-ware or malware? My lack of computer skills and know how about these problems is cause for consternation on my part. I have virus protection, but how does ATS protect us from these viruses? Can ATS servers monitor this? From what I can tell these type of viruses are very difficult to detect with anti-virus programs.

Can anyone ease my mind? Or do I just need to not go to links anymore? Technology does seem to have extreme downsides.


What to do if your computer is taken over by ransom-ware; a form of malware taking over the Internet.

Read more: www.businessinsider.com...

Ransom-ware is evolving and that’s bad news for just about everybody except cyber thieves.

Ransom-ware, which is a form of malware, works by either holding your entire computer hostage or by blocking access to all of your files by encrypting them. A person infected with ransom-ware is typically ordered (via a pop-up window) to pay anything from a few hundred to a few thousand dollars in order to get the key to unlock their encrypted data.

P.S. Cyber, ransomware and malware all show up here as being misspelled words. Guess the dictionary database needs updating.

Can ATS servers monitor this?

Its possible...its possible

fdisk

a reply to: soulpowertothendegree

ATS has more protection than any site I an aware of and I am a Computer Forensics Expert..

That being said, we still rely on our wonderful Members to alert us to anything suspicious and we will take whatever action is necessary to protect all our Members..

a reply to: semperfortis

Okay. I did not mean to infer that ATS was lacking.

Had it happen on my Mac and needed to delete several thousand files to get it back. Nasty.

Most "ransomware" is just rebadged vudo malware- and is most often acquired by loading websites with java or flash based ads which are hosted on centralized adservers- which are juicy targets for those who stand to profit from that sort of thing.

Having said that, any site is really a potential source for infection.

Keep the data you care about backed up... and be prepared to wipe the computer clean if you're not savvy enough to clean it yourself.

The best thing to have is a backup of your files, a copy of your OS and a copy of Derik's Boot and Nuke. If something takes over your pc, nuke it, reload your OS and download the backup files.

a reply to: soulpowertothendegree

Oh no.. I did not take it that way..



I was just reassuring everyone..

We should crowd-fund a mercenary hit-squad to locate and eliminate with prejudice any person that is connected to these kinds of things. Of course that's coming from someone who advocated launching cruise missiles against all Nigerian internet cafes to stop that scams/phishing originating there.

a reply to: jtma508

Lol, I like that idea.

I do not even have an anti-virus program on my computer and haven't had any problems in years, but I do take other steps to protect my computer.

That said, I am still amazed how naive some are about internet security. Some of those folks can't seem to understand how I can keep my PC uninfected without an anti-virus program and why despite their anti-virus program(s) they pay for, they are constantly having problems.

Dealt with many of these issues myself. Mostly the FBI cyber crime division 1 where they state a specific crime has been violated and you need to specifically pay via moneypak or else.

1) You should have 2 user accounts setup on your computer
A) The Admin account
B) Your standard user account used to do daily tasks like browsing, paying bills, etc

If the admin account is compromised, the potential damage is going to be a lot higher than if the standard account is compromised. Its not a dead sure way to keep you safe but the attack surface is minimized greatly.

2) If you DO happen to get some form of ransomware, it can typically be dealt with by RESTARTING YOUR MACHINE and clearing cookies, temp files, etc without opening your browser as thats is typically what the ransomware is blocking(

**A) boot into safe mode or safe mode with networking as this will boot only system critical files and drivers needed for core functionality. It will typically not activate services needed for ransomware to operate but thats not a guarantee

(** Windows only, not sure what MACs equivalent is or if there is one.)

3) Use another non affected machine to research your specific ranomware and go through its removal instructions on the affected machine. You're highly unlikely to be the 1st person that has run into it and someone else has likely defeated it. The instructions are typically very easy to follow and will likely succeed. May need safe mode again.

4) System restore, restore from backup , OS reinstall via CD or ntwk share will be your last resorts and hopefully you will not need to go through those steps



a reply to: soulpowertothendegree

Never click on links, either copy and paste them into your url and investigate if unsure, also google is your friend here, can search urls and see if it's legit too.

Just get into a habit of never willy nilly link clicking, since they need you to goto their site and download the malware from their server.

A constant backup as in a slave harddrive that backs up as you go is never a bad idea.

Plus, and here is the biggest thing, NEVER keep SOLE files you want to keep on your PC as storage, your PC is the worst place to store files for the long haul, if you can, use a older PC that's offline for storage and at that, understand harddrives can fail, so never rely on one backup medium, I have my family pictures backed up on 2 external harddrives and then some on DVDs. It's a lot of work, but it's also worth it for something so priceless.

Hope this helps, remember, only you can prevent forest fires....

a reply to: Lysergic

It's true, all good things begin, and occasionally end, with fdisk. Or gdisk.

originally posted by: soulpowertothendegree
Can anyone ease my mind? Or do I just need to not go to links anymore? Technology does seem to have extreme downsides.

ATS said a few years ago they were using a service to weed out malicious ads but I don't know if they still are, hopefully so. If you visit any sites that don't use such services, you don't even need to follow links, the malicious ad can infect an unprotected pc using a behind the scenes redirect using a script. Normally I block scripts for this reason, but ATS is whitelisted to allow scripts to run. I am more vulnerable on ATS than on many other sites because ATS is one of the few sites where I allow this, but so far my trust in ATS hasn't been misplaced.

I posted a few tips on how you can protect yourself here in a thread written by an ATS member who got infected by ransomware and wasn't sure how it happened.

Personally, whenever I back up my system or a customers, I use Fabs autobackup. This way, everything gets backed up, from files to settings (inc. Outlook folders, favourites, iTunes, the lot).

9/10, most malware can be gotten rid of by running several cleaners like ADWCleaner, Hitman pro etc. Hitman also lets you make an offline USB boot stick to get rid of the MET office "You have pedo porn! Pay us money or be forever locked out!" ransomware.

With things like crypto and its variants, where it encrypts your files, a backup is your only real option unless you want to pay the money. Some of them are sloppy and leave the decryption file on your PC, or firms like Kaspersky sometimes get the key files.....but you have to be very lucky.

Simple solution....do not click OK to anything you are unsure about, ignore flash player / java etc upgrade notices in your browser, do not open any attachments in emails unless you are 100% certain they are legit (if it looks like it is from your bank, check everything before opening the file).