Article on new ransomware attacks

B

bytebuster

New Member
Reaction score
1
Location
Sacramento, CA
From MSN:

http://bottomline.nbcnews.com/_news...omware-attacks-are-scarily-sophisticated?lite

And guess what, the ransomware that encrypts the user's files, so that not even computer techs can unlock them, is back, and this time it threatens to notify "the police" so they can decrypt "spam software and child pornography files". I wonder how long it will be until the ransomware actually puts such files on the infected PC, then when the tech tries to remove it he gets the files thrown in his face with instructions to call the police. Many techs will, and innocent lives will be ruined.
 
Wow, this is a scary one. Weve had in some with fbi childporn moneypak virus, but none of the user's files were encrypted or hidden. The ones we saw were as easy as the other rogues to remove.
 
Ugh!

//needed filler cuz my response was just "UGH"

What a pain.
So the prior ransom ware that I created the initial post about a few weeks ago, that guy busted into systems with RDP port exposed...and weak Admin or other common account name passwords.

This one here is a "drive by" from innocent random websites that get hacked into. Wonder what it exploits...old java or old flash.....
 
What if the drive were already encrypted? I wonder if that would at least protect the files from the malwares encryption.
 
So what timing..for this thread. The office manager downstairs that runs the storage place that our office is located in, she just told us her laptop got hit by this last night..she's bringing it to us during lunch hour.
 
I had a moneypak virus on the bench the other day. End User insisted they didn't view any websites to get it. I don't believe her.

What websites are sending out this right now? I use adblock so I may visit such sites only to have the infected ad get blocked.
 
These often are driveby attacks and the payload is frequently delivered by infected flash-based advertising from ad networks. The user doesn't even have to click on the ad, it only has to display (typically) on the side of the page as advertising often does. Malware authors buy cheap advertising on these ad networks, run some normal ads, then start rotating in the infected ads. The payload is delivered to the Flash cache on the customer's computer. With this method, malware authors get a cheap distribution system and wide exposure (even on pages like CNN, Disney and MSN.com).

Access is through outdated versions of Flash, Java and Adobe Reader. Keeping all those updated will help, I also run Flashblock (or Flash Control) and MalwareBytes Pro. As I understand it, Adblock (free version) just keeps the ad from displaying in it's placeholder on the page, but doesn't really keep Flash code from the ad out of your system. The paid version might...
 
Does anyone know if this effects other drives. beside the OS drive?
External drive, Thumbdrives. etc. while they are attachec.

Thanks,
 
nlinecomputers said:
What websites are sending out this right now? I use adblock so I may visit such sites only to have the infected ad get blocked.
Click to expand...

Impossible to narrow down that list. Years ago we used to say "Just stay off the porn and warez sites"....

But these days...two common methods employed by the knuckleheads spreading this stuff.

*They let bots loose that scan web servers...looking for poorly secured web servers...they then hack into those, and hack the site...putting in their drive-by code.
*As mentioned above..they utilize adverstising....they sign up with those advertising stream services which many websites and forums subscribe to. Those ad streams constantly stream a continuous feed of rotating banner ads. So they let loose with a poisoned one. Millions of different websites and forums subscribe to those ad streams...as part of their revenue. By the time their poisoned code is found...too late...millions of people already saw them and possibly got infected.
 
YeOldeStonecat said:
Impossible to narrow down that list. Years ago we used to say "Just stay off the porn and warez sites"....

But these days...two common methods employed by the knuckleheads spreading this stuff.

*They let bots loose that scan web servers...looking for poorly secured web servers...they then hack into those, and hack the site...putting in their drive-by code.
*As mentioned above..they utilize adverstising....they sign up with those advertising stream services which many websites and forums subscribe to. Those ad streams constantly stream a continuous feed of rotating banner ads. So they let loose with a poisoned one. Millions of different websites and forums subscribe to those ad streams...as part of their revenue. By the time their poisoned code is found...too late...millions of people already saw them and possibly got infected.
Click to expand...

Yep which is what it has been. Nothing has changed. I was a bit anoyned that AVG failed to block this infection. The virus is old enough that it should have been. Seems like almost all the AV programs are doing poor job at blocking flash installs.
 
A lot of the clients who bring infected machines in have been on Google Images and clicked on a thumbnail and bang! Very common when the kids are looking for pictures to accompany their school projects etc.

I've had similar attempts on Google Images but I am normally running Avast and Malwarebytes (real-time protection) so all I get is a notification that the malware or 'bad site' has been blocked.
 
Good grief the FBI Ransomware is EXPLOADING up here in our area....calls left 'n right. Easy to clean..but heck..can't make headway with our normal projects cuz keep getting these calls!
 
JustInspired said:
A lot of the clients who bring infected machines in have been on Google Images and clicked on a thumbnail and bang! Very common when the kids are looking for pictures to accompany their school projects etc.

I've had similar attempts on Google Images but I am normally running Avast and Malwarebytes (real-time protection) so all I get is a notification that the malware or 'bad site' has been blocked.
Click to expand...



same here, Google Images as I said in another post, MSE open and notify me right away.
 
pc-quebec said:
same here, Google Images as I said in another post, MSE open and notify me right away.
Click to expand...

Yeah my first stop this morning, at an auto repair garage....he had MSE on it and I was able to mostly work on this rig without being blocked. MSE kept jumping up and guaranteeing it.....manually removed the 4 files I found in the users profile/application data folder...got it done in about 30 minutes. MSE kept it from being a full infection.
 
JustInspired said:
A lot of the clients who bring infected machines in have been on Google Images and clicked on a thumbnail and bang! Very common when the kids are looking for pictures to accompany their school projects etc.

I've had similar attempts on Google Images but I am normally running Avast and Malwarebytes (real-time protection) so all I get is a notification that the malware or 'bad site' has been blocked.
Click to expand...

Funny enough that is EXACTLY what happened with my kids and their computer. Their hard drive got reformatted, and Malwarebytes went on after that :)
 
We had 4 or 5 FBI infections come in since yesterday. The comical part is the camera bit, then the user realizes they don't have a camera.
 
pceinc said:
We had 4 or 5 FBI infections come in since yesterday. The comical part is the camera bit, then the user realizes they don't have a camera.
Click to expand...

Any of them have the .zip problem?


If anyone has encountered the zipped files, what and how do you tell your customer about this?
 
Asked the tech who is cleaning the infections. He has not seen any zip files. What files are being deleted? Is it user data? If so, we would not know about this unless the customer informed us they are missing files. We did have one last week that deleted a bunch of start menu items. We have seen that before with other infections but not the FBI infection.

Had 3 more come in this morning.
 
You must log in or register to reply here.

Similar threads

Porthos
New ransomware attacks target your NAS devices, backup storage
Replies
1
Views
827
ell
E
Back
Top