dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
2132
share rss forum feed


Dustyn
Premium
join:2003-02-26
Ontario, CAN
kudos:11

1 recommendation

Ransomware a growing menace, says Symantec

Click for full size
A typical ransomware message. (Credit: Symantec)

This type of scamware has jumped over the past year, both in number and variety, according to the security vendor. Ransomware is a type of malware best described as an online extortion racket. Malware locks or disables your PC in some way and then demands payment in the form of a "fine" to render your PC usable again. Like most scams, the ransomware message claims to come from a legitimate organization, such as the government or a public corporation, to try to convince victims that they did something wrong to incur the fine.
»news.cnet.com/8301-1009_3-575483···ymantec/

--
Remember that cool hidden "Graffiti Wall" here on BBR? After the name change I became the "owner", so to speak as it became: Dustyn's Wall »[Serious] RIP


jaykaykay
4 Ever Young
Premium,MVM
join:2000-04-13
USA
kudos:24
Reviews:
·Cox HSI
·Speakeasy

If I saw something like that, I would know exactly what it was and not believe it came from the government. I am pretty sure that even though they're not particularly sensible, the government message would be one never to believe!



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

1 recommendation

reply to Dustyn

This whole subject seems to be "hot" at the moment.

»Mushrooming growth of ransomware extorts $5 million a year

»New ransomware version locks your system .....
--
Don't feed trolls--it only makes them grow!

Expand your moderator at work


Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to Dustyn

Re: Ransomware a growing menace, says Symantec

They go to all that trouble, and they still don't bother to learn how to write or express English correctly? Sigh...



Juggernaut
Irreverent or irrelevant?
Premium
join:2006-09-05
Kelowna, BC
kudos:2

1 recommendation

Yea, and then they make me re-image my drive. Oh, the horrors.
--
I'm not anti-social, I just don't like stupid people.



StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2
reply to Blackbird

said by Blackbird:

...and they still don't bother to learn how to write or express English correctly?

No problem. Most won't know the difference anyway
--
Don't feed trolls--it only makes them grow!

Oedipus

join:2005-05-09
kudos:1
reply to Dustyn

The FBI/moneypak thing that has been making the rounds lately is weak pudding. God help us if real ransomware like GPCode ever breaks into the masses.


HarryH3
Premium
join:2005-02-21
kudos:3
Reviews:
·Suddenlink
reply to Dustyn

A very NON-technical friend of mine was hit with that recently. I burned a copy of the Microsoft Offline Defender disk and mailed it to him. It didn't find anything on the quick scan, but a full scan found it and killed it.



antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:4
Reviews:
·Time Warner Cable

2 recommendations

reply to Anon

said by Dustyn:

said by jaykaykay:

If I saw something like that, I would know exactly what it was and not believe it came from the government. I am pretty sure that even though they're not particularly sensible, the government message would be one never to believe!

You mean if Special Agent Mulder came to your door showing you his credentials you would choose not to believe!??

"Trust no one."
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


Gold

@myitdepartment.net

I got this yesterday. Scan with Malwarebytes took it out but still was getting attempts at outgoing, blocked by Malwarebytes, using a file called FNLKPPKOGRIM.EXE. Had to go into safe mode to manually delete it.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

said by Gold :

I got this yesterday. Scan with Malwarebytes took it out but still was getting attempts at outgoing, blocked by Malwarebytes, using a file called FNLKPPKOGRIM.EXE. Had to go into safe mode to manually delete it.

Any idea how your infection may have occurred (eg: software security hole, drive-by, downloaded software, clicked on pop-up, eMail attachment or link, etc)?
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


Thaler
Premium
join:2004-02-02
Los Angeles, CA
kudos:3

1 recommendation

reply to Dustyn

Child porn is now just a fine of $200? Holy crap, times are tough for the justice department.



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..

1 recommendation

said by Thaler:

Child porn is now just a fine of $200? Holy crap, times are tough for the justice department.

They make up for it on volume...
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville


mmainprize

join:2001-12-06
Houghton Lake, MI
reply to Dustyn

How do they get the money and why can't the money trail be tracked to the crooks.
I mean when you have hundreds of people sending hundreds of dollars to some account there must be a trail when the crook coming in to cash out.



Postal
First pull up, then pull down.
Premium
join:2000-08-30
Simi Valley, CA
reply to Dustyn

I got the FBI/Moneypak virus yesterday. Not sure how it happened.

I was on my system early in the morning before work checking the weather on weather.com and checking gmail. Didn't click on any odd links in any emails. Left the computer on, turned the monitor off and went to work.

When I got home around 5 pm I turned the monitor on and had the FBI/Moneypak lock-out screen. Booted into safe mode with networking, did some googling to find out what it was (I hadn't heard of this before), downloaded one of the removal tools and let it do it's thing.

Now, how the hell did it get on my system? Modem/router is a Motorola SBG6580 (TWC) with the firewall on. Windows firewall is on, and I also have Kaspersky Internet Security 2010 with both the firewall and anti-virus active and up to date.

So, what more am I supposed to do to do keep it from happening again? How did it get passed the security I'm currently using?
--
Next time you wave at me, use ALL your fingers.



ZiPZaP

@belgacom.be

Keep your security tool update would be a good move. Kaspersky IS is at version 2013. You are three years behind. If you have a valid license you should be able to upgrade, free of charge, to the latest version.



SueS
Premium
join:2007-05-16
Macon, MO
kudos:2
reply to HarryH3

said by HarryH3:

A very NON-technical friend of mine was hit with that recently. I burned a copy of the Microsoft Offline Defender disk and mailed it to him. It didn't find anything on the quick scan, but a full scan found it and killed it.

Where does one get the Microsoft Offline Defender? Is it a good idea for everyone to make a copy of this?


StuartMW
Who Is John Galt?
Premium
join:2000-08-06
Galt's Gulch
kudos:2

said by SueS:

Where does one get the Microsoft Offline Defender?

»windows.microsoft.com/en-US/wind···-offline

Warning: If your computer cannot run Windows 8 (i.e. old CPU) getting WDO from the above link won't work for you. WDO used to be based on Win7 but with the last update they built it on Win8. If you get a Win8 blue screen trying to boot off a WDO USB/CD/DVD you're SOL unless you want to go make your own Win7 version.

»Microsoft Security Essentials (MSE) 4.1.0522.0 released

(Yes the thread is long but it'll tell you everything you need to know)

BTW I run WDO on multiple PC's on patch Tues. Did so yesterday.
--
Don't feed trolls--it only makes them grow!

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to Postal

said by Postal:

I got the FBI/Moneypak virus yesterday.. how the hell did it happen?

your computer probably was infected with malware as a result of your having "java" installed and its not being up-to-date..

what more am I supposed to do to do keep it from happening again?

you could uninstall "java"..

i would also recommend that you use "firefox" with the "noscript" addon..

redwolfe_98
Premium
join:2001-06-11
kudos:1
Reviews:
·Time Warner Cable
reply to Dustyn

here is a related article, "New Java Attack Introduced into Cool Exploit Kit":

»threatpost.com/en_us/blogs/new-j···t-111212

"'Cool Exploit Kit' is largely responsible for dropping the Reveton ransomware"



Blackbird
Built for Speed
Premium
join:2005-01-14
Fort Wayne, IN
kudos:3
Reviews:
·Frontier Communi..
reply to mmainprize

said by mmainprize:

How do they get the money and why can't the money trail be tracked to the crooks. ...

Electronic money sent to an overseas endpoint to a faked recipient or temporary account. Wire somebody a payment to Western Union or use countless other mediums of payment. The recipient identifies himself using fake ID (if any) or in the case of an account, taps out the pre-existing account (set up with false ID, if any) and simply evaporates into the countryside... or down the Intertubes. In many parts of the world, there's no way to trace who received what or where they went after such transactions.
--
“The American Republic will endure until the day Congress discovers that it can bribe the public with the public's money.” A. de Tocqueville

ez2cy

join:2008-03-05
reply to Dustyn

Ok...don't get any of this.

Can someone tell me (like talking to a 4 year old).

How do you get rid of this and how do you stop it.

I'm guessin I got it from updating Java. Do I need Java? No idea why it's on my computer.

thanks in advance



siljaline
I'm lovin' that double wide
Premium
join:2002-10-12
Montreal, QC
kudos:17
Reviews:
·Bell Sympatico

2 recommendations

reply to Dustyn

Ransomware Part III: another drop of the Irish

Ransom malware gangs making huge profits, Symantec discovers

Inside the Ransomware Business: How to Make Nearly $400,000 in a Month

Ransomware crooks make millions from porn-shaming scams



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3
reply to ez2cy

said by ez2cy:

Ok...don't get any of this.

Can someone tell me (like talking to a 4 year old).

How do you get rid of this and how do you stop it.

I'm guessin I got it from updating Java. Do I need Java? No idea why it's on my computer.

thanks in advance

No, you didn't get it from UPdating Java, that's a good thing (usually). However, many people (myself included) keep Java disabled (or uninstalled completely). Most everything works fine without it.

You get ransomware in the usual ways: clicking on links in spam email, driveby downloads, downloading/installing sketchy programs from unknown sites. The usual.

Symantec is one place that has a tool on their site to fix it.

Here's a short little video that explains it simply:

»www.symantec.com/tv/products/det···85164001
--
The Alien in the White House

19,994 DEADLY TERROR ATTACKS SINCE 9/11


Thaler
Premium
join:2004-02-02
Los Angeles, CA
kudos:3

GFDit higher educational software. So many math modeling resources use Java apps.



La Luna
RIP Lisa
Premium
join:2001-07-12
Warwick, NY
kudos:3

said by Thaler:

GFDit higher educational software. So many math modeling resources use Java apps.

That's why I said "most everything", not just everything.


Thaler
Premium
join:2004-02-02
Los Angeles, CA
kudos:3

Yup. I'm just cursing that I'm in the exception boat of needing Java.