iDRY Vacuum Kilns

Sponsors:

New to me hacking scheme - ouch

Started by WV Sawmiller, December 10, 2016, 08:42:02 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

WV Sawmiller

   Warning - there is a hacking scheme where the culprit gets in and encrypts your files then charges a ransom to un-encrypt it. Of course if you pay you may or not get your files reopened.

   I got hit on my laptop and it bled over to my wife's records through our home network. Mine apparently came through an e-mail posing as a FedEx shipping problem. Showed up in my Yahoo spam folder. Bad timing for me as we recently finished mapping our region and assigning Physical Addresses instead of just rural (HC-Highway Carrier/Contractor) routes. My last package the dealer had to call to confirm my location. Since I had a package lost in limbo and this address issue when I saw the e-mail it looked legit and I opened it and got infected. Lost access to all my files since my last backup which was farther back than I like to think. My wife has automatic backup for her photo business so hers is basically okay. I'll be trying to reconstruct since I scan all receipts and log all expenses and keep on my computer and not hard copies. Another hard lesson learned.

   Anyway be on the alert for these and don't fall for them.
Howard Green
WM LT35HDG25(2015) , 2011 4WD F150 Ford Lariat PU, Kawasaki 650 ATV, Stihl 440 Chainsaw, homemade logging arch (w/custom built rear log dolly), JD 750 w/4' wide Bushhog brand FEL

Dad always said "You can shear a sheep a bunch of times but you can only skin him once

Ox

If these scumbags worked as hard at doing good things the world would be fixed overnight.  There's alot of them out there...
Here's to hoping everything works out for you.
I've gotten in the habit of looking at who sent things before I open them.  I would expect fedex in the address somewhere.  But I'm just an ignoramus when it comes to computer stuff so maybe I'm way off base.
K.I.S.S. - Keep It Simple Stupid
Use it up, wear it out, make it do or do without
1989 GMC 3500 4x4 diesel dump and plow truck, 1964 Oliver 1600 Industrial with Parsons loader and backhoe, 1986 Zetor 5211, Cat's Claw sharpener, single tooth setter, homemade Linn Lumber 1900 style mill, old tools

Den Socling

My son is always warning me. If you hover over the sender an address will appear in the bottom left if I remember correctly. Never ever open if that is a bad address.

Ianab

We have had several clients hit with that scam.

Only real protection is backups. Luckily we have sold most of our clients a "cloud" backup scheme that automatically sends a backup of any modified files up to a remote data center every night, and keep a 6 month history, so it's possible to roll back to earlier versions of files.

One thing to watch is if you backup to a removable disk or network server, that's the first thing the Malware encrypts. So unplug your backup drive after doing a backup, and password protect a network backup location, and don't let your machine "remember" the password.

Also, the "from" address on an email is easily forged, so you can't rely on that.

Another problem is that MS has decided we don't need to see file extensions any more. That's the 3 letters at the end of the file name that indicates what sort of file it is. This is now hidden by default. So the scammer will call his file "Delivery Notice.pdf.exe" What you see in the screen is only "Delivery Notice.pdf" You can go into your options and turn off the "hide file extension" option so you see the full name. Then you know it's not actually a PDF, and that little voice in the back up you mind tells you not to open random .exe files.
Weekend warrior, Peterson JP test pilot, Dolmar 7900 and Stihl MS310 saws and  the usual collection of power tools :)

clearcut

Agree on having a good offsite backup.

Some of these ransomeware programs have been cracked themselves. Google "Recover from ransomware" to get suggestions. I also go to "Search Tools" and set the search to the last month or year to get the most recent results. You will likely have to run a detector like Malwarebytes to determine which program was used. Then run a decryption tool.  Good luck.

Kaspersky has some decrypters available.

     https://noransom.kaspersky.com/


Carbon sequestered upon request.

21incher

That has been going on for years and I wonder why Microsoft has done nothing to stop it. Just a preview can set off some of those viruses. I use a tablet to check my mail figuring there is very little on it to loose. :)
Hudson HFE-21 on a custom trailer, Deere 4100, Kubota BX 2360, Echo CS590 & CS310, home built wood splitter, home built log arch, a logrite cant hook and a bread machine. And a Kubota Sidekick with a Defective Subaru motor.

Ianab

To be fair Microsoft have done a lot to TRY and stop it, that's what all those annoying Windows update are about. But they are only plugging holes as they are found, and each new version of anything introduces new security flaws. Like there is no way that previewing an email should allow some random program to run on your machine, and  many of the bugs that allow this have been fixed, but they haven't all been found yet.

Also many of the bugs are outside of MS's control, and in Java, Flash and Acrobat etc which seem to be more bug ridden then Microsoft's offerings, and that's saying something.

Apple have a more secure system where it's a closed ecosystem. You are only supposed to get software via Apple, so they have better control over the machines security. But even than it's not 100% safe.
Weekend warrior, Peterson JP test pilot, Dolmar 7900 and Stihl MS310 saws and  the usual collection of power tools :)

Kbeitz

Quote from: Ianab on December 11, 2016, 03:07:34 PM
To be fair Microsoft have done a lot to TRY and stop it, that's what all those annoying Windows update are about. But they are only plugging holes as they are found, and each new version of anything introduces new security flaws. Like there is no way that previewing an email should allow some random program to run on your machine, and  many of the bugs that allow this have been fixed, but they haven't all been found yet.

Also many of the bugs are outside of MS's control, and in Java, Flash and Acrobat etc which seem to be more bug ridden then Microsoft's offerings, and that's saying something.

Apple have a more secure system where it's a closed ecosystem. You are only supposed to get software via Apple, so they have better control over the machines security. But even than it's not 100% safe.

Sounds like you might be a great person to ask this question...
How good is the new FixMeStick ?

https://www.fixmestick.com/
Collector and builder of many things.
Love machine shop work
and Wood work shop work
And now a saw mill work

luvmexfood

Did you ever get this fully resolved?
Give me a new saw chain and I can find you a rock in a heartbeat.

Ianab

QuoteSounds like you might be a great person to ask this question...
How good is the new FixMeStick ?

https://www.fixmestick.com/

Possibly...

I'm not familiar with that system, but it looks like bootable Linux USB stick with a virus scanner on it, It might work. Depends how good the actual scanner is, and what malware you have.

Problem with virus scanners is they are alway playing catch up. A new type of malware is released, then they release an update to the  scanner next week. Meanwhile you are vulnerable.

And with the crypto-locker type removing the malware isn't enough. You can clean the actual malware, but your files are locked.

I have a tendency to just NUKE and badly infested machine. I might boot if from a Linux DVD, and copy the users files to an external drive. Then format the disk or do a factory restore. Reload their software, updates and restore the data. That way you know the system is clean again. You don't know what subtle changes have been made to a system by some Malware. If you set it up clean again, and restore the data, It's usually quicker than messing around trying to get a badly broken system running.
Weekend warrior, Peterson JP test pilot, Dolmar 7900 and Stihl MS310 saws and  the usual collection of power tools :)

PineNut

I received a message from "FedEx" a couple of days ago. Sometimes when I get a message that may be valid but I am not sure, I will open it in note pad. But this message made a quick trip to the bit bucket.

Magicman

I got a call Saturday warning me that my computer was messed up and the guy with broken English was there to help me.   smiley_dizzy  I wonder which turnip truck those guys think we fell off of?   smiley_headscratch
Knothole Sawmill, LLC     '98 Wood-Mizer LT40SuperHydraulic   WM Million BF Club Member   WM Pro Sawyer Network

It's Weird being the Same Age as Old People

Never allow your "need" to make money to exceed your "desire" to provide quality service.....The Magicman

Grizzly

Quote from: Magicman on December 26, 2016, 02:10:11 PM
I got a call Saturday warning me that my computer was messed and the guy with broken English was there to help me.   smiley_dizzy  I wonder which turnip truck those guys think we fell off of?   smiley_headscratch

We try to do the world a favour when we get these calls and keep the guy on the phone as long as possible. One of my boys is pretty good at it and kept the one fellow going for close to 15 minutes. We figure that's probably 10 other folks he didn't have time to call? Anyway it's a minor little entertainment for us and as good a time waster as anything we've done.

On the thought of protecting computers and like Ianab has said; protection is always behind the game because they don't know what virus is being concocted next and they can only design the defence after the attack has begun. So learning my lesson once the hard way, I now am pretty careful about anything I open and even stay away from websites that seem to produce tag along stuff. Seems to work.
2011 - Logmaster LM-2 / Chinese wheel loader
Jonsered saws - 2149 - 111S - 90?
2000 Miners 3-31 Board Edger

Magicman

Yup, we toyed with him for quite a while.  I talked with him and "wasn't able to hear him clearly and got confused" so I passed him off to Marty who had his turn having fun and running in circles with the guy.  We kept following his instructions and never even had the computer on.  He finally hung up on us.   :D
Knothole Sawmill, LLC     '98 Wood-Mizer LT40SuperHydraulic   WM Million BF Club Member   WM Pro Sawyer Network

It's Weird being the Same Age as Old People

Never allow your "need" to make money to exceed your "desire" to provide quality service.....The Magicman

luvmexfood

Quote from: Magicman on December 26, 2016, 02:10:11 PM
I got a call Saturday warning me that my computer was messed and the guy with broken English was there to help me.   smiley_dizzy  I wonder which turnip truck those guys think we fell off of?   smiley_headscratch
I got a call Saturday morning. 6:45. Asian woman and couldn't hardly hear her. Let her know I didn't appreciate her calling that early on a Saturday and hung up.
Give me a new saw chain and I can find you a rock in a heartbeat.

John Mc

We used to play a game at work when we got one of these calls: See how many people you can pass the caller off to before he or she hangs up. We'd get together over lunch and see if we could track all the people he/she had been passed on to.

Bonus points if you passed them on to someone to whom they had already spoken. Double bonus if you did it with the caller's knowledge ("Oh, you're talking about floor cleaners for carpet? You need to talk to Lori... you already talked to her? ... She probably thought you meant the floors out in the manufacturing plant. I handle that stuff, but she handles the office. Let me switch you back up to her.")
If the only tool you have is a hammer, you tend to see every problem as a nail.   - Abraham Maslow

Den Socling

A week or so ago I walked into a room where my laptop was connected to a stereo. I heard a man talking about a virus on my computer and that I had to contact Microsoft. He said that, if I didn't, my computer would be banned or something to that effect. It warned me not to stop the message. I couldn't find a way to end it so I restarted the computer. All seems to be well but something WAS in it.  :(

easymoney

i use Facebook to keep up with friends and family. but you have to watch what you click on. you might think you are checking on some celebrity gossip and it will direct you to a nasty site a virus or worse.

Kbeitz

Quote from: Den Socling on December 28, 2016, 09:33:11 AM
A week or so ago I walked into a room where my laptop was connected to a stereo. I heard a man talking about a virus on my computer and that I had to contact Microsoft. He said that, if I didn't, my computer would be banned or something to that effect. It warned me not to stop the message. I couldn't find a way to end it so I restarted the computer. All seems to be well but something WAS in it.  :(

I had a friend that got a phone call saying that his computer was spreading a
virus and his call was made to help him. My friend refused and the caller said
that his computer was going to be locked. somehow they did lock the computer.
The only way we could fix it was a new install. The caller wanted money to fix the
problem.
Collector and builder of many things.
Love machine shop work
and Wood work shop work
And now a saw mill work

WV Sawmiller

Kbeitz,

   Does your friend know the guy who locked his computer or is he just a voice one the end of the line? If I knew who locked mine I could get it unlocked but most of these guys are unknown and want you to send the money to an untraceable account then they may or may not unlock it.
Howard Green
WM LT35HDG25(2015) , 2011 4WD F150 Ford Lariat PU, Kawasaki 650 ATV, Stihl 440 Chainsaw, homemade logging arch (w/custom built rear log dolly), JD 750 w/4' wide Bushhog brand FEL

Dad always said "You can shear a sheep a bunch of times but you can only skin him once

Kbeitz

Quote from: WV Sawmiller on December 28, 2016, 06:51:40 PM
Kbeitz,

   Does your friend know the guy who locked his computer or is he just a voice one the end of the line? If I knew who locked mine I could get it unlocked but most of these guys are unknown and want you to send the money to an untraceable account then they may or may not unlock it.

It was just a voice one the end of the line...
Collector and builder of many things.
Love machine shop work
and Wood work shop work
And now a saw mill work

Magicman

There is very little defense against Ransomware.   :-\
Knothole Sawmill, LLC     '98 Wood-Mizer LT40SuperHydraulic   WM Million BF Club Member   WM Pro Sawyer Network

It's Weird being the Same Age as Old People

Never allow your "need" to make money to exceed your "desire" to provide quality service.....The Magicman

WV Sawmiller

Quote from: Magicman on December 28, 2016, 07:29:56 PM
There is very little defense against Ransomware.   :-\

   Just another reminder to never open a file if you are not familiar with the sender and to back up your important records frequently.

   I have reconstructed my milling files as well as I can from my last backup starting with my business credit card receipts. These helped show expenses and in some cases sales as on every job I'd fill up the fuel tank at the end of the day/job so that showed the location of the nearest gas station and trigger a reminder of who I had cut for. From that I was able to reconstruct mileage expenses. In some cases I had e-mailed invoices with sawing history for the job so from them I was able to reconstruct those related sales and expenses related to that job.

   I record sawing history at the end of every job and I keep up with a running total sawed to date so it was not to hard to reconstruct using the known customer records then estimating the sawing at home till I returned to my last known running total.

   The hardest things to reconstruct were small cash expenses where I'd bought something at a flea market or such, the small sales where somebody came by and bought a couple of boards to make a couple of cutting boards or such or the mileage for a site visit that never materialized. I had diligently kept these records but lost a few between the last back up and hacking.

    No doubt some things I occasionally used will still crop up months, if not longer, from now. Things like my trail camera files, addresses, pictures, etc.
Howard Green
WM LT35HDG25(2015) , 2011 4WD F150 Ford Lariat PU, Kawasaki 650 ATV, Stihl 440 Chainsaw, homemade logging arch (w/custom built rear log dolly), JD 750 w/4' wide Bushhog brand FEL

Dad always said "You can shear a sheep a bunch of times but you can only skin him once

jdonovan

Quote from: Magicman on December 28, 2016, 07:29:56 PM
There is very little defense against Ransomware.   :-\

The ONLY defense is off-line backups.

Regualr backups are good, but if the disk you back up to is connected to your computer, or is accessible on your network as a shared drive, then it can be encrypted by the ransomware too.

You need a remote back up service like, carbonite, backblaze etc... or a USB hard drive, that you disconnect when you're not running back ups.




thecfarm

Model 6020-20hp Manual Thomas bandsaw,TC40A 4wd 40 hp New Holland tractor, 450 Norse Winch, Heatmor 400 OWB,YCC 1978-79

Thank You Sponsors!