My office was hit by this exact same kind of attack. It came in through RDP
over a nonstandard port. Started encrypting a multi-terabyte network share
before I physically pulled the plug. Luckily had a backup from 24h before.
Lesson: RDP exposed anywhere on the internet is NEVER safe. All covered
with VPN and IP restrictions now.
Sigh.
Scott
On Wednesday, July 18, 2018, lopaka polena wrote:
> I do use RDP frequently but never through default ports. Bummer there's no
> way to fix it without paying and no guarantee even if you pay. I still do
> hardcopy backups onto blu-ray discs at times because I can't afford to lose
> certain things to NAS failure or malware
>
> lopaka
>
> On Wed, Jul 18, 2018 at 5:14 PM, Thane K. Sherrington <
> th...@computerconnectionltd.com> wrote:
>
> > There are a whole bunch of free decryptors available, but not for this
> > variant. Basically, when the criminal group gets taken down, often they
> > get the key and then the AV company makes a freeware program for people.
> > Very nice of them.
> >
> > Some useful pages I've found during this mess:
> >
> > https://id-ransomware.malwarehunterteam.com/index.php
> >
> > https://heimdalsecurity.com/blog/ransomware-decryption-tools/
> >
> > T
> >
> >
> > On 18-Jul-18 6:50 PM, lopaka polena wrote:
> >
> >> https://support.kaspersky.com/viruses/utility
> >>
> >> Never tried any of these but did read an article where they tested some
> of
> >> these and were able to recover some users files
> >>
> >> lopaka
> >>
> >> On Wed, Jul 18, 2018 at 2:30 PM, Winterlight <
> winterli...@winterlight.org
> >> >
> >> wrote:
> >>
> >> )Does anyone know if the ransomware encryption encrypts the file to a
> new
> >>>
> file, then deletes the old one (giving me the possibility of deleted
> file
> recovery)? If so, what software is recommend for an Windows NTFS
> system
> (so far, Recuva and R-Studio have found squat).
>
> I am surprised it encrypted the entire drive. Everything I have read,
> or
> >>> been told it involved the user files. I have never heard of a single
> >>> instance where the victim was able to recover their files without the
> >>> key.
> >>> I have read about people who pay up but still don't get the key which
> >>> didn't surprise me. Even large companies, hospitals, and government
> >>> agencies have been unable to overcome this, and usually pay up. I bet a
> >>> lot
> >>> of IT employees loose there jobs over being so unprepared to deal with
> >>> this.
> >>>
> >>> 2)If he decides to pay the ransom and take his chances, what are legit
> >>>
> sites to purchase bitcoin (never done that before)?
>
> I have read that the ransom note often tells the victim how to go
> about
> >>> getting and transferring bit coin. Which make a lot of sense given that
> >>> bit
> >>> coin is so esoteric and most of the victims are naive about basic PC
> >>> stuff.
> >>> I have also heard of bit coin machines in places like NYC.There are
> legit
> >>> banking sites on line to do this... I would Google it. I understand
> that
> >>> I
> >>> think it is Citibank that now deals with bitcoin.
> >>>
> >>> Sorry I don't have the answers you are looking for and too bad they
> can't
> >>> put these criminals in prison for a very long time.
> >>>
> >>>
> >>
> >
> >
> >
>