• The other ransonware scam

    Home » Forums » Newsletter and Homepage topics » The other ransonware scam


    ON SECURITY By Susan Bradley You can’t decrypt your way back to normal. In addition to all the other irons I have in the fire, I help moderate a group
    [See the full post at: The other ransonware scam]

    Susan Bradley Patch Lady

    5 users thanked author for this post.
    Viewing 6 reply threads
    • #2422370

      I just can’t say it enough — put a backup plan into effect.

      I couldn’t agree more.

      Always create a fresh drive image before making system changes/Windows updates; you may need to start over!
      We were all once "Average Users". We all have our own reasons for doing the things that we do to our systems, we don't need anyone's approval, and we don't all have to do the same things.

    • #2422382

      Susan, how may sets back should be available?


      Have the bad guys learned to infect and then wait awhile before springing the trap hoping that the backups have now been overwritten and there is no safe backup?

      • #2422474

        You should have a rotation of drives so that should you get nailed, you have a backup that is offline.   I would then scan that image either as you put it back or before you put it back – mount the drive and run an a/v scanner on it.

        Susan Bradley Patch Lady

        2 users thanked author for this post.
    • #2422601

      Have the bad guys learned to infect and then wait awhile

      It seems they go for immediate cash (coin) over properly encrypting everything. Most users / companies don’t have a proper backup regime in place.

      cheers, Paul

    • #2422603

      Have the bad guys learned to infect and then wait awhile before springing the trap

      Yes. Many hackers have dormant code waiting for the proper moment to act.

      According to research from the UK’s National Cyber Security Centre and reported in The New Scientist, ransomware often lays dormant on a network for weeks or even months before the cybercriminals activate it to launch their attack.


    • #2422761

      That was an extremely well written article, Susan.  Thank you.

    • #2422883

      This URL may be useful:

      Check out these free decryptors that will help you decode your data without paying the ransom.

    • #2423604

      As is my usual and frequent recommendation, use a very plain (and old) backup strategy based on a series of external hard drives and a rotation through that series.

      Exactly!  If everyone followed this advice, the bad guys would basically be forced to abandon their ransomware attacks almost entirely; since they wouldn’t be finding very many victims willing to pay those ransoms.

      Anyone whose system got hit with a successful ransomware attack would just re-image their system from their most recent offline backup (hopefully no more than a day or two old); and — except for possibly the most recent data from that day or so — the system should be back up and running just fine.

      And, in the case where an attacker has somehow stealthily compromised a system, waiting for a period of time before striking, it might mean going back to an earlier system image.  In that case, it would be a bit more complicated; but still not a show-stopper.  The hardest part would be determining at what point in time the system got compromised; so that you’d know how far back in time you’d need to go to restore the system image.  Then, once the system image is OK, you’d restore the non-executable data files from the most recent offline backup; which, again, should get you back to where you were no more than a day or two ago.

      Recovering from the “stealthy” lie-in-wait attack involves that extra step of determining when the system got infected; so that you know which date to restore the system image from.  But other than that the recovery process is pretty straightforward.  The key, as Susan makes very clear, is making and keeping those offline backups.  That’s your ransomware insurance policy.

    Viewing 6 reply threads
    Reply To: The other ransonware scam

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: