Mid Atlantic Gardening forum: And now, a different kind of virus...

Page 1 of 2 • 1 2
Views: 992, Replies: 27 » Jump to the end
Name: Rick Moses
Derwood, MD (Zone 7b)
Hostas Ferns Garden Photography Plant and/or Seed Trader Forum moderator Region: United States of America
Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Image
RickM
Nov 7, 2016 6:56 PM CST

Moderator

So I'm sitting here this afternoon working away on my computer when suddenly I lose the connections to my shared files on our network. No big deal , I thought. I have so many files open that I need to reboot anyway. Didn't help.

It turns out that Larry, somehow picked up a virus on his computer that also affects networked connections. Now, you may be thinking "not too bad, just run the virus scanner." What's worst is that he noticed the ransom note on his screen, but didn't tell me until at least an hour later. Grumbling

Yea, that won't work. He managed to pick up a really nasty one called Thor. Thor is a ransom-ware virus that encrypts all of the useful files it finds. Little things like web pages, Word documents, etc.

And now you're wondering... "how do I know it was Larry?" His is the only machine affected. Well, that and the shared network disks that he was connected to.

So far, it looks like they are asking for about $400.00 to provide the key to decrypt the files. The problem with ransom-ware is that even paying the money is no guarantee that the will send you what is needed to reclaim your data.

Preliminary assessment shows that I've lost: all our our web pages (can be recovered from live sites), all of my Word documents (including my resume!), all of my custom software that has been written over the past 20 years. In short... I'm screwed.

Yes folks, it's going to be a loooooooooooong night. Crying & Grumbling
Name: Susan
Vienna, VA (Zone 7a)
Birds Echinacea Composter Foliage Fan Hummingbirder Bee Lover
Butterflies Region: Mid-Atlantic Critters Allowed Cat Lover Native Plants and Wildflowers Dragonflies
Image
Muddy1
Nov 7, 2016 9:24 PM CST
Group hug That's terrible!
For what it's worth, googling "thor ransomware" brings up links to sites that claim to provide free instructions for removing the virus.
Name: Rick Moses
Derwood, MD (Zone 7b)
Hostas Ferns Garden Photography Plant and/or Seed Trader Forum moderator Region: United States of America
Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Image
RickM
Nov 8, 2016 8:26 AM CST

Moderator


The one thing they all have in common is that there is currently no way to unscramble the affected files unless, of course, you pay the ransom. And even that is no guarantee that they'll deliver the needed information.

My two machines are clear. Larry's, not so much. I did a lot of tossing and turning last night trying to recall where I can pull backups from. I do have a backup that runs continuously in the background. But, depending on when the initial infection occured, that may also be in the backup data.

Happy, happy, joy, joy. Crying
Name: Sally
central Maryland
Seriously addicted to kettle chips.
Charter ATP Member Native Plants and Wildflowers Region: Mid-Atlantic Composter Region: Maryland Birds
Cat Lover Dog Lover Region: United States of America
Image
sallyg
Nov 8, 2016 6:52 PM CST
It's just awful.
..come into the peace of wild things..-Wendell Berry
Life is a buffet (anon)
Name: Rj
Just S of the twin cities of M (Zone 4b)
Garden Ideas: Level 1 Plant Identifier Million Pollinator Garden Challenge
Image
crawgarden
Nov 8, 2016 7:56 PM CST
Unfortunately Rick you are not the only one, these people are scum.

http://arstechnica.com/securit...
Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed.
Name: Rj
Just S of the twin cities of M (Zone 4b)
Garden Ideas: Level 1 Plant Identifier Million Pollinator Garden Challenge
Image
crawgarden
Nov 8, 2016 8:02 PM CST
Don't know how accurate this info is, from Norton:

Protect yourself from ransomware
As with other attacks, you can work to avoid ransomware. Experts advise taking these steps to avoid attacks or protect yourself after an attack:
Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
Back up often. If you back up files to either an external hard drive or to an online backup service, you diminish the threat, says Eisen. “If you back up your information, you should not be afraid to just turn off your computer and start over with a new install if you come under attack.” Eisen backs up his data regularly, so every six months, he simply restores his computer’s system to default and starts afresh. “I would highly recommend it,” he says.
Enable your popup blocker. Popups are a prime tactic used by the bad guys, so simply avoid even accidentally clicking on an infected popup. If a popup appears, click on the X in the right-hand corner. The buttons within a popup might have been reprogrammed by the criminals, so do not click on them.
Exercise caution. Don’t click on links inside emails, and avoid suspicious websites. If your PC does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.
Disconnect from the Internet. If you receive a ransomware note, disconnect from the Internet so your personal data isn’t transmitted back to the criminals, says Eisen. He recommends simply shutting down the computer. If you have backed up your data, you can re-install software. If you don’t feel comfortable doing so or you are unable to start fresh, you may need to take your computer to a reputable repair shop, says Eisen.
Alert authorities. Ransomware is a serious form of extortion. “Local police are probably not equipped to deal with this,” explains Siciliano. “However, the local FBI would want to know about it.”
Don’t be tempted to give in and pay the ransom, warns Siciliano. “Paying them would be a mistake because they will further extort you and most likely not release your information.” Taking precautions to protect your information and maintaining vigilance are the best solutions to avoid becoming a victim in the first place.



Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed.
Name: Rick Moses
Derwood, MD (Zone 7b)
Hostas Ferns Garden Photography Plant and/or Seed Trader Forum moderator Region: United States of America
Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Image
RickM
Nov 8, 2016 8:13 PM CST

Moderator

I have Avast running on all of our computers. But the bugger got passed it.

What really torked me off was that Larry saw the note pop up on his screen but didn't tell me anything about it for almost an hour later. By then the damage was done. His machine isn't such a loss as I have an Identical one just sitting here powered off. What sucks is that this virus scans all drive letters and it found our network data.

I have a backup running continuously in the background, but my fear is double-edged. The virus may already be in the backup set and worse, may have actually corrupted the backup set itself. Worst of all, the way it's designed, it deletes the shadow copies of changed files as it encrypts them. So, there are no 'previous versions' left.

Fortunately, (fortunately?) I had a major disk crash back in the spring and I still have those recovered drives that I can use to rebuild a lot of corrupted data.

I've been running various scanners on his machine all day to make sure it's now clean.

Name: Chantell
Middle of Virginia (Zone 7a)

Charter ATP Member Region: United States of America Region: Virginia Garden Photography Lover of wildlife (Black bear badge) Dog Lover
Bee Lover Hummingbirder Cottage Gardener Tropicals Herbs The WITWIT Badge
Image
Chantell
Nov 14, 2016 9:18 PM CST
Grumbling
What would YOU attempt if you KNEW you wouldn't fail?
http://www.stillsthatspeak.com...
Name: Anne
Summerville, SC (Zone 8a)
Only dead fish go with the flow!
Plant and/or Seed Trader Birds Cat Lover Greenhouse Tropicals Bulbs
Seed Starter Garden Ideas: Master Level Hibiscus Hybridizer Garden Sages Butterflies
Image
Xeramtheum
Nov 14, 2016 9:29 PM CST
Once you get your computers cleaned buy Malwarebytes. Great program that runs in the background. Also put an internet shut off shortcut on your desktop and when you're away from computer just turn of the internet.

To do that go to control panel .. network connections and right click on whatever is providing your internet and make a short cut. Right click on the icon to disable and double click to enable.

Thumb of 2016-11-15/Xeramtheum/8bbf3a

"The Universe speaks in many languages, but only one voice. It speaks in the language of hope; It speaks in the language of trust; It speaks in the language of strength, and the language of compassion. It is the language of the heart and the language of the soul. But always, it is the same voice. It is the voice of our ancestors, speaking through us, And the voice of our inheritors, waiting to be born. It is the small, still voice that says: We are one. No matter the blood; No matter the skin; No matter the world; No matter the star; We are one. No matter the pain; No matter the darkness; No matter the loss; No matter the fear; We are one. Here, gathered together in common cause. we agree to recognize this singular truth, and this singular rule: That we must be kind to one another, because each voice enriches us and ennobles us, and each voice lost diminishes us. We are the voice of the Universe, the soul of creation, the fire that will light the way to a better future. We are one."

G'Kar
[Last edited by Xeramtheum - Nov 14, 2016 9:30 PM (+)]
Give a thumbs up | Quote | Post #1318621 (9)
Name: Catmint/Robin
Maryland (Zone 7a)
Region: Mid-Atlantic Butterflies Forum moderator Native Plants and Wildflowers Bee Lover Echinacea
Region: Maryland Garden Photography Cottage Gardener Garden Ideas: Master Level Celebrating Gardening: 2015 The WITWIT Badge
Image
Catmint20906
Dec 4, 2016 7:41 AM CST

Moderator

I'm so sorry to read about this, Rick. Sounds awful! Sad what's the status of it now?
"One of the pleasures of being a gardener comes from the enjoyment you get looking at other people's yards”
― Thalassa Cruso
Name: Rick Moses
Derwood, MD (Zone 7b)
Hostas Ferns Garden Photography Plant and/or Seed Trader Forum moderator Region: United States of America
Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Image
RickM
Dec 4, 2016 7:57 AM CST

Moderator

Well, we're back up and running as of a couple of days ago. I wasn't able to get the original files back unless I paid the ransom, and even that isn't guaranteed and strongly discouraged.

When I got things to the point where I could do a restore from my back, that proved worthless as the backup program wouldn't restore the files, even though it said that it had the. Grumbling

So, I started piecing things together as best I could. From the looks of things, I've got most of it.

I know have 4 different virus scanners running on Larry's PC. Hopefully, it won't matter what he clicks on now. (I probably shouldn't have said that 'out loud' ! )

I haven't been able to do any invoicing since this mess started. I'm hoping I can do it today.

To complicate things, our shopping cart provider changed hands earlier this year. They switched us over to the new format on 29-Nov. What a mess! If you have a small online store, it's fine (and free for 100 items). We have close to 25,000 items. To load everything to their new site would be cost prohibitive. I've been tweaking things left and right to get it back to what we had, which was using the secure check-out only. I think I'm about there.

My biggest concern was that the old system sent an E-Mail for each new order. I run those through software I wrote that stuffs the order info into a database and re-formats the order to make it fit onto a single printed page instead of 3-4.. I won't know if I have to update the program until I get a real order. I was afraid I would have had to start from scratch, but was able to recover my source code from the aformentioned ransom-ware infection.

Now, if only I could get a job.

I had an interview this past Monday at a practice 3 miles from home. It went really well and they said they would be in touch. I sent an E-Mail Friday asking if they had made a decision. Yep, they sure did. And it wasn't me. The staff is 98% young females and I got the feeling that they didn't want an 'old guy' around. And life goes on.
Name: Sally
central Maryland
Seriously addicted to kettle chips.
Charter ATP Member Native Plants and Wildflowers Region: Mid-Atlantic Composter Region: Maryland Birds
Cat Lover Dog Lover Region: United States of America
Image
sallyg
Dec 4, 2016 8:29 AM CST
Sorry you got disappointed there.
..come into the peace of wild things..-Wendell Berry
Life is a buffet (anon)
Name: Catmint/Robin
Maryland (Zone 7a)
Region: Mid-Atlantic Butterflies Forum moderator Native Plants and Wildflowers Bee Lover Echinacea
Region: Maryland Garden Photography Cottage Gardener Garden Ideas: Master Level Celebrating Gardening: 2015 The WITWIT Badge
Image
Catmint20906
Dec 4, 2016 4:31 PM CST

Moderator

Sorry to hear that, Rick. Group hug

That's good that you were able to salvage things--I didn't know that was possible! I had always heard that there was nothing you could do but pay the ransom! Shrug! It's nice to hear that that's not the case!! Good thing you know a lot about computers!! Thumbs up
"One of the pleasures of being a gardener comes from the enjoyment you get looking at other people's yards”
― Thalassa Cruso
Name: Rick Moses
Derwood, MD (Zone 7b)
Hostas Ferns Garden Photography Plant and/or Seed Trader Forum moderator Region: United States of America
Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Image
RickM
Dec 4, 2016 4:40 PM CST

Moderator

The salvage was from old disks that weren't connected to the system and by pulling stuff down from our multiple web sites. The virus uses 2-layer encryption, so without their key, decryption wasn't possible.
Name: Susan
Vienna, VA (Zone 7a)
Birds Echinacea Composter Foliage Fan Hummingbirder Bee Lover
Butterflies Region: Mid-Atlantic Critters Allowed Cat Lover Native Plants and Wildflowers Dragonflies
Image
Muddy1
Jan 13, 2017 8:00 PM CST
Rick, sorry the job didn't work out.

I can't believe I almost fell for a scam email tonight *Blush* It was supposedly from FedEx, and said they had tried to deliver a package. I clicked on the link D'Oh! but then quickly closed it when I realized it was a zip file (lucky me, it didn't open quickly!). It was only after I closed the link that I saw that the email was from a ".ru" address and that the English was off ("we were unable to deliver a package at January 12").

I turned off the Internet while I ran a quick scan, now I'm running a full scan. So far so good Crossing Fingers!
Name: Rick Moses
Derwood, MD (Zone 7b)
Hostas Ferns Garden Photography Plant and/or Seed Trader Forum moderator Region: United States of America
Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Image
RickM
Jan 15, 2017 2:28 PM CST

Moderator


Glad you caught it in time.

NEVER EVER open any E-Mail with a subject about gift cards or failed package delivery.
Name: Chantell
Middle of Virginia (Zone 7a)

Charter ATP Member Region: United States of America Region: Virginia Garden Photography Lover of wildlife (Black bear badge) Dog Lover
Bee Lover Hummingbirder Cottage Gardener Tropicals Herbs The WITWIT Badge
Image
Chantell
Jan 15, 2017 7:56 PM CST
Yup!! Sadly one of our admins did that when I worked at an attorney's office. Ended up costing quite a bit...was not a good day at the office. Sighing!
What would YOU attempt if you KNEW you wouldn't fail?
http://www.stillsthatspeak.com...
Name: Susan
Vienna, VA (Zone 7a)
Birds Echinacea Composter Foliage Fan Hummingbirder Bee Lover
Butterflies Region: Mid-Atlantic Critters Allowed Cat Lover Native Plants and Wildflowers Dragonflies
Image
Muddy1
Jan 15, 2017 8:19 PM CST
These type of emails usually get sent to my junk folder automatically. I'll be more careful from now on!
Name: Rick Moses
Derwood, MD (Zone 7b)
Hostas Ferns Garden Photography Plant and/or Seed Trader Forum moderator Region: United States of America
Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Image
RickM
Jan 16, 2017 7:16 AM CST

Moderator

Ideally, you would be able to set up your own filters on incoming mail. I currently have about a dozen filters that will bounce, delete or route to junk any suspect incoming mail. Using the filters allows me to cut down my inbox from several hundred messages a day to about 80. Of course, having had the same E-Mail address for close to 20 years, it's kind of made the rounds... almost like seed catalogs!
Name: Judy
Mid Atlantic Coastal Plain USA (Zone 7b)
Butterflies
MariposaMaid
Jan 16, 2017 7:47 AM CST
Okay, this may be a silly question but do any of you have an opinion on whether an 'older' system (Win Vista, Mac 10.4 or 10.6) are more or less vulnerable to viruses, 'attacks', etc? Are viruses just out there like germs waiting to be caught or is it new stuff generated to exploit new security vulnerabilities?

One of the 'pro's for say my old beater cars, I believe, is that they are much less likely to be stolen!

Any merit at all to this re: on line security?

@Sallyg, how secure are Library computers ?

Any tips for most secure on line purchases?

Page 1 of 2 • 1 2

« Garden.org Homepage
« Back to the top
« Forums List
« Mid Atlantic Gardening forum
Only the members of the Members group may reply to this thread.

Member Login:

Username:

Password:

[ Join now ]

Today's site banner is by Marilyn and is called "Mixed Coleus"