Post a reply

Image
Nov 7, 2016 6:56 PM CST
Moderator
Name: Rick Moses
Derwood, MD (Zone 7b)
Azaleas Hostas Tender Perennials Ferns Garden Photography Plant and/or Seed Trader
Forum moderator Region: United States of America Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
So I'm sitting here this afternoon working away on my computer when suddenly I lose the connections to my shared files on our network. No big deal , I thought. I have so many files open that I need to reboot anyway. Didn't help.

It turns out that Larry, somehow picked up a virus on his computer that also affects networked connections. Now, you may be thinking "not too bad, just run the virus scanner." What's worst is that he noticed the ransom note on his screen, but didn't tell me until at least an hour later. Grumbling

Yea, that won't work. He managed to pick up a really nasty one called Thor. Thor is a ransom-ware virus that encrypts all of the useful files it finds. Little things like web pages, Word documents, etc.

And now you're wondering... "how do I know it was Larry?" His is the only machine affected. Well, that and the shared network disks that he was connected to.

So far, it looks like they are asking for about $400.00 to provide the key to decrypt the files. The problem with ransom-ware is that even paying the money is no guarantee that the will send you what is needed to reclaim your data.

Preliminary assessment shows that I've lost: all our our web pages (can be recovered from live sites), all of my Word documents (including my resume!), all of my custom software that has been written over the past 20 years. In short... I'm screwed.

Yes folks, it's going to be a loooooooooooong night. Crying & Grumbling
LLK: No longer by my side, but forever in my heart.
Pal tiem shree tal ma.
Image
Nov 7, 2016 9:24 PM CST
Name: Susan
Vienna, VA (Zone 7a)
Bee Lover Region: Mid-Atlantic Hummingbirder Foliage Fan Echinacea Dragonflies
Critters Allowed Composter Cat Lover Butterflies Birds Native Plants and Wildflowers
Group hug That's terrible!
For what it's worth, googling "thor ransomware" brings up links to sites that claim to provide free instructions for removing the virus.
Image
Nov 8, 2016 8:26 AM CST
Moderator
Name: Rick Moses
Derwood, MD (Zone 7b)
Azaleas Hostas Tender Perennials Ferns Garden Photography Plant and/or Seed Trader
Forum moderator Region: United States of America Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
The one thing they all have in common is that there is currently no way to unscramble the affected files unless, of course, you pay the ransom. And even that is no guarantee that they'll deliver the needed information.

My two machines are clear. Larry's, not so much. I did a lot of tossing and turning last night trying to recall where I can pull backups from. I do have a backup that runs continuously in the background. But, depending on when the initial infection occured, that may also be in the backup data.

Happy, happy, joy, joy. Crying
LLK: No longer by my side, but forever in my heart.
Pal tiem shree tal ma.
Image
Nov 8, 2016 6:52 PM CST
Name: Sally
central Maryland (Zone 7b)
See you in the funny papers!
Overwinters Tender Plants Indoors Garden Procrastinator Charter ATP Member Hummingbirder Frogs and Toads Houseplants
Keeper of Poultry Vegetable Grower Region: Maryland Composter Native Plants and Wildflowers Organic Gardener
It's just awful.
Plant it and they will come.
Image
Nov 8, 2016 7:56 PM CST
Name: Rj
Just S of the twin cities of M (Zone 4b)
Forum moderator Million Pollinator Garden Challenge Plant Identifier Garden Ideas: Level 1
Unfortunately Rick you are not the only one, these people are scum.

http://arstechnica.com/securit...
As Yogi Berra said, “It's tough to make predictions, especially about the future.”
Image
Nov 8, 2016 8:02 PM CST
Name: Rj
Just S of the twin cities of M (Zone 4b)
Forum moderator Million Pollinator Garden Challenge Plant Identifier Garden Ideas: Level 1
Don't know how accurate this info is, from Norton:

Protect yourself from ransomware
As with other attacks, you can work to avoid ransomware. Experts advise taking these steps to avoid attacks or protect yourself after an attack:
Use reputable antivirus software and a firewall. Maintaining a strong firewall and keeping your security software up to date are critical. It’s important to use antivirus software from a reputable company because of all the fake software out there.
Back up often. If you back up files to either an external hard drive or to an online backup service, you diminish the threat, says Eisen. “If you back up your information, you should not be afraid to just turn off your computer and start over with a new install if you come under attack.” Eisen backs up his data regularly, so every six months, he simply restores his computer’s system to default and starts afresh. “I would highly recommend it,” he says.
Enable your popup blocker. Popups are a prime tactic used by the bad guys, so simply avoid even accidentally clicking on an infected popup. If a popup appears, click on the X in the right-hand corner. The buttons within a popup might have been reprogrammed by the criminals, so do not click on them.
Exercise caution. Don’t click on links inside emails, and avoid suspicious websites. If your PC does come under attack, use another computer to research details about the type of attack. But be aware that the bad guys are devious enough to create fake sites, perhaps touting their own fake antivirus software or their de-encryption program.
Disconnect from the Internet. If you receive a ransomware note, disconnect from the Internet so your personal data isn’t transmitted back to the criminals, says Eisen. He recommends simply shutting down the computer. If you have backed up your data, you can re-install software. If you don’t feel comfortable doing so or you are unable to start fresh, you may need to take your computer to a reputable repair shop, says Eisen.
Alert authorities. Ransomware is a serious form of extortion. “Local police are probably not equipped to deal with this,” explains Siciliano. “However, the local FBI would want to know about it.”
Don’t be tempted to give in and pay the ransom, warns Siciliano. “Paying them would be a mistake because they will further extort you and most likely not release your information.” Taking precautions to protect your information and maintaining vigilance are the best solutions to avoid becoming a victim in the first place.
As Yogi Berra said, “It's tough to make predictions, especially about the future.”
Image
Nov 8, 2016 8:13 PM CST
Moderator
Name: Rick Moses
Derwood, MD (Zone 7b)
Azaleas Hostas Tender Perennials Ferns Garden Photography Plant and/or Seed Trader
Forum moderator Region: United States of America Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
I have Avast running on all of our computers. But the bugger got passed it.

What really torked me off was that Larry saw the note pop up on his screen but didn't tell me anything about it for almost an hour later. By then the damage was done. His machine isn't such a loss as I have an Identical one just sitting here powered off. What sucks is that this virus scans all drive letters and it found our network data.

I have a backup running continuously in the background, but my fear is double-edged. The virus may already be in the backup set and worse, may have actually corrupted the backup set itself. Worst of all, the way it's designed, it deletes the shadow copies of changed files as it encrypts them. So, there are no 'previous versions' left.

Fortunately, (fortunately?) I had a major disk crash back in the spring and I still have those recovered drives that I can use to rebuild a lot of corrupted data.

I've been running various scanners on his machine all day to make sure it's now clean.
LLK: No longer by my side, but forever in my heart.
Pal tiem shree tal ma.
Image
Nov 14, 2016 9:18 PM CST
Name: Chantell
Middle of Virginia (Zone 7a)
You're worth it!
Charter ATP Member Million Pollinator Garden Challenge Organic Gardener Garden Photography Bee Lover Lover of wildlife (Black bear badge)
Hummingbirder Butterflies Tropicals Herbs Dog Lover Moon Gardener
Grumbling
“Little girl, why are you doing this? You can’t save all these starfish. You can’t begin to make a difference!” After a few moments thought, she bent down, picked up another starfish & hurled it as far as she could into the ocean. Then she looked up at the man and replied, “Well, I made a difference to that one!” Be the change you wish to see in the world. http://www.stillsthatspeak.com...
Image
Nov 14, 2016 9:29 PM CST
Name: Anne
Summerville, SC (Zone 8a)
Only dead fish go with the flow!
Plant and/or Seed Trader Birds Cat Lover Greenhouse Tropicals Bulbs
Seed Starter Garden Ideas: Master Level Hibiscus Hybridizer Garden Sages Butterflies
Once you get your computers cleaned buy Malwarebytes. Great program that runs in the background. Also put an internet shut off shortcut on your desktop and when you're away from computer just turn of the internet.

To do that go to control panel .. network connections and right click on whatever is providing your internet and make a short cut. Right click on the icon to disable and double click to enable.

Thumb of 2016-11-15/Xeramtheum/8bbf3a
Human beings, who are almost unique in having the ability to learn from the experience of others, are also remarkable for their apparent disinclination to do so.
Douglas Adams
Last edited by Xeramtheum Nov 14, 2016 9:30 PM Icon for preview
Image
Dec 4, 2016 7:41 AM CST
Moderator
Name: Catmint/Robin
PNW WA half hour south of Olym (Zone 8a)
Region: Pacific Northwest Region: Mid-Atlantic Region: Maryland Butterflies Bee Lover Native Plants and Wildflowers
Echinacea Azaleas Forum moderator Cottage Gardener Garden Ideas: Master Level Celebrating Gardening: 2015
I'm so sorry to read about this, Rick. Sounds awful! Sad what's the status of it now?
"One of the pleasures of being a gardener comes from the enjoyment you get looking at other people's yards”
― Thalassa Cruso
Image
Dec 4, 2016 7:57 AM CST
Moderator
Name: Rick Moses
Derwood, MD (Zone 7b)
Azaleas Hostas Tender Perennials Ferns Garden Photography Plant and/or Seed Trader
Forum moderator Region: United States of America Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Well, we're back up and running as of a couple of days ago. I wasn't able to get the original files back unless I paid the ransom, and even that isn't guaranteed and strongly discouraged.

When I got things to the point where I could do a restore from my back, that proved worthless as the backup program wouldn't restore the files, even though it said that it had the. Grumbling

So, I started piecing things together as best I could. From the looks of things, I've got most of it.

I know have 4 different virus scanners running on Larry's PC. Hopefully, it won't matter what he clicks on now. (I probably shouldn't have said that 'out loud' ! )

I haven't been able to do any invoicing since this mess started. I'm hoping I can do it today.

To complicate things, our shopping cart provider changed hands earlier this year. They switched us over to the new format on 29-Nov. What a mess! If you have a small online store, it's fine (and free for 100 items). We have close to 25,000 items. To load everything to their new site would be cost prohibitive. I've been tweaking things left and right to get it back to what we had, which was using the secure check-out only. I think I'm about there.

My biggest concern was that the old system sent an E-Mail for each new order. I run those through software I wrote that stuffs the order info into a database and re-formats the order to make it fit onto a single printed page instead of 3-4.. I won't know if I have to update the program until I get a real order. I was afraid I would have had to start from scratch, but was able to recover my source code from the aformentioned ransom-ware infection.

Now, if only I could get a job.

I had an interview this past Monday at a practice 3 miles from home. It went really well and they said they would be in touch. I sent an E-Mail Friday asking if they had made a decision. Yep, they sure did. And it wasn't me. The staff is 98% young females and I got the feeling that they didn't want an 'old guy' around. And life goes on.
LLK: No longer by my side, but forever in my heart.
Pal tiem shree tal ma.
Image
Dec 4, 2016 8:29 AM CST
Name: Sally
central Maryland (Zone 7b)
See you in the funny papers!
Overwinters Tender Plants Indoors Garden Procrastinator Charter ATP Member Hummingbirder Frogs and Toads Houseplants
Keeper of Poultry Vegetable Grower Region: Maryland Composter Native Plants and Wildflowers Organic Gardener
Sorry you got disappointed there.
Plant it and they will come.
Image
Dec 4, 2016 4:31 PM CST
Moderator
Name: Catmint/Robin
PNW WA half hour south of Olym (Zone 8a)
Region: Pacific Northwest Region: Mid-Atlantic Region: Maryland Butterflies Bee Lover Native Plants and Wildflowers
Echinacea Azaleas Forum moderator Cottage Gardener Garden Ideas: Master Level Celebrating Gardening: 2015
Sorry to hear that, Rick. Group hug

That's good that you were able to salvage things--I didn't know that was possible! I had always heard that there was nothing you could do but pay the ransom! Shrug! It's nice to hear that that's not the case!! Good thing you know a lot about computers!! Thumbs up
"One of the pleasures of being a gardener comes from the enjoyment you get looking at other people's yards”
― Thalassa Cruso
Image
Dec 4, 2016 4:40 PM CST
Moderator
Name: Rick Moses
Derwood, MD (Zone 7b)
Azaleas Hostas Tender Perennials Ferns Garden Photography Plant and/or Seed Trader
Forum moderator Region: United States of America Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
The salvage was from old disks that weren't connected to the system and by pulling stuff down from our multiple web sites. The virus uses 2-layer encryption, so without their key, decryption wasn't possible.
LLK: No longer by my side, but forever in my heart.
Pal tiem shree tal ma.
Image
Jan 13, 2017 8:00 PM CST
Name: Susan
Vienna, VA (Zone 7a)
Bee Lover Region: Mid-Atlantic Hummingbirder Foliage Fan Echinacea Dragonflies
Critters Allowed Composter Cat Lover Butterflies Birds Native Plants and Wildflowers
Rick, sorry the job didn't work out.

I can't believe I almost fell for a scam email tonight *Blush* It was supposedly from FedEx, and said they had tried to deliver a package. I clicked on the link D'Oh! but then quickly closed it when I realized it was a zip file (lucky me, it didn't open quickly!). It was only after I closed the link that I saw that the email was from a ".ru" address and that the English was off ("we were unable to deliver a package at January 12").

I turned off the Internet while I ran a quick scan, now I'm running a full scan. So far so good Crossing Fingers!
Image
Jan 15, 2017 2:28 PM CST
Moderator
Name: Rick Moses
Derwood, MD (Zone 7b)
Azaleas Hostas Tender Perennials Ferns Garden Photography Plant and/or Seed Trader
Forum moderator Region: United States of America Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Glad you caught it in time.

NEVER EVER open any E-Mail with a subject about gift cards or failed package delivery.
LLK: No longer by my side, but forever in my heart.
Pal tiem shree tal ma.
Image
Jan 15, 2017 7:56 PM CST
Name: Chantell
Middle of Virginia (Zone 7a)
You're worth it!
Charter ATP Member Million Pollinator Garden Challenge Organic Gardener Garden Photography Bee Lover Lover of wildlife (Black bear badge)
Hummingbirder Butterflies Tropicals Herbs Dog Lover Moon Gardener
Yup!! Sadly one of our admins did that when I worked at an attorney's office. Ended up costing quite a bit...was not a good day at the office. Sighing!
“Little girl, why are you doing this? You can’t save all these starfish. You can’t begin to make a difference!” After a few moments thought, she bent down, picked up another starfish & hurled it as far as she could into the ocean. Then she looked up at the man and replied, “Well, I made a difference to that one!” Be the change you wish to see in the world. http://www.stillsthatspeak.com...
Image
Jan 15, 2017 8:19 PM CST
Name: Susan
Vienna, VA (Zone 7a)
Bee Lover Region: Mid-Atlantic Hummingbirder Foliage Fan Echinacea Dragonflies
Critters Allowed Composter Cat Lover Butterflies Birds Native Plants and Wildflowers
These type of emails usually get sent to my junk folder automatically. I'll be more careful from now on!
Image
Jan 16, 2017 7:16 AM CST
Moderator
Name: Rick Moses
Derwood, MD (Zone 7b)
Azaleas Hostas Tender Perennials Ferns Garden Photography Plant and/or Seed Trader
Forum moderator Region: United States of America Region: Mid-Atlantic Region: Maryland Million Pollinator Garden Challenge
Ideally, you would be able to set up your own filters on incoming mail. I currently have about a dozen filters that will bounce, delete or route to junk any suspect incoming mail. Using the filters allows me to cut down my inbox from several hundred messages a day to about 80. Of course, having had the same E-Mail address for close to 20 years, it's kind of made the rounds... almost like seed catalogs!
LLK: No longer by my side, but forever in my heart.
Pal tiem shree tal ma.
Avatar for MariposaMaid
Jan 16, 2017 7:47 AM CST
Name: Judy
Mid Atlantic Coastal Plain USA (Zone 7b)
Butterflies
Okay, this may be a silly question but do any of you have an opinion on whether an 'older' system (Win Vista, Mac 10.4 or 10.6) are more or less vulnerable to viruses, 'attacks', etc? Are viruses just out there like germs waiting to be caught or is it new stuff generated to exploit new security vulnerabilities?

One of the 'pro's for say my old beater cars, I believe, is that they are much less likely to be stolen!

Any merit at all to this re: on line security?

@Sallyg, how secure are Library computers ?

Any tips for most secure on line purchases?

Only the members of the Members group may reply to this thread.
  • Started by: RickM
  • Replies: 27, views: 1,248
Member Login:

( No account? Join now! )

Today's site banner is by Visual_Botanics and is called "Nectar collectors "

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.