Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware vs BitLocker (or any other encryption s/w)


  • Please log in to reply
9 replies to this topic

#1 Hektor78023

Hektor78023

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:08 PM

Posted 20 August 2015 - 11:55 AM

Novice Question, folks...

 

If I have already encrypted my data with BitLocker or some other encryption software, will that render ransomware ineffective?  Or, does it mean my already-encrypted data just gets another layer of encryption (i.e., double-encrypted)?  



BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:08 AM

Posted 20 August 2015 - 12:46 PM

Hi there,

If your data is already encrypted then a crypto ransomware would just add its own encryption over the data, making it double encrypted as you said.

#3 Hektor78023

Hektor78023
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:08 PM

Posted 20 August 2015 - 01:03 PM

Well, I guess if it ever happened, one could at least take comfort in knowing that they can't read it either!  At least they couldn't sell it.

 

Thanks!  



#4 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:38 AM

Posted 20 August 2015 - 01:03 PM

Hi,

 

whether it will encrypt the encrypted file or not is particularly depend on extension of file because crypto ransomware has specific target list of extensions or type of file which it going to encrypt.

if you have files that doesn't come in that ransomware target list then your files possible to be safe.

 

 

Tenis

 

 



#5 Hektor78023

Hektor78023
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:09:08 PM

Posted 20 August 2015 - 02:09 PM

Thanks, Tenis...if this were the case (i.e., that I had some excluded file extensions) would I be able to find them?  Is the file index usually encrypted, as well as the data that uses the target list extensions?  If so, I might have unencrypted files and not even know it.  Does this seem logical?

 

Thanks // Hektor



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:08 PM

Posted 20 August 2015 - 02:41 PM

CryptoWall does not change extensions on a file and does not leave anything behind once it has finished encrypting and removed itself...the only evidence will be the ransom notes and registry keys.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Tenis

Tenis

    Bleepin' FX


  • Malware Study Hall Senior
  • 1,207 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:07:38 AM

Posted 21 August 2015 - 01:33 AM

thanks quietman for the note :)

 

@Hektor:

When ransomware encrypt files it give you text file that list encrypted file(depend on ransomware).

Yes if there are excluded file extensions(again which depend on type of ransomware) you can find them.

 

Assume there is TeslaCrypt ransomware and if you have files lets say .cfe  then it will not encrypt those files and you can find those files by searching extension.

 

 



#8 drewdizzle232184

drewdizzle232184

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:08 PM

Posted 21 February 2016 - 02:14 AM

Hi there,

If your data is already encrypted then a crypto ransomware would just add its own encryption over the data, making it double encrypted as you said.

 

What if the bitlocker protected external drive is in a locked state when the ransomware infects the computer? Would it still be able to compromise the drive/data?


Edited by drewdizzle232184, 21 February 2016 - 03:46 AM.


#9 Captain_Chicken

Captain_Chicken

  • BC Advisor
  • 1,351 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:08 PM

Posted 21 February 2016 - 08:09 AM

Bitlocker will encrypt all connected hard drives and mapped shares. I recommend backing up to the external drive often and then disconnecting the drive when you aren't using it to reduce risk of possible infection.


Computer Collection:

Spoiler

Spoiler

Spoiler

Spoiler

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,143 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:08 PM

Posted 21 February 2016 - 09:52 AM

... I recommend backing up to the external drive often and then disconnecting the drive when you aren't using it to reduce risk of possible infection.

+1

 

Crypto malware encrypts any data file that the victim has access to since it generally runs in the context of the user that invokes the executable and does not need administrative rights. It typically will scan and encrypt whatever data files it finds on computers connected in the same network with a drive letter including removable drives, network shares, and even DropBox mappings...if there is a drive letter on your computer it will be scanned for data files and encrypt them.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users