Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransonware and User Modes


  • Please log in to reply
2 replies to this topic

#1 Warthog-Fan

Warthog-Fan

  • Members
  • 293 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Endicott, NY
  • Local time:12:32 AM

Posted 25 February 2016 - 08:29 PM

I have my computers set up to have an Administrator Account, and two User Accounts - one for me and one for my wife. I never use the Administrator account unless it is necessary.

 

Since it has been stated on this site that most problems with malware and viruses can be eliminated by not using an Administrator Account, I'm wondering if this also applies to the Ransomware programs that I've read about here. Does operating with a User Account provide protection (of a sort) from Ransomware getting on the computer?

 

Thanks for the info.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:32 AM

Posted 25 February 2016 - 08:37 PM

Crypto malware typically will run on non-admin accounts under the same privileges as the infected user and encrypt any files that are accessible to that user. Since crypto malware typically runs as the User, not as Administrator, you will not see a UAC prompt.

This is a quote from Lawrence Abrams (aka Grinler), the site owner of BleepingComputer.

Executables can run as the user who started it or can ask for elevated privileges to run as Administrator. CryptoLocker is happy to run as a non-admin and will thankfully only be able to encrypt those files that particular user has access to.

.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:32 AM

Posted 27 February 2016 - 05:07 AM

Ransomware will also encrypt files if you are using a non-admin account. But ransomware needs write-access to the files it encrypts, so running with a non-admin account it will not be able to encrypt files owned by another account without write-access.


Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users