I downloaded the new Spora Ransonware like an idiot through the ole Google Chrome text pop up. I went to fill out an application from a reputable CPA network and it popped up. Not sure what I was thinking, apparently I wasn't thinking at all.
So the ransomware encrypted my .jpg files and most files in my compressed .zip folders. Luckily for me, the only things compressed were downloaded font files which were already extracted, I just had the .zip folders still on my PC and I believe .doc files for Microsoft Word, but I'm not even sure about those because my only indication that it's those too is because when I try to open them in Word, it gives me some message about them being created with an newer version of Word and can't open them, then asks me if I want to download (yeah I'm a little paranoid so I didn't). I deleted Word and the .doc files because they were old and useless and I was paranoid that if I download what Word is apparently asking me to, it will be that again.
So anyway, I had nothing backed up, no anti-virus (just malwarebytes free) and pretty much everything that would deem my files doomed for good. Yes I learned my lesson, I will forever back up files. Well I found that I had previous versions saved in Windows of the pictures, so I restored all those previous versions, put them in a folder and uploaded them all to Google Drive for now.
Then I went into safe mode, manually deleted everything I found that had to do with the ransomware, disabled the ransomware in my startup items and ran malwarebytes after all that. Then I downloaded HitmanPro and that found more crap to get rid of, one thing still being part of the ransomware. Then I downloaded AVG anti-virus, ran a scan and it found nothing. This is all after I made sure I restored my previous versions of my pictures that mean something to me because I had a feeling those restore points would be gone if I pre-deleted the ransomware. I spent 12 hours tackling this thing because half way through (before I ridded of the ransomware), it re-encrypted my restored files. I freaked out because I thought that was it for my files. I already restored my pictures from my only restore point. Well, my restore points were still in tact so I re-did everything all over again. I made it a success, uploaded everything to Google Drive, then got rid of the ransomware as stated above.
Here's the kicker, my computer is a Hackintosh. Hopefully somebody can give me some insight about my concern.
Recently I haven't been able to boot into my Mac side of the Hackintosh (this is a totally separate issue from a previous time, still trying to tackle it but I'm not too worried because I know the hard disk is okay). BUT, I really wanted to access some files the other day and found out I can access my Mac partition through Windows using a program that runs in the background called Paragon. I installed that before all this happened and was able to access those files. Problem is, that drive is exposed to my Windows side so before doing all the work I stated above, I noticed that my files from the Mac partition (again, just .jpg for the most part) were encrypted as well. Sneaky ransomware I tell ya. Well of course I tried to restore those but Windows told me there's no restore point for those (obviously compatibility issues, hopefully I can restore them in OSX when I get in there).
So what I was worried about really was keeping my Windows side safe, so I deleted Paragon so the drive wasn't exposed to my Windows partition anymore. I unplugged that drive as well.
Well now Windows is peachy perfect. Clean, running fast and protected.
Now here's the question after my drawn out story(sorry). Do you guys think if I reinstall Paragon to access my Mac partition and the Ransomware is still active in that drive that it will transfer back over to my Windows partition? Or should I play it safe and try to just boot into OS X like normal and tackle the Ransomware that way so Windows stays safe.
Any risk to this? Any insight would be awesome. Thank you good people!
P.S. Spora blocked me from their website because I crap talked them in the live chat. I informed people they didn't need to pay and there is usually always a way and gave them my process of getting around it. They deleted my messages and blocked me. BUT, I was able to log back in with the key they gave me from my phone to see what people said but I was at my "message limit" so I couldn't say anymore and like I said, my messages were deleted. I have screenshots of me crap talking them. I also have a screenshot of the original pop up that started this mess.