Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about these ransomwares.


  • Please log in to reply
11 replies to this topic

#1 34BLEEP00XX

34BLEEP00XX

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:38 PM

Posted 10 May 2017 - 07:38 PM

I have few questions about these ransomwares:

 

A) If they infect computer do they crypt files immediately?

'

B ) Where these ransomwares come? E-mail ZIPS are one source but are there more sources?


Edited by 34BLEEP00XX, 10 May 2017 - 07:38 PM.


BC AdBot (Login to Remove)

 


#2 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:38 PM

Posted 10 May 2017 - 07:53 PM

On those ransomware articles they talk something called Darknet. What is it? I know there is a tool for anonymous web browsing. It is called Tor network.



#3 Jamiemcg

Jamiemcg

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Massachusetts
  • Local time:10:38 AM

Posted 10 May 2017 - 09:08 PM

From what I understand, some ransomeware infections have to connect to a central server before actually activating and encrypting one's files. However, this may not be true in all cases, especially since new or modified versions of viruses and malicious programs are being created all the time.

 

For more information about ransomeware, I would suggest checking out the Wikipedia article below.

 

https://en.wikipedia.org/wiki/Ransomware

 

If you suspect that you may have downloaded a malicious file or program, like ransomware, I would advise that you temporarily disconnect your computer from the internet and run both an antivirus scan and an antimalware scan. It may not be a bad idea to go as far as rebooting your computer and then running the scans again, just to be sure that they don't find anything else after the reboot.

 

As far as how one can get infected with ransomeware, malicious email attachments are one such method of transmission. Oftentimes, users will receive emails that appear to be from legitimate organizations, with some emails looking very similar to the real emails sent out by such organizations. By downloading the infected files, the user can then open themselves up to being infected with the ransomeware or other malicious files or programs.

 

If such a file or program is downloaded and makes its way onto a network, it's possible that other computers can then get infected, either by someone else opening the files or programs or by the files or programs replicating themselves. However, whether a virus could duplicate itself onto other computers within a network is dependent on the particular virus or malicious program.

 

In order to avoid infection with ransomeware or other malicious files or programs, I'd recommend being vigilant about opening emails and attachments, especially when you don't recognize the sender. Even if you do recognize the sender, it's good practice to keep an eye out for things that don't look quite right, just in case their email has been used to transmit a virus or other malicious files or programs.

 

Best,

Jamie


Edited by Jamiemcg, 10 May 2017 - 09:09 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 11 May 2017 - 04:32 AM


Section :step2: in this topic includes information about Crypto malware (file encrypting ransomware) and explains the most common methods it and other forms of ransomware is typically delivered and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:38 PM

Posted 11 May 2017 - 07:02 AM

Thanks a lot for this info. I can tell one story: I tried to open suspicious looking E-mail file. It is called something like Invoice634210.zip and antivirus said this: This file contains malware. Download denied. So that shows my protection is up and running.

 

If you really want to know an awesome site. Try this: www.scam-detector.com . It gives advices against web scams.


Edited by 34BLEEP00XX, 11 May 2017 - 07:03 AM.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 11 May 2017 - 08:03 AM

The developers of Nemucod, CryptoWall, Locky, Ransom32, TeslaCrypt, KeyBTC, XRTN and other types of ransomware all have been known to use malicious .js (JScript) files often found in zipped email attachments disguised as fake PDF files which appear to be legitimate correspondence from reputable companies such as financial institutions, FedEx and UPS notices with tracking numbers.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:38 PM

Posted 12 May 2017 - 05:35 AM

One more thing: Where can I get some port scanners so I see what ports to network are open?



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 12 May 2017 - 06:33 AM

These are online port scanning services which can be used to check for open and vulnerable ports:
  • Shields Up will alert users of any ports that have been opened through firewalls or NAT routers.
  • Online Port Scan allows you to scan individual TCP ports to determine if the device is listening on that port.
  • Subnet Online Port Scanner allows you to scan a host or IP for an open or closed TCP port.
  • MxToolbox Port Scan allows you to check what services are running and open.
  • Open Port Check Tool allows you to check your external IP address and detect open ports on your connection.
  • AuditMyPc Firewall Test will check your computer for ports that are commonly left open and could allow your computer to be compromised.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:38 PM

Posted 12 May 2017 - 06:40 AM

I ran all GRC tests and they marked as PASSED. So my shields are up against net intrusions.



#10 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:38 PM

Posted 12 May 2017 - 07:00 AM

I GOT to tell you one story. This is really funny one: I  play this net-game which had its connection on form http:// not https://. I saw one video on Youtube where they advertise hacker program for that game. I reported it immediately to game support and now FINALLY they changed their address as https:// connection. They now have a green lock with Comodo CA limited certificate. Now that green lock when pressed more info button says this: TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, 256 bit keys, TLS 1.2 : I think that will keep any hacker / hacking program outside that game.



#11 34BLEEP00XX

34BLEEP00XX
  • Topic Starter

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:05:38 PM

Posted 12 May 2017 - 07:12 AM

And by the way: It was me who finally made them change their connection to https:// : LOL.



#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,934 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:38 AM

Posted 12 May 2017 - 08:24 AM

I use HTTPS Everywhere.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users