Posted on Oct 29, 2015
How would you deal with the threat of ransomware? How would you deal with being a victim of it ?
3.03K
24
17
4
4
0
FBI recommends you simply pay the fee.
http://www.neowin.net/news/fbi-gives-shocking-advice-to-ransomware-victims
http://www.neowin.net/news/fbi-gives-shocking-advice-to-ransomware-victims
Posted in these groups: 
Cybersecurity
Cybersecurity
Posted 9 y ago
Responses: 7
1
1
0
You use a standard account. My brother-in-law received a similar message, except the ransomware stated that the FBI has lock his computer down and he needed to make a payment of $80 or so dollars to have it unlock. I turned his computer off ran the Malwarebytes and remove the program. I told him to create himself a standard account so that he won't have programs taking control of his computer.
(1)
(0)
SGT (Join to see)
So this is something that normally happens to users who do everything on a single account, which is Admin default ? Why wasn't that in the article ?
(0)
(0)
SSG (Join to see)
Well users usually create their first account which will be an admin account and there there is the account called "admin" which is created by default. You can go into the registry and disable the account and I would also disable the guest account as well.
(0)
(0)
1
1
0
I've been a victim of it. First thing is not to panic. The malware gave a "deleting" files dialog followed by a "pay me" to recover the files dialog. It didn't really delete the files, it hid them. I had to boot into safe mode, remove the malware entries in the registry and unhide the files . I was back up and running in less than an hour.
(1)
(0)
SGT (Join to see)
Thanks for sharing. MalwareBytes is awesome. Did it move the files to the $RecyclingBin folder in the C:\ Folder?
(0)
(0)
0
0
0
Most of the time, it can be trivial to reverse the malware. But there are times when the con has done it proper and has fully encrypted your filing system and recovering it is nigh impossible. At this point I would hope a proper backup has been done. If you're caught with all your sensitive and valuable data encrypted by a hacker, you messed up.
Personally I would never pay the fee. I would try everything in my power to reverse the malware or just roll back to a known good. If you can't do either one of those, then wiping is your best bet. It can be very difficult (depending on the sophistication of your attacker) to tell if they installed a kernal level root kit or something. Best to just wipe and not chance it.
Personally I would never pay the fee. I would try everything in my power to reverse the malware or just roll back to a known good. If you can't do either one of those, then wiping is your best bet. It can be very difficult (depending on the sophistication of your attacker) to tell if they installed a kernal level root kit or something. Best to just wipe and not chance it.
(0)
(0)
SGT (Join to see)
I've still got a lot to learn about root kits. Do you have any good resources to recommend for learning more about it?
(0)
(0)
SSG (Join to see)
I don't know of any resources off the top of my head that are just for root kits. Usually any source from a .edu domain is a good start. You can peruse the SANS white paper collections. There's bound to be a great paper on root kits in there. More than one I'd wager.
(0)
(0)
Read This Next
Continue with Facebook 
Continue with Google