Welcome! Here are the website rules, as well as some tips for using this forum.
Need to contact us? Visit https://heatinghelp.com/contact-us/.
Click here to Find a Contractor in your area.

All my computer files have been encrypted

Tim McElwain
Tim McElwain Member Posts: 4,612
Nasty thing as there is nothing you can do but pay the ransom. Even some of my backup also locked up. If you are trying to reach me go to my Facebook site "Timmies Tips on Gas".

Comments

  • STEVEusaPA
    STEVEusaPA Member Posts: 6,506
    That's awful. If you pay the ransom, they usually don't give you back the files, just want more ransom.
    Any idea how they got in?
    steve
  • SlamDunk
    SlamDunk Member Posts: 1,570
    what’s the ransom?
  • EBEBRATT-Ed
    EBEBRATT-Ed Member Posts: 15,453
    That sucks. Not a good way to start the new year
  • NY_Rob
    NY_Rob Member Posts: 1,370
    Sounds like "WannaCry"...
    https://www.symantec.com/blogs/threat-intelligence/wannacry-ransomware-attack

    Did you have Anti-Virus protection?

    I got a few customer PC's in for repair at work with WannaCry. I ended up formatting and re-installing the OS on all of them.
  • kalex1114
    kalex1114 Member Posts: 104
    Anything important should be backed up offsite. Ransomeware attacks are designed to traverse your local network and local and external disks
  • adambnyc
    adambnyc Member Posts: 260
    It’s either wannacry or petya or notpetya. All North Korea bitcoin attacks. They leverage a US NSA tool that was leaked. Anti-virus may catch it but the best fix is to make sure you do windows update regularly. Microsoft patched the hole in March 2017. I lived this nightmare with a few of my customers. Does it say “ooops! All you files have been encrypted” in red lettering?

    Also, don’t pay the ransom. The email address that they instruct you to send your confirmation number to has long been shut down.
  • adambnyc
    adambnyc Member Posts: 260
    Also, if you had the disk partitioned between C and D drives, I’ve seen some instances that the D drive didn’t get encrypted. You might be able to save some data. If it was all one C drive, format and start over
  • NY_Rob
    NY_Rob Member Posts: 1,370
    adambnyc said:

    ...the best fix is to make sure you do windows update regularly. Microsoft patched the hole in March 2017.

    It does no good if MS patches the hole same day... but people turn off auto updates.

    I believe that's one of the driving forces behind the Windows 10 "feature" of not being able to turn off Windows updates like you could do with all previous versions of Windows.



  • adambnyc
    adambnyc Member Posts: 260
    if someone just got hit by a ransomware based on EternalBlue, then its been a real long time since windows updates were done. I completely agree, consumer based computers should always have windows automatic update always turned on.
  • Tim McElwain
    Tim McElwain Member Posts: 4,612
    I have no idea how it got in but I lost a lot of my created files that have been developed over the last 30 years. That and my customer e-mail files which is at around 5,000 names and addresses.
    My computer people have found that some of my files were backed up but not all of them. They are working on getting my system back up and running. I had some of my files on my laptop (which I am on now). They wanted paid in "bitcoin" and that in itself can be a nightmare as to the transfer to those seeking the ransom. I refuse to pay the ransom, I just do not trust the crooks that I would get the files back.
  • Tim McElwain
    Tim McElwain Member Posts: 4,612
    By the way I have several real good virus protection systems. This stuff is very sophisticated and the only real protection is an off line back up system like "i-cloud."
  • BobC
    BobC Member Posts: 5,476
    Your only protection against something like this is to back everything up to an external drive and DISCONNECT it from your computer and put it onto a shelf. External drives are dirt cheap buy a bunch of them and follow a schedule like this.

    If your running a business data is important, for many small businesses you could use 32gb thumb drives for backup - they cost about $10 each. You can label each one

    Back up all your user files (most small businesses only have 10gb or less than of user created files) every week (or day if you have a large turnover of information, Back up all user files every month, back every user file every 3 months, back every user file every year. Save all quarterly backups for a full year and then start overwriting them.

    if you back up every week you will need 13 weekly drives, 4 quarterly drives and maybe 5 yearly drives if you want to be conservative.

    Buy enough drives so you can keep sets of these for a year (and maybe save yearlies for 5 years), then start to back up over the old data every 3 months, every year and so forth. these scammers are not going to wait long to snare you so this type of strategy will limit the amount of data you might lose.

    Bob
    Smith G8-3 with EZ Gas @ 90,000 BTU, Single pipe steam
    Vaporstat with a 12oz cut-out and 4oz cut-in
    3PSI gauge
    Gordy
  • What a trial for you, and bobc, it’s now a case of locking the barn door after the horse has escaped.—NBC
  • SeymourCates
    SeymourCates Member Posts: 162
    @BobC
    I'm a bit concerned about this situation myself as I don't quite understand how the thieves access the machine.

    Why is it preferable to utilize 13 weekly drives, five quarterly drives, and 5 yearly drives? What purpose does it serve over using just a single drive and overwriting it each week (as has been my custom).
  • ratio
    ratio Member Posts: 3,615
    You want physical redundancy to protect against media failure, as well as multiple copies to protect against backing up a corrupted file. This may add some insight to backups as well.

    I personally wouldn't feel comfortable storing proprietary data on "the cloud" (regardless of service terms and whatnot), or even off site, unless it was first encrypted with a strong cypher. Once it's no longer physically in your hands, you should treat it as publicly visible.

    ChrisJJean-David Beyer
  • adambnyc
    adambnyc Member Posts: 260
    I wouldn’t do the “many drives” route. I’d much sooner recommend that you start to leverage office365 from Microsoft. Hosted email, storage, sharepoint and a lot more. And it’s very cost effective. Put all your important files into your onedrive share and have it automatically sync’d to the the MS cloud. It also leverages “versioning” on your files so you could get older versions of your same files.

    Everything is going to the cloud. As long you choose a trusted provider - Microsoft, google, Amazon, etc as a consumer you have nothing to worry about. Major corporations use the cloud for storage, Amazon S3, google object store, etc. No reason why you shouldn’t.
  • ChrisJ
    ChrisJ Member Posts: 15,588
    It doesn't matter how "sophisticated" an antivirus program is or how many you have if the program hasn't been identified as a virus by the manufacturers of the antivirus programs. They will not find it if it's fairly new.

    Why and how do you keep getting them? Maybe my memory is off but I thought you went through this a year or two ago. You need to be very cautious about opening files in emails even from people you know.
    Single pipe quasi-vapor system. Typical operating pressure 0.14 - 0.43 oz. EcoSteam ES-20 Advanced Control for Residential Steam boilers. Rectorseal Steamaster water treatment
  • adambnyc
    adambnyc Member Posts: 260
    edited December 2017
    @ChrisJ 100% correct. AV is only as good as what’s already known. There are some more advanced AV out there today that claim to use AI to prevent these type of attacks like Carbon Black or cylance(really hot right now in the fortune 100).

    All the fortune 100 are taking the approach that it’s not “if” this will happen but rather “when”.

    And it’ can’t be controlled getting hit like this on a zero day attack but what can be controlled is how long it takes you to recover.
  • adambnyc
    adambnyc Member Posts: 260
    I will say this again, eternal blue has been patched for over 6 months! If you don’t perform windows updates, your gonna get hit
  • STEVEusaPA
    STEVEusaPA Member Posts: 6,506
    Here's what I do...paranoid. 2 computers. The one with all the important info-Quickbooks, Spreadsheets, and my business software, is not normally connected to the internet. I have antivirus software installed, automatic updates, and lock down all incoming and outgoing traffic. Once a month (besides daily backups) I back up the 2 programs, connect to the internet, do full system scan, and check for Windows update. After that I disconnect from the internet.
    The other computer I use for surfing and email. Bit of a pain, but never had a problem. If the email computer were to get corrupted, it wouldn't be too hard to wipe it and start over.
    steve
  • DanHolohan
    DanHolohan Member, Moderator, Administrator Posts: 16,513
    We use Carbonite. It backs up everything to the cloud and if there's ever a problem they'll mail me a new hard drive with everything on it. It's worth ever penny for a subscription. I can also access all my files from anywhere. https://www.carbonite.com/:
    Retired and loving it.
    CLamb
  • Wellness
    Wellness Member Posts: 138
    What @ratio said. What you need is redundancy with reliable backups. Personally I use both a NAS and an external drive for that. Anti-malware and other so-called protection software is a waste of money and computer resources.
  • Mark Eatherton
    Mark Eatherton Member Posts: 5,853
    ChrisJ said:

    It doesn't matter how "sophisticated" an antivirus program is or how many you have if the program hasn't been identified as a virus by the manufacturers of the antivirus programs. They will not find it if it's fairly new.



    Why and how do you keep getting them? Maybe my memory is off but I thought you went through this a year or two ago. You need to be very cautious about opening files in emails even from people you know.

    It wasn't Tim, it was me. I paid the ransom ($500) and got everything back. It usually only happens when you click on an email with an attachment. The emails are very well disguised. Mine was from my parent company, and said "From the second floor copier" which was quite common coming from the main office.

    ME

    It's not so much a case of "You got what you paid for", as it is a matter of "You DIDN'T get what you DIDN'T pay for, and you're NOT going to get what you thought you were in the way of comfort". Borrowed from Heatboy.
  • hvacfreak2
    hvacfreak2 Member Posts: 500
    To the OP : This may be a long shot but you may try Windows Restore feature. Restore to last saved point .
    hvacfreak

    Mechanical Enthusiast

    Burnham MST 396 , 60 oz gauge , Tigerloop , Firomatic Check Valve , Mcdonnell Miller 67 lwco , Danfoss RA2k TRV's

    Easyio FG20 Controller

  • ChrisJ
    ChrisJ Member Posts: 15,588
    > @Mark Eatherton said:
    > It doesn't matter how "sophisticated" an antivirus program is or how many you have if the program hasn't been identified as a virus by the manufacturers of the antivirus programs. They will not find it if it's fairly new.
    >
    >
    >
    > Why and how do you keep getting them? Maybe my memory is off but I thought you went through this a year or two ago. You need to be very cautious about opening files in emails even from people you know.
    >
    > It wasn't Tim, it was me. I paid the ransom ($500) and got everything back. It usually only happens when you click on an email with an attachment. The emails are very well disguised. Mine was from my parent company, and said "From the second floor copier" which was quite common coming from the main office.
    >
    > ME

    ah. I knew it was someone.
    Single pipe quasi-vapor system. Typical operating pressure 0.14 - 0.43 oz. EcoSteam ES-20 Advanced Control for Residential Steam boilers. Rectorseal Steamaster water treatment