Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




791 posts

Ultimate Geek


# 168592 19-Mar-2015 13:03
Send private message

NCSC has put out an advisory regarding CryptoWall activity hitting NZ domains.
http://www.ncsc.govt.nz/assets/NCSC-Advisory-CryptoWall-Mar-2015.pdf

We've blocked a few at work, starting from Friday last week.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
483 posts

Ultimate Geek

Trusted

  # 1262394 19-Mar-2015 13:26
Send private message

So to read a warning about a threat about downloading from an NZ site, you have to download something from an NZ site?

21425 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1262430 19-Mar-2015 14:08
Send private message

Heh about 6 months after the first attacks! Glad we didn't rely on them for notification!


 
 
 
 


1892 posts

Uber Geek


  # 1262504 19-Mar-2015 14:56
Send private message

They target network shares now too...Time to buy more drives and re-back everything up again just in case.





Sometimes what you don't get is a blessing in disguise!

21425 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1263513 19-Mar-2015 16:09
One person supports this post
Send private message

DravidDavid: They target network shares now too...Time to buy more drives and re-back everything up again just in case.


Always did. Correction, was mapped drives it attacks.

Backups, Backups, Backups!



1874 posts

Uber Geek

Trusted

  # 1263521 19-Mar-2015 16:19
Send private message

A home client was hit on monday they were asking for $500usd to get data back. Client had no backup, just photo's etc effected, wasn't overally concerned.

A business client with 30gb of data on a 2013 server got hit on Wednesday (through network shares), they were wanting $16,000usd for the decryption key. We have shadow protect on this server uploading to a data center so luckily the client was protected.

21425 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1263523 19-Mar-2015 16:21
Send private message

garvani: A home client was hit on monday they were asking for $500usd to get data back. Client had no backup, just photo's etc effected, wasn't overally concerned.

A business client with 30gb of data on a 2013 server got hit (through network shares) and the damage was $16,000usd. We have shadow protect on this server uploading to a data center so luckily the client was protected.


There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.


1874 posts

Uber Geek

Trusted

  # 1263529 19-Mar-2015 16:25
Send private message

networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.

 
 
 
 


21425 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1263531 19-Mar-2015 16:28
Send private message

garvani:
networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.


It won't take them long to get the new key and sort it. Won't help you now though. 

3189 posts

Uber Geek

Subscriber

  # 1263540 19-Mar-2015 16:36
Send private message

We just had a client get hit the other day.

One of the staff got it on their personal laptop and it encrypted all their files including their business Dropbox folder, which is where they keep all of their company data!
No backups but luckily we were able to recover files from the Shadow Copies on one of the uninfected machines that had Dropbox on it.

Their previous had told them that Dropbox was a backup!

Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.

21425 posts

Uber Geek

Trusted
Lifetime subscriber

  # 1263546 19-Mar-2015 16:44
Send private message


Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.


I have restored directories, subdirectories and files on many occasions?


3189 posts

Uber Geek

Subscriber

  # 1263548 19-Mar-2015 16:47
Send private message

networkn:

Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.


I have restored directories, subdirectories and files on many occasions?



Really? We couldn't find the option anywhere, only for individual files.

637 posts

Ultimate Geek

Subscriber

  # 1263574 19-Mar-2015 17:16
Send private message

I had to fix one that started encrypting their dropbox yesterday. It hadnt done too many do they are just doing whatever ones they come across manually. But there are some scripts out there to revert all the dropbox stuff back a version.  

279 posts

Ultimate Geek


  # 1263655 19-Mar-2015 19:03
Send private message

networkn:
garvani:
networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.


It won't take them long to get the new key and sort it. Won't help you now though. 


Cryptlocker can only (usually) have files decrypted because the server storing the encryption keys were seized though...

20 posts

Geek


  # 1265460 23-Mar-2015 09:12
Send private message

I had a client affected by this last week, when she opened a .js file that claimed it was a resume in her inbox. We had recently moved her business and a lot of her files to Google Drive to move them to a new PC and laptop. I managed to recover those as the Cryptowall hadn't deleted the previous versions of those in Google Drive, only the previous versions everywhere else. She didn't have much outside the Drive, but I couldn't rollback everything at once so it was a horribly painful week restoring each file individually.

I had also attempted the Cryptolocker website when I first googled the problem, without success. It's not the same version, and it's horrible.

20 posts

Geek


  # 1275426 1-Apr-2015 15:22
Send private message

Sorry for double-posting but I thought this was important. Yesterday I was given two laptops of a large client (a local gym) whos Cloud was infected with CryptoWall. It synced across their network (I'll be dealing with the other PCs later) but I decided to give Shadow Explorer a chance and it recovered the files from the 23rd. (Anything onwards is lost but what a save!) If anyone else has this problem, give that program a go.

Edit: I've just realised it worked because it was not the "Ground Zero" infected PC. The PC that gets hit does have its shadows wiped (as I originally thought), but anything synced up to it will still keep its own.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter and LinkedIn »



Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Microsoft launches first Experience Center worldwide for Asia Pacific in Singapore
Posted 13-Nov-2019 13:08


Disney+ comes to LG Smart TVs
Posted 13-Nov-2019 12:55


Spark launches new wireless broadband "Unplan Metro"
Posted 11-Nov-2019 08:19


Malwarebytes overhauls flagship product with new UI, faster engine and lighter footprint
Posted 6-Nov-2019 11:48


CarbonClick launches into Digital Marketplaces
Posted 6-Nov-2019 11:42


Kordia offers Microsoft Azure Peering Service
Posted 6-Nov-2019 11:41


Spark 5G live on Auckland Harbour for Emirates Team New Zealand
Posted 4-Nov-2019 17:30


BNZ and Vodafone partner to boost NZ Tech for SME
Posted 31-Oct-2019 17:14


Nokia 7.2 available in New Zealand
Posted 31-Oct-2019 16:24


2talk launches Microsoft Teams Direct Routing product
Posted 29-Oct-2019 10:35


New Breast Cancer Foundation app puts power in Kiwi women's hands
Posted 25-Oct-2019 16:13


OPPO Reno2 Series lands, alongside hybrid noise-cancelling Wireless Headphones
Posted 24-Oct-2019 15:32


Waikato Data Scientists awarded $13 million from the Government
Posted 24-Oct-2019 15:27


D-Link launches Wave 2 Unified Access Points
Posted 24-Oct-2019 15:07


LG Electronics begins distributing the G8X THINQ
Posted 24-Oct-2019 10:58



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.