Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


GregV

922 posts

Ultimate Geek


#168592 19-Mar-2015 13:03
Send private message

NCSC has put out an advisory regarding CryptoWall activity hitting NZ domains.
http://www.ncsc.govt.nz/assets/NCSC-Advisory-CryptoWall-Mar-2015.pdf

We've blocked a few at work, starting from Friday last week.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
roobarb
588 posts

Ultimate Geek

Trusted

  #1262394 19-Mar-2015 13:26
Send private message

So to read a warning about a threat about downloading from an NZ site, you have to download something from an NZ site?

 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
networkn
Networkn
30812 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1262430 19-Mar-2015 14:08
Send private message

Heh about 6 months after the first attacks! Glad we didn't rely on them for notification!


DravidDavid
1907 posts

Uber Geek


  #1262504 19-Mar-2015 14:56
Send private message

They target network shares now too...Time to buy more drives and re-back everything up again just in case.



networkn
Networkn
30812 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1263513 19-Mar-2015 16:09
Send private message

DravidDavid: They target network shares now too...Time to buy more drives and re-back everything up again just in case.


Always did. Correction, was mapped drives it attacks.

Backups, Backups, Backups!



garvani
1873 posts

Uber Geek

Trusted

  #1263521 19-Mar-2015 16:19
Send private message

A home client was hit on monday they were asking for $500usd to get data back. Client had no backup, just photo's etc effected, wasn't overally concerned.

A business client with 30gb of data on a 2013 server got hit on Wednesday (through network shares), they were wanting $16,000usd for the decryption key. We have shadow protect on this server uploading to a data center so luckily the client was protected.

networkn
Networkn
30812 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1263523 19-Mar-2015 16:21
Send private message

garvani: A home client was hit on monday they were asking for $500usd to get data back. Client had no backup, just photo's etc effected, wasn't overally concerned.

A business client with 30gb of data on a 2013 server got hit (through network shares) and the damage was $16,000usd. We have shadow protect on this server uploading to a data center so luckily the client was protected.


There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.


garvani
1873 posts

Uber Geek

Trusted

  #1263529 19-Mar-2015 16:25
Send private message

networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.



networkn
Networkn
30812 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1263531 19-Mar-2015 16:28
Send private message

garvani:
networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.


It won't take them long to get the new key and sort it. Won't help you now though. 

CYaBro
4195 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #1263540 19-Mar-2015 16:36
Send private message

We just had a client get hit the other day.

One of the staff got it on their personal laptop and it encrypted all their files including their business Dropbox folder, which is where they keep all of their company data!
No backups but luckily we were able to recover files from the Shadow Copies on one of the uninfected machines that had Dropbox on it.

Their previous had told them that Dropbox was a backup!

Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.

networkn
Networkn
30812 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1263546 19-Mar-2015 16:44
Send private message


Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.


I have restored directories, subdirectories and files on many occasions?


CYaBro
4195 posts

Uber Geek

ID Verified
Trusted
Subscriber

  #1263548 19-Mar-2015 16:47
Send private message

networkn:

Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.


I have restored directories, subdirectories and files on many occasions?



Really? We couldn't find the option anywhere, only for individual files.

askelon
805 posts

Ultimate Geek

ID Verified

  #1263574 19-Mar-2015 17:16
Send private message

I had to fix one that started encrypting their dropbox yesterday. It hadnt done too many do they are just doing whatever ones they come across manually. But there are some scripts out there to revert all the dropbox stuff back a version.  

Xeon
301 posts

Ultimate Geek


  #1263655 19-Mar-2015 19:03
Send private message

networkn:
garvani:
networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.


It won't take them long to get the new key and sort it. Won't help you now though. 


Cryptlocker can only (usually) have files decrypted because the server storing the encryption keys were seized though...

Pirran
20 posts

Geek


  #1265460 23-Mar-2015 09:12
Send private message

I had a client affected by this last week, when she opened a .js file that claimed it was a resume in her inbox. We had recently moved her business and a lot of her files to Google Drive to move them to a new PC and laptop. I managed to recover those as the Cryptowall hadn't deleted the previous versions of those in Google Drive, only the previous versions everywhere else. She didn't have much outside the Drive, but I couldn't rollback everything at once so it was a horribly painful week restoring each file individually.

I had also attempted the Cryptolocker website when I first googled the problem, without success. It's not the same version, and it's horrible.

Pirran
20 posts

Geek


  #1275426 1-Apr-2015 15:22
Send private message

Sorry for double-posting but I thought this was important. Yesterday I was given two laptops of a large client (a local gym) whos Cloud was infected with CryptoWall. It synced across their network (I'll be dealing with the other PCs later) but I decided to give Shadow Explorer a chance and it recovered the files from the 23rd. (Anything onwards is lost but what a save!) If anyone else has this problem, give that program a go.

Edit: I've just realised it worked because it was not the "Ground Zero" infected PC. The PC that gets hit does have its shadows wiped (as I originally thought), but anything synced up to it will still keep its own.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

One New Zealand Extends 3G Switch-off Date
Posted 11-Apr-2024 08:56


Amazon Echo Hub Review
Posted 10-Apr-2024 18:57


Epson Launches New Versatile A4 Desktop Scanners
Posted 10-Apr-2024 15:31


Motorola Mobility Launches New Android Phones in New Zealand
Posted 10-Apr-2024 14:59


Logitech G Unveils the PRO X 60 Gaming Keyboard
Posted 9-Apr-2024 19:01


Logitech Unveils Signature Slim Keyboard and Combo
Posted 9-Apr-2024 13:33


ExpressVPN Launches Aircove Go Portable Router With Built-in VPN
Posted 26-Mar-2024 21:25


Shure MoveMic Review
Posted 25-Mar-2024 12:47


reMarkable 2 Launches at JB Hi-Fi New Zealand
Posted 20-Mar-2024 08:36


Samsung Galaxy S24 Ultra review
Posted 19-Mar-2024 11:37


Google Nest Wifi Pro Review
Posted 16-Mar-2024 11:28


Samsung Galaxy A55 5G and Galaxy A35 5G
Posted 12-Mar-2024 12:41


Cricut EasyPress Mini Zen Blue launches at Spotlight New Zealand
Posted 12-Mar-2024 12:32


Logitech Introduces MX Brio Webcam
Posted 12-Mar-2024 12:24


HP Unveils Broadest Consumer Portfolio of AI-Enhanced Laptops
Posted 3-Mar-2024 18:09









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







Backblaze unlimited backup