Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersRansomware information + decryption
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 
Dynamic
3866 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1551217 11-May-2016 22:52
Send private message

Kiwifruta: bring back those ZX81s I say!

 

Too right!  If you want to run a program, be geek enough to type in its code from a handy Bits & Bytes magazine!




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.



Kiwifruta
1423 posts

Uber Geek

ID Verified

  #1551222 11-May-2016 23:05
Send private message

Dynamic:

Kiwifruta: bring back those ZX81s I say!


Too right!  If you want to run a program, be geek enough to type in its code from a handy Bits & Bytes magazine!



And I bet you never picked up any malware.

1101
3122 posts

Uber Geek


  #1551343 12-May-2016 10:20
Send private message

networkn:
Sadly, once you start down the road of "blocking searches" it's a slippery slope.

 

Thats allready happening, google blocks many sites from showing in searches .
And a good thing too, once was a time when searching for a legitimate vendor(or developer) of some software, many of the hits would be
warez type sites

 

I guess that isnt blocking searches, but blocking search results is doable and allready happening
The people we need to worry about, dont need google to find/buy this malware anyway.



SepticSceptic
2186 posts

Uber Geek

Trusted

  #1551396 12-May-2016 11:01
Send private message

Kiwifruta: I'm not an IT professional, so looking for advice and recommendations from the IT professionals.

The other day, I read about OpenDNS' fight against ransomware by preventing ransomware from contacting its command and control centre, effectively making an installed ransomware impotent. http://info.opendns.com/rs/opendns/images/DS-OpenDNS-Combating-Ransomware.pdf

How successful have you found this approach in preventing ransomware?

I am considering switching quite a few friends over to OpenDNS to help prevent ransomware attacks.
I'll also set up Windows users with limited accounts, instead of the default administrator rights.

Does dnscrypt also help in preventing ransomware from contacting the command and control servers? Or just man in the middle attacks?

Cheers

EDIT: added link to OpenDNS pdf

 

 

 

Wouldn't something like Peerblock (with appropriate list) stop the phone-home ( or phone-back) scenario that the OpenDNS shows ?

 

Just guessing, I really have no idea ...

wasabi2k
2096 posts

Uber Geek


  #1551441 12-May-2016 12:30
Send private message

SepticSceptic:

 

Kiwifruta: I'm not an IT professional, so looking for advice and recommendations from the IT professionals.

The other day, I read about OpenDNS' fight against ransomware by preventing ransomware from contacting its command and control centre, effectively making an installed ransomware impotent. http://info.opendns.com/rs/opendns/images/DS-OpenDNS-Combating-Ransomware.pdf

How successful have you found this approach in preventing ransomware?

I am considering switching quite a few friends over to OpenDNS to help prevent ransomware attacks.
I'll also set up Windows users with limited accounts, instead of the default administrator rights.

Does dnscrypt also help in preventing ransomware from contacting the command and control servers? Or just man in the middle attacks?

Cheers

EDIT: added link to OpenDNS pdf

 

 

 

Wouldn't something like Peerblock (with appropriate list) stop the phone-home ( or phone-back) scenario that the OpenDNS shows ?

 

Just guessing, I really have no idea ...

 

 

Yes - If your list is up to date immediately upon release of crypto variant 98343473, which is unlikely.

 

Infection vectors we have seen were largely flash, then office docs, then executable attachments.

 

Only flash was a 0-interaction infection, the others all required people to actively open something.

 

For a desktop: Without an OS, Browser or Plugin exploit executable content can't just execute with no interaction. OS has been pretty solid lately, browsers not too bad - plugins utter garbage.

Kiwifruta
1423 posts

Uber Geek

ID Verified

  #1551447 12-May-2016 12:47
Send private message

wasabi2k:

SepticSceptic:


Kiwifruta: I'm not an IT professional, so looking for advice and recommendations from the IT professionals.

The other day, I read about OpenDNS' fight against ransomware by preventing ransomware from contacting its command and control centre, effectively making an installed ransomware impotent. http://info.opendns.com/rs/opendns/images/DS-OpenDNS-Combating-Ransomware.pdf

How successful have you found this approach in preventing ransomware?

I am considering switching quite a few friends over to OpenDNS to help prevent ransomware attacks.
I'll also set up Windows users with limited accounts, instead of the default administrator rights.

Does dnscrypt also help in preventing ransomware from contacting the command and control servers? Or just man in the middle attacks?

Cheers

EDIT: added link to OpenDNS pdf


 


Wouldn't something like Peerblock (with appropriate list) stop the phone-home ( or phone-back) scenario that the OpenDNS shows ?


Just guessing, I really have no idea ...



Yes - If your list is up to date immediately upon release of crypto variant 98343473, which is unlikely.


Infection vectors we have seen were largely flash, then office docs, then executable attachments.


Only flash was a 0-interaction infection, the others all required people to actively open something.


For a desktop: Without an OS, Browser or Plugin exploit executable content can't just execute with no interaction. OS has been pretty solid lately, browsers not too bad - plugins utter garbage.



@wasabi2k So removing adobe flash player is a must then. I read from one source that 75% of ransomware attacks came via adobe flash player.

So would removing adobe flash player and using the inbuilt flash player of Google Chrome reduce those vulnerabilities?

wasabi2k
2096 posts

Uber Geek


  #1551450 12-May-2016 12:51
Send private message

Kiwifruta:

 

@wasabi2k So removing adobe flash player is a must then. I read from one source that 75% of ransomware attacks came via adobe flash player.

So would removing adobe flash player and using the inbuilt flash player of Google Chrome reduce those vulnerabilities?

 

All our attacks were done against the Adobe Flash Player plugin in IE - chrome was unaffected. However Chrome isn't 100% immune either: http://arstechnica.com/security/2015/07/hacking-teams-flash-0day-potent-enough-to-infect-actual-chrome-user/. I think it is a case of less insecure, not bulletproof. I would say the Adobe plugin is more targeted than the inbuilt chrome one.

 

FlashBlock (extension to stop auto loading flash) is a good option but can be confusing for users/break sites.

 

Acrobat/Adobe Reader is the other big culprit - again Chrome's preview appears to be less so but isn't a full replacement.

 

 

 

 

 
 
 
 

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.
Kiwifruta
1423 posts

Uber Geek

ID Verified

  #1551461 12-May-2016 13:22
Send private message

wasabi2k:

Kiwifruta:


@wasabi2k So removing adobe flash player is a must then. I read from one source that 75% of ransomware attacks came via adobe flash player.

So would removing adobe flash player and using the inbuilt flash player of Google Chrome reduce those vulnerabilities?


All our attacks were done against the Adobe Flash Player plugin in IE - chrome was unaffected. However Chrome isn't 100% immune either: http://arstechnica.com/security/2015/07/hacking-teams-flash-0day-potent-enough-to-infect-actual-chrome-user/. I think it is a case of less insecure, not bulletproof. I would say the Adobe plugin is more targeted than the inbuilt chrome one.


FlashBlock (extension to stop auto loading flash) is a good option but can be confusing for users/break sites.


Acrobat/Adobe Reader is the other big culprit - again Chrome's preview appears to be less so but isn't a full replacement.


 


 



Securitywise how does Microsoft Edge compare?

What alternative to Adobe Reader would you recommend?
I use the ACC calculator https://www.levycalculators.acc.co.nz/cpx.jsp for my work. The Chrome based reader cannot use it, so I use Adobe Reader. Is there a more secure alternative to Adobe Reader that I can use with this type of file, in Windows 10 or even Ubuntu?
I'm running Windows 10 and have firefox, chrome and edge for work things.


wasabi2k
2096 posts

Uber Geek


  #1551472 12-May-2016 13:40
Send private message

Kiwifruta:
Securitywise how does Microsoft Edge compare?

What alternative to Adobe Reader would you recommend?
I use the ACC calculator https://www.levycalculators.acc.co.nz/cpx.jsp for my work. The Chrome based reader cannot use it, so I use Adobe Reader. Is there a more secure alternative to Adobe Reader that I can use with this type of file, in Windows 10 or even Ubuntu?
I'm running Windows 10 and have firefox, chrome and edge for work things.

 

I'll admit I am not sure about Edge - we are still a Windows 7 shop at work and I am a Chrome user at home.

 

As far as Adobe Reader - there are a number of third party readers, but inevitably you will come across a PDF that won't render correctly unless you use Adobe Reader. Just got to make sure that it is up to date at all times.

 

 

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright