Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersCryptoWall hitting NZ domains
GregV

928 posts

Ultimate Geek


#168592 19-Mar-2015 13:03
Send private message

NCSC has put out an advisory regarding CryptoWall activity hitting NZ domains.
http://www.ncsc.govt.nz/assets/NCSC-Advisory-CryptoWall-Mar-2015.pdf

We've blocked a few at work, starting from Friday last week.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
roobarb
653 posts

Ultimate Geek

Trusted

  #1262394 19-Mar-2015 13:26
Send private message

So to read a warning about a threat about downloading from an NZ site, you have to download something from an NZ site?



networkn
Networkn
32358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1262430 19-Mar-2015 14:08
Send private message

Heh about 6 months after the first attacks! Glad we didn't rely on them for notification!

DravidDavid
1907 posts

Uber Geek


  #1262504 19-Mar-2015 14:56
Send private message

They target network shares now too...Time to buy more drives and re-back everything up again just in case.



networkn
Networkn
32358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1263513 19-Mar-2015 16:09
Send private message

DravidDavid: They target network shares now too...Time to buy more drives and re-back everything up again just in case.


Always did. Correction, was mapped drives it attacks.

Backups, Backups, Backups!

garvani
1873 posts

Uber Geek

Trusted

  #1263521 19-Mar-2015 16:19
Send private message

A home client was hit on monday they were asking for $500usd to get data back. Client had no backup, just photo's etc effected, wasn't overally concerned.

A business client with 30gb of data on a 2013 server got hit on Wednesday (through network shares), they were wanting $16,000usd for the decryption key. We have shadow protect on this server uploading to a data center so luckily the client was protected.

networkn
Networkn
32358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1263523 19-Mar-2015 16:21
Send private message

garvani: A home client was hit on monday they were asking for $500usd to get data back. Client had no backup, just photo's etc effected, wasn't overally concerned.

A business client with 30gb of data on a 2013 server got hit (through network shares) and the damage was $16,000usd. We have shadow protect on this server uploading to a data center so luckily the client was protected.


There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.

garvani
1873 posts

Uber Geek

Trusted

  #1263529 19-Mar-2015 16:25
Send private message

networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
networkn
Networkn
32358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1263531 19-Mar-2015 16:28
Send private message

garvani:
networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.


It won't take them long to get the new key and sort it. Won't help you now though. 

CYaBro
4589 posts

Uber Geek

ID Verified
Trusted

  #1263540 19-Mar-2015 16:36
Send private message

We just had a client get hit the other day.

One of the staff got it on their personal laptop and it encrypted all their files including their business Dropbox folder, which is where they keep all of their company data!
No backups but luckily we were able to recover files from the Shadow Copies on one of the uninfected machines that had Dropbox on it.

Their previous had told them that Dropbox was a backup!

Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.




Opinions are my own and not the views of my employer.

networkn
Networkn
32358 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1263546 19-Mar-2015 16:44
Send private message


Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.


I have restored directories, subdirectories and files on many occasions?

CYaBro
4589 posts

Uber Geek

ID Verified
Trusted

  #1263548 19-Mar-2015 16:47
Send private message

networkn:

Dropbox does allow you to recover files but only one file at a time, you can't recover a whole folder.
They have thousands of files so not an option to go through and recover them individually.


I have restored directories, subdirectories and files on many occasions?



Really? We couldn't find the option anywhere, only for individual files.




Opinions are my own and not the views of my employer.

askelon
879 posts

Ultimate Geek

ID Verified

  #1263574 19-Mar-2015 17:16
Send private message

I had to fix one that started encrypting their dropbox yesterday. It hadnt done too many do they are just doing whatever ones they come across manually. But there are some scripts out there to revert all the dropbox stuff back a version.  

Xeon
302 posts

Ultimate Geek


  #1263655 19-Mar-2015 19:03
Send private message

networkn:
garvani:
networkn: There is a website, where if you upload the sample of the file affected, it will give you a key to use to "bypass" payment. I know a few US IT Companies we do work with and for, who used it with success.



If its decryptcryptlocker it doesn't work. Its a different strain of the ransomware. I tried this on the first clients files.


It won't take them long to get the new key and sort it. Won't help you now though. 


Cryptlocker can only (usually) have files decrypted because the server storing the encryption keys were seized though...

Pirran
20 posts

Geek


  #1265460 23-Mar-2015 09:12
Send private message

I had a client affected by this last week, when she opened a .js file that claimed it was a resume in her inbox. We had recently moved her business and a lot of her files to Google Drive to move them to a new PC and laptop. I managed to recover those as the Cryptowall hadn't deleted the previous versions of those in Google Drive, only the previous versions everywhere else. She didn't have much outside the Drive, but I couldn't rollback everything at once so it was a horribly painful week restoring each file individually.

I had also attempted the Cryptolocker website when I first googled the problem, without success. It's not the same version, and it's horrible.

Pirran
20 posts

Geek


  #1275426 1-Apr-2015 15:22
Send private message

Sorry for double-posting but I thought this was important. Yesterday I was given two laptops of a large client (a local gym) whos Cloud was infected with CryptoWall. It synced across their network (I'll be dealing with the other PCs later) but I decided to give Shadow Explorer a chance and it recovered the files from the 23rd. (Anything onwards is lost but what a save!) If anyone else has this problem, give that program a go.

Edit: I've just realised it worked because it was not the "Ground Zero" infected PC. The PC that gets hit does have its shadows wiped (as I originally thought), but anything synced up to it will still keep its own.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright