Ransomware information + decryption

Forums › IT Pro and developers › Ransomware information + decryption

xpd

Geek of Coastguard
14116 posts

Uber Geek
+1 received by user: 4576

Retired Mod

ID Verified

Trusted

Lifetime subscriber

#195900 11-May-2016 09:31

Found via a link on Spiceworks forums....

https://docs.google.com/spreadsheets/u/1/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/htmlview?sle...

A nice list of all the ransomwares and even decryption solutions for some of them!

XPD / Gavin

LinkTree

1 | 2

4015 posts

Uber Geek
+1 received by user: 1851

ID Verified

Trusted

Lifetime subscriber

#1549660 11-May-2016 09:49

I would give a significant amount to have these 'people' shut down for good.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1549663 11-May-2016 09:50

not a bad list, could come in handy.

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

1101

3141 posts

Uber Geek
+1 received by user: 1143

#1550830 11-May-2016 13:33

Dynamic:

I would give a significant amount to have these 'people' shut down for good.

Then more 'people' would just take their place. Its just crime, the chances of shutting down crime = zero.

Its what happens when you have very highly educated people earning extremely low wages .
Its also what happens when you have stupid or careless people using PC's and companies with no real training .

The best way to shut them down is to stop it from being run on PC's , and stop people from paying.
with no reward they will be less likely to keep writing so much new ransomware.

Kiwifruta

1425 posts

Uber Geek
+1 received by user: 336

ID Verified

#1551152 11-May-2016 20:36

I'm not an IT professional, so looking for advice and recommendations from the IT professionals.

The other day, I read about OpenDNS' fight against ransomware by preventing ransomware from contacting its command and control centre, effectively making an installed ransomware impotent. http://info.opendns.com/rs/opendns/images/DS-OpenDNS-Combating-Ransomware.pdf

How successful have you found this approach in preventing ransomware?

I am considering switching quite a few friends over to OpenDNS to help prevent ransomware attacks.
I'll also set up Windows users with limited accounts, instead of the default administrator rights.

Does dnscrypt also help in preventing ransomware from contacting the command and control servers? Or just man in the middle attacks?

Cheers

EDIT: added link to OpenDNS pdf

Dynamic

4015 posts

Uber Geek
+1 received by user: 1851

ID Verified

Trusted

Lifetime subscriber

#1551156 11-May-2016 20:44

This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#1551181 11-May-2016 21:10

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

Works if it's the old style that tries to write .exe files and execute them from temp paths, but the new style are much smarter and write into folders off the root.

Dell

Shop now for Dell laptops and other devices (affiliate link).

wasabi2k

2102 posts

Uber Geek
+1 received by user: 860

#1551193 11-May-2016 21:35

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

Not necessarily - a lot of them use an algorithm to generate the c & c domains, OpenDNS and others reverse engineer these.

Best defense as always - keep everything up to date and have good backups.

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#1551195 11-May-2016 21:44

wasabi2k:

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

Not necessarily - a lot of them use an algorithm to generate the c & c domains, OpenDNS and others reverse engineer these.

Best defense as always - keep everything up to date and have good backups.

Up to date does provide little defense these days, we have seen completely up to the minute systems compromised many times this year.

The problem is there are now online kits for making your own "cryptolocker" with nice gui's etc to guide you through, and the AV and Malware vendors aren't even close to keeping up sadly.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1551198 11-May-2016 21:52

networkn:

wasabi2k:

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

Not necessarily - a lot of them use an algorithm to generate the c & c domains, OpenDNS and others reverse engineer these.

Best defense as always - keep everything up to date and have good backups.

Up to date does provide little defense these days, we have seen completely up to the minute systems compromised many times this year.

The problem is there are now online kits for making your own "cryptolocker" with nice gui's etc to guide you through, and the AV and Malware vendors aren't even close to keeping up sadly.

Its just the whole RAT issue all over again really. Give it a few years, and there will be the new fab on the block...

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Kiwifruta

1425 posts

Uber Geek
+1 received by user: 336

ID Verified

#1551200 11-May-2016 21:54

networkn:
wasabi2k:

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

Not necessarily - a lot of them use an algorithm to generate the c & c domains, OpenDNS and others reverse engineer these.

Best defense as always - keep everything up to date and have good backups.

Up to date does provide little defense these days, we have seen completely up to the minute systems compromised many times this year.

The problem is there are now online kits for making your own "cryptolocker" with nice gui's etc to guide you through, and the AV and Malware vendors aren't even close to keeping up sadly.

DIY cryptolocker, flippin' heck, horrific. Imagine what little Johnny at school could do with that.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1551202 11-May-2016 21:56

Kiwifruta:

DIY cryptolocker, flippin' heck, horrific. Imagine what little Johnny at school could do with that.

I could tell far too many stores on this that landed in big trouble...

not sure i particularly wanna detail and have a younger reader catch on and try anything themselves though!

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Lenovo

Shop now for Lenovo laptops and other devices (affiliate link).

Kiwifruta

1425 posts

Uber Geek
+1 received by user: 336

ID Verified

#1551204 11-May-2016 22:00

hio77:
Kiwifruta:

DIY cryptolocker, flippin' heck, horrific. Imagine what little Johnny at school could do with that.

I could tell far too many stores on this that landed in big trouble...

not sure i particularly wanna detail and have a younger reader catch on and try anything themselves though!

Definitely needs to be blocked from a google search.

networkn

Networkn
32862 posts

Uber Geek
+1 received by user: 15453

ID Verified

Trusted

Lifetime subscriber

#1551208 11-May-2016 22:20

Kiwifruta:
hio77:

Kiwifruta:

DIY cryptolocker, flippin' heck, horrific. Imagine what little Johnny at school could do with that.

I could tell far too many stores on this that landed in big trouble...

not sure i particularly wanna detail and have a younger reader catch on and try anything themselves though!

Definitely needs to be blocked from a google search.

Sadly, once you start down the road of "blocking searches" it's a slippery slope.

hio77

'That VDSL Cat'
13036 posts

Uber Geek
+1 received by user: 3896

ID Verified

Trusted

Lizard Networks

Subscriber

#1551210 11-May-2016 22:23

networkn:

Sadly, once you start down the road of "blocking searches" it's a slippery slope.

same goes for "blocking proxies" bye bye google translate..

or how about "blocking porn" bye bye google images...

funny how the hammer approach hits so often...

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Kiwifruta

1425 posts

Uber Geek
+1 received by user: 336

ID Verified

#1551215 11-May-2016 22:46

bring back those ZX81s I say!

1 | 2