Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsIT Pro and developersRansomware information + decryption

xpd

xpd

Geek @ Coastguard NZ
13769 posts

Uber Geek

Retired Mod
ID Verified
Trusted
Lifetime subscriber

#195900 11-May-2016 09:31
Send private message

Found via a link on Spiceworks forums....

 

https://docs.google.com/spreadsheets/u/1/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/htmlview?sle...

A nice list of all the ransomwares and even decryption solutions for some of them!




       Gavin / xpd / FastRaccoon / Geek of Coastguard New Zealand

 

                      LinkTree

 

 

 

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
Dynamic
3869 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1549660 11-May-2016 09:49
Send private message

I would give a significant amount to have these 'people' shut down for good.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.



hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #1549663 11-May-2016 09:50
Send private message

not a bad list, could come in handy.




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

1101
3122 posts

Uber Geek


  #1550830 11-May-2016 13:33
Send private message

Dynamic:

 

I would give a significant amount to have these 'people' shut down for good.

 

 

Then more 'people' would just take their place. Its just crime, the chances of shutting down crime = zero.

 

Its what happens when you have very highly educated people earning extremely low wages .
Its also what happens when you have stupid or careless people using PC's and companies with no real training .

 

The best way to shut them down is to stop it from being run on PC's , and stop people from paying.
with no reward they will be less likely to keep writing so much new ransomware.

 

 

 

 



Kiwifruta
1423 posts

Uber Geek

ID Verified

  #1551152 11-May-2016 20:36
Send private message

I'm not an IT professional, so looking for advice and recommendations from the IT professionals.

The other day, I read about OpenDNS' fight against ransomware by preventing ransomware from contacting its command and control centre, effectively making an installed ransomware impotent. http://info.opendns.com/rs/opendns/images/DS-OpenDNS-Combating-Ransomware.pdf

How successful have you found this approach in preventing ransomware?

I am considering switching quite a few friends over to OpenDNS to help prevent ransomware attacks.
I'll also set up Windows users with limited accounts, instead of the default administrator rights.

Does dnscrypt also help in preventing ransomware from contacting the command and control servers? Or just man in the middle attacks?

Cheers

EDIT: added link to OpenDNS pdf

Dynamic
3869 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1551156 11-May-2016 20:44
Send private message

This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.




“Don't believe anything you read on the net. Except this. Well, including this, I suppose.” Douglas Adams

 

Referral links to services I use, really like, and may be rewarded if you sign up:
PocketSmith for budgeting and personal finance management.  A great Kiwi company.

networkn
Networkn
32359 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1551181 11-May-2016 21:10
Send private message

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

 

 

 

Works if it's the old style that tries to write .exe files and execute them from temp paths, but the new style are much smarter and write into folders off the root. 

wasabi2k
2096 posts

Uber Geek


  #1551193 11-May-2016 21:35
Send private message

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

 

Not necessarily - a lot of them use an algorithm to generate the c & c domains, OpenDNS and others reverse engineer these.

 

Best defense as always - keep everything up to date and have good backups.

 
 
 
 

Trade NZ and US shares and funds with Sharesies (affiliate link).
networkn
Networkn
32359 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1551195 11-May-2016 21:44
Send private message

wasabi2k:

 

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

 

Not necessarily - a lot of them use an algorithm to generate the c & c domains, OpenDNS and others reverse engineer these.

 

Best defense as always - keep everything up to date and have good backups.

 

 

Up to date does provide little defense these days, we have seen completely up to the minute systems compromised many times this year. 

 

The problem is there are now online kits for making your own "cryptolocker" with nice gui's etc to guide you through, and the AV and Malware vendors aren't even close to keeping up sadly. 

 

 

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #1551198 11-May-2016 21:52
Send private message

networkn:

 

wasabi2k:

 

Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.

 

Not necessarily - a lot of them use an algorithm to generate the c & c domains, OpenDNS and others reverse engineer these.

 

Best defense as always - keep everything up to date and have good backups.

 

 

Up to date does provide little defense these days, we have seen completely up to the minute systems compromised many times this year. 

 

The problem is there are now online kits for making your own "cryptolocker" with nice gui's etc to guide you through, and the AV and Malware vendors aren't even close to keeping up sadly. 

 

 

 

 

Its just the whole RAT issue all over again really. Give it a few years, and there will be the new fab on the block...




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

Kiwifruta
1423 posts

Uber Geek

ID Verified

  #1551200 11-May-2016 21:54
Send private message

networkn:

wasabi2k:


Dynamic: This approach of course only works after the servers have been discovered so it is always on the trailing edge. Consider googling cryptoprevent.


Not necessarily - a lot of them use an algorithm to generate the c & c domains, OpenDNS and others reverse engineer these.


Best defense as always - keep everything up to date and have good backups.



Up to date does provide little defense these days, we have seen completely up to the minute systems compromised many times this year. 


The problem is there are now online kits for making your own "cryptolocker" with nice gui's etc to guide you through, and the AV and Malware vendors aren't even close to keeping up sadly. 


 



DIY cryptolocker, flippin' heck, horrific. Imagine what little Johnny at school could do with that.

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #1551202 11-May-2016 21:56
Send private message

Kiwifruta:

DIY cryptolocker, flippin' heck, horrific. Imagine what little Johnny at school could do with that.


 

I could tell far too many stores on this that landed in big trouble... 

 

 

 

not sure i particularly wanna detail and have a younger reader catch on and try anything themselves though!




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

Kiwifruta
1423 posts

Uber Geek

ID Verified

  #1551204 11-May-2016 22:00
Send private message

hio77:

Kiwifruta:

DIY cryptolocker, flippin' heck, horrific. Imagine what little Johnny at school could do with that.



I could tell far too many stores on this that landed in big trouble... 


 


not sure i particularly wanna detail and have a younger reader catch on and try anything themselves though!



Definitely needs to be blocked from a google search.

networkn
Networkn
32359 posts

Uber Geek

ID Verified
Trusted
Lifetime subscriber

  #1551208 11-May-2016 22:20
Send private message

Kiwifruta:
hio77:

 

Kiwifruta:

DIY cryptolocker, flippin' heck, horrific. Imagine what little Johnny at school could do with that.


 

 

 

I could tell far too many stores on this that landed in big trouble... 

 

 

 

 

 

 

 

not sure i particularly wanna detail and have a younger reader catch on and try anything themselves though!

 



Definitely needs to be blocked from a google search.

 

 

 

Sadly, once you start down the road of "blocking searches" it's a slippery slope.

 

 

hio77
12999 posts

Uber Geek

ID Verified
Trusted
Lizard Networks

  #1551210 11-May-2016 22:23
Send private message

networkn:

 

 

 

 Sadly, once you start down the road of "blocking searches" it's a slippery slope.

 

 

 

same goes for "blocking proxies" bye bye google translate..

 

or how about "blocking porn" bye bye google images...

 

 

 

funny how the hammer approach hits so often... 




#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 

Kiwifruta
1423 posts

Uber Geek

ID Verified

  #1551215 11-May-2016 22:46
Send private message

bring back those ZX81s I say!

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01

Epson Launches New AM-C550Z WorkForce Enterprise printer
Posted 9-Jul-2025 18:22

Samsung Releases Smart Monitor M9
Posted 9-Jul-2025 17:46

Nearly Half of Older Kiwis Still Write their Passwords on Paper
Posted 9-Jul-2025 08:42

D-Link 4G+ Cat6 Wi-Fi 6 DWR-933M Mobile Hotspot Review
Posted 1-Jul-2025 11:34

Oppo A5 Series Launches With New Levels of Durability
Posted 30-Jun-2025 10:15








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright