Continue to Site

Eng-Tips is the largest engineering community on the Internet

Intelligent Work Forums for Engineering Professionals

  • Congratulations KootK on being selected by the Eng-Tips community for having the most helpful posts in the forums last week. Way to Go!

A Heads Up

Status
Not open for further replies.

dik

Structural
Apr 13, 2001
25,677
This is not a structural issue. It's a warning to others. I don't need any 'off topic' comments.

A couple of days back, I was hit by a ransomware virus that encrypted all my files, including the three backup drives that were attached to the computer. Fortunately I can recover nearly all my work (for the last 30 years) because I replaced my HDD with a new 16TB drive and had a full backup. This was just by accident that the loss wasn't much worse.

Future backups will include disconnecting backup drives from the computer when not in use as well as using some form of cloud storage.

I'm still working through it and still have to recreate some of my work. It's the dumbest, I've felt in years. Just a heads up... I'm pretty careful, but got 'hit'.

-----*****-----
So strange to see the singularity approaching while the entire planet is rapidly turning into a hellscape. -John Coates

-Dik
 
Replies continue below

Recommended for you

That's really unfortunate, sorry to hear about it, though I am glad you didn't end up completely high and dry. Do you have an idea where it came from?
 
No and according to information about these critters, I could have picked up the infection a week or two earlier.

It could have been a lot worse. Apparently there's only a 60% chance your files will become decrypted. There are keys published by some groups that can be used for decrypting if lucky... and I will retain one of the external drives in case one becomes available.

-----*****-----
So strange to see the singularity approaching while the entire planet is rapidly turning into a hellscape. -John Coates

-Dik
 
@Dik - wow that sucks. How much were they asking for ransom?
How did they gain access?
 
If response less than 72 hours, $500 US in bitcoin, if more than 72 hours, then $1000.

-----*****-----
So strange to see the singularity approaching while the entire planet is rapidly turning into a hellscape. -John Coates

-Dik
 
And no chance of a try before you buy either...

Or refund if the "key" doesn't work.

I've heard that once they think they've got you, the lower price is just the first of many as it won't unlock all the files it they just lock again after a week.

This reckons the average return of data is only 65%
Remember - More details = better answers
Also: If you get a response it's polite to respond to it.
 
dik - sorry to hear that. Hopefully this isn't too off topic, but since you mentioned you need to get cloud storage I'll direct this to the wider group: anyone know how having a connected cloud storage setup would be impacted? I have OneDrive, and can access the full OneDrive directory (two of them, actually - one personal, one business) from my computer's file directory. Is that inter-connectivity too much of a risk of such a virus overflowing into my cloud storage?
 
pham, If your computer can access it - it can be encrypted. If it's really sneaky a virus program will wait a week or more looking for external connections and monitor what files get opened and initially encrypt the ones not accessed; the really ugly ones will wait for a long time after that to do anything else so that the primary backups are poisoned by the encrypted files - like if the user does a full-drive copy backup.
 
Thanks, Dave. That's what I was afraid of. I thought of this a while back, but then didn't act on it...I think I'll take some steps now. dik, again, sorry this happened - but thank you for sharing so we can all make sure we're prepared.
 
That's why all my files are on paper tape. It's a little slower and takes a bit of room, but unless the virus comes with a box of matches or a cigarette lighter, I think I'll be OK.
 
haven't you seen the insurance ads ... "Mayhem"

"Hoffen wir mal, dass alles gut geht !"
General Paulus, Nov 1942, outside Stalingrad after the launch of Operation Uranus.
 
That's one of my concerns, now. I have some files from the infected computer that I need to transfer (they weren't encrypted, but represent a few months of work) as well as the test file the ransomguy did as a test of concept. As far as the infected machine goes... I'm going to reformat it... but will check with a couple of IT guys... I think that's safe. I'm concerned that I don't infect the good files... then, I'm toast... I also have to determine what the best anti-virus programs are for this type of attack.

-----*****-----
So strange to see the singularity approaching while the entire planet is rapidly turning into a hellscape. -John Coates

-Dik
 
dik said:
I also have to determine what the best anti-virus programs are for this type of attack.

Assuming you're looking for an antivirus to install straight to your pc, there's typically not many antivirus options that will outperform Windows Defender to a noteworthy margin....filtering/scanning of emails is probably the best thing that can be done as that's usually the way things get in. If you've got remote access or something similar set up, that's another common way in but I wouldn't know where to start keep that secure.

To my limited knowledge the best protection (moreso a recovery strategy) against ransomware and the like is to maintain a series of backups e.g. every day or second day going back a month, so you can roll back to the most recent time you weren't yet infected. Can be quite an investment in terms of storage costs, cloud or otherwise

----------------------------------------------------------------------

Why yes, I do in fact have no idea what I'm talking about
 
Dik -

I'm sorry to hear this.

Do you think it was a link in an email? Or some file already on your drive just waiting for you to click on it?
 

I had three backups all connected to the computer... and it 'got em all'. First error on my part. I no longer have my backup drives connected 24/7. All within 24 hours, so the backup was current. I don't keep backups chronologically... backups are the latest data. I used to do a lot of forensic reports, and a lawyer advised me not to keep retain previous edited editions. Apparently they can be called as evidence and you can be challenged on why you edited them. Often with forensic reports, I might have half a dozen editions before the final published one. I used to work for a company that did sequential backups, and I always used my laptop and transferred the final information at the 'end of the day'... used to drive the IT dept nuts. They were a 'profit centre' and their hardware was sh*t. They did the same with photographs... reduced them in size for storage reasons... rendering them useless as evidence. I used to burn DVD/CDs of photos for the file, and signed them... all photos, good and bad.

I use a *.bat file, running FreeFileSync, each night, which copies only files that have changed. It's fast... two of the three backup SSDs were M.2 drives and were fast... the third was a 16TB mechanical.
I'm looking into cloud. Cost wasn't a consideration. I don't know what the file was... I'm a bit of an info junkie... that might change a bit.

The extension was '*.uyro'; they don't apparently have a key for this yet. I'll be keeping one of the encryped SSDs, in case they do.


It's been a humbling experience and could have been a lot worse.


-----*****-----
So strange to see the singularity approaching while the entire planet is rapidly turning into a hellscape. -John Coates

-Dik
 
Thanks... wasn't looking for sympathy for my own actions, just warning others that this is possible, and can be very serious... and, I'm generally pretty careful.

-----*****-----
So strange to see the singularity approaching while the entire planet is rapidly turning into a hellscape. -John Coates

-Dik
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor