By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Malware Reigned Supreme In 2012
    12 months ago
    BEWARE THE THINGBOT!
    12 months ago
    Is your PC a part of botnet? Check it!
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Introduces User Friendly CAPTCHA Alternative Called Turnstile
    12 months ago
    Windows 10 build 19044.1947 (KB5016688) outs as preview
    12 months ago
    How to disable WiFi or Ethernet network adapter on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    21 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    21 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    21 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    How to search inside tar.gz file without opening it on Windows 11
    4 months ago
    How to deactivate account on Threads (Instagram)
    3 months ago
    How to configure read receipts on new Outlook app for Windows 11
    2 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: No More Ransom saves the day
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Threats

No More Ransom saves the day

Tom Grant
Last updated: 13 October
Tom Grant 4 years ago
Share
8 Min Read

One day in May 2016, Marion, a computer user from Germany, logged on to her home computer. She had no idea what lay in store for her.

Contents
The rise of ransomwareGetting your data backTime for No More RansomLessons learned

The first sign of trouble was when her computer did not boot up normally, and she couldn’t get to the desktop. Even after a restart, nothing changed. Then she saw the ransomware message on her screen. She didn’t know how she’d been infected. She hadn’t spotted anything suspicious the last time she, or any other member of her family, had used the computer.

But there it was:

CryptXXX v3 ransom note

The rise of ransomware

Ransomware has been a growing problem for the past few years, and it shows no sign of slowing down. We all know that it’s important to make backups on a regular basis, not to open suspicious e-mails, to use the best security software, and so on. But still, anything can happen, and then you suddenly find yourself with inaccessible data on your PC, network shares, and attached hard drives.

You can’t make your PC 100% safe unless you disconnect it from any network, remove the CD drive, USB connections, and more. This is rarely practical in today’s connected world. So it’s time to get involved in risk management: to find your own personal balance of convenience, safety, and privacy.

And, if you should become a victim of a ransomware attack, you need to know that your decision isn’t a simple binary — to pay or not to pay. You have more options than that.

It may be harder to get your data back than it once was. Attackers are fixing the “bugs” that used to allow companies such as Kaspersky Lab and its partners to develop generic tools to decrypt files hit by various ransomware threats. Today, ever more variants of increasingly sophisticated ransomware exist, and recovery often requires private keys from the criminals.

Getting your data back

As her day got gradually worse, Marion turned off her computer and asked the IT department at work for help. They were able to capture all of the relevant data: the ransomware message, the related files on disk, and even some pictures and PDFs before and after encryption. They tried all available tools to decrypt the files, but none worked.

At that point, the full impact of what had happened to her PC hit Marion. Her hard drive contained an archive with more than a decade’s worth of family pictures on it: years of special occasions, sorted into folders and organized by date. All but a few years’ worth were completely inaccessible.

Marion did not have an external backup, but she was sure of one thing: She was not going to pay any money to the criminals.

Marion contacted people she’d shared her pictures with and asked them to send the files back to her. In this way she got some of them back. But the majority remained lost.

With the help of her employer’s IT department, she looked online but couldn’t find a solution. She then turned to her friends. Finally, as a last resort, she put a post on Facebook asking for help and even offered a €500 reward to anyone who could help her to get her files back without paying the criminals!

(Translation: Though I received many hints from various helping hands, my files remain encrypted. Looks like I got hit by a new variant. But I won't give up the hope and raise the bounty to 500 euros for anyone who can help to decrypt my files.)

(Translation: Though I received many hints from various helping hands, my files remain encrypted. Looks like I got hit by a new variant. But I won’t give up the hope and raise the bounty to 500 euros for anyone who can help to decrypt my files.)

About 20 people replied to her post and tried to help. However, none of them succeeded.

Time for No More Ransom

That’s when I got involved. A former schoolmate of mine spotted Marion’s post and, knowing that my job is on the GReAT team at Kaspersky Lab, added me to the conversation.

I got in touch with Marion, and she provided all the relevant information so I could check for tools to decrypt her files. But I couldn’t find any for the particular variant that had hit her.

With Marion’s information in hand, I asked our ransomware specialists for help. They quickly confirmed that the malware was a new variant of CryptXXX V3 and that the specific tools to help her decrypt her files were not yet available. I relayed the bad news to Marion but advised her not to pay the ransom — as attackers create new ransomware, we are working with law enforcement and other partners to develop decryption tools or to extract the private keys stored by criminals on their command-and-control servers.

We do this through the No More Ransom project. In the summer of 2016, Europol, Kaspersky Lab, and Intel Security launched the NoMoreRansom.org portal to help ransomware victims recover their files, and to help disrupt the lucrative business model that keeps cybercriminals coming back for more. The project now has more than 40 partners.

On the 20th of December, we added another decryptor for CryptXXX V3 to the No More Ransom page. We offer it free of charge, like all of the ransomware tools you’ll find there.

I still had Marion’s case in my mind, so I contacted her on Facebook and pointed her to the new tool. A few days later she got back to me saying she had been able to recover all the encrypted files! (Naturally, I wouldn’t take the reward.)

Lessons learned

I asked Marion what she had learned from this incident.

Besides doing regular backups of her data to different external hard drives, she’s now even more careful while surfing the Web and always makes sure she has the latest patches installed. And she also stopped letting anyone else use her PC.

This takes the story back to the need for us all to be our own risk managers. Ultimately, it’s up to you to look after your PC, network, privacy, and personal assets. But if things go wrong, remember that your options aren’t just to pay or not to pay. NoMoreRansom.org should be the first place to check — you could get your files back without having to pay anyone a cent. Even if the solution for you doesn’t exist yet, give it some time and don’t pay the crooks.

Marion is just one of many beneficiaries of the No More Ransom project, which has so far released seven free decryption tools. Five thousand users have unlocked their files, and saved more than $1.5 million in ransom, with its help.

https://www.nomoreransom.org/


Source: kaspersky.com

Translate this article

TAGGED: Authentication, Encryption, Facebook, Malware, RC4, Security, Software, Targeted Attack, Threat, Threats
Tom Grant October 13, 2022 September 30, 2019
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 21 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 21 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 21 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

21 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

21 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?