Went to the farm this last weekend to refresh mineral sites and pull my final 3 cameras. Uploaded the cards to my dads computer where we store all our trail camera pictures and thoght i had some new bucks come over late season so tried to look at pictures from earlier in the year and couldnt open any of them due to them being encrypted by some hostageware scam i.e. scums of society. Which is basically they encrypt your files on your computer so you cant see them unless you pay them there said amount. He took his computer to our guy in town that fixes this kind of thing and apparently they want $1,050 dollars to unencrypt the files by a said time or the price goes up or they just keep them encrypted. The only files worth saving on it are our trail camera pictures but that is about 30,000-40,000 trail camera pictures of all the bucks and general cool pictures that we have had on our cameras over the last 7 years. We told our guy to say that the most we would spend is $200 or they can just F off since they are just pictures but important ones. Sad day seeing all the time and work of running cameras just get erased by some internet hackers.
Get a thumb drive or external drive and backup your pictures there. Yeah I hate that people take advantage of others but at the same time just goes to don't visit sites that are no good and don't open emails from people you don't know. Hard I know but keeps you away from the a$!hats.
I have an external hard drive that i use to back up important files on my personal computer told him to purchase one so that we can start backing up his. I figured it was pretty safe he has up to date anti virus and all that good stuff and all he uses it for is to check the grain markets and check facebook but i was obviously wrong
The external drive will only work if it's not connected to the computer at the time the files are backed up. If it's connected they will be encrypted as well. Ransomware is one of the biggest threats to electronic data today - both personally and at businesses. Most of the time I'm seeing it come in via an email that looks legit and either contains a Word Doc or PDF that's infected, or a link to a website that's infected. In most cases you have no idea you're being infected until it's too late. Everyone really should be running a solid anti-malware solution that provides active protection as well as a solid backup solution. For most people a Carbonite.com subscription on their home PC or laptop is worth it's weight in gold if you get hit with something. I would also recommend the paid version of Malwarebytes as well. Everyone wants to cheap out and use the free version, but that only cleans your machine once you have an infection. It does nothing to stop the infection from happening in the first place. For a combined total of under $150/year it's well worth the investment.
Have had this same ransomware get into the corporate network once. Luckily was able to restore the files from backup. This sucker will infect any files that show up under a drive letter on the infected computer. but there are some ways to protect your important files. Backing up to a USB drive is not enough because that drive just shows up as a drive letter and the backup file can get infected also. Two best solutions. Backup software that encrypts the data, the ransomware cannot infect files that are encrypted already. Second option, buy a NAS. Something like this Synology DS216+ Diskless System Network Storage - Newegg.com. That way you can connect over the network and not through a drive letter which would prevent an infected computer from accessing the files on the NAS. Other things you can do, is to have two user accounts. One is just a user, second is an administrative account. Always log onto the computer with the plain user account, and only use the administrative account if you need to install a program or something else. You can then restrict the folders where you have your pictures as Read Only for your standard user.
So if I'm understanding this foreign computer language correct if the external is attached while infected it will infect the external or just at the time of encryptment
If the computer is actively infected and the External drive is connected, the files on it can be encrypted by the ransomware. Because external drives are assigned a drive letter. Usually E: or F: depending on the computer configuration.
I know it will work when everything is unencrypted but one more question the computer was encrypted sometime about 2 weeks ago is it an active file where it will encrypt any new files or just the files that were on the computer at the time of the infection because I added pics from about November to March to albums before I realized all the other files were encrypted but I was still able to open them
From my experience with them, they are usually a one time infection. Meaning if the computer gets restarted, the ransomware program is gone and the encrypted files remain. I personally haven't seen one of these embed themselves where they restart after a reboot. If you can open the files you added later, you are safe for now as long as you don't get another infection. I'd make a backup copy of those pictures. Are you able to screen print and post the actual ransom message? Might be able to find more information on the exact infection.
We had the same thing happen and were able to restore from a backup. A lot of regulators require that you have two user accounts for this exact reason. Luckily we had just replaced the file server also so it was a pretty easy fix but without a good backup things could get really ugly really quick.
Problem with these is they will run under any user account. Separate accounts only helps limit what files will get encrypted if an infection happens. Better way of "prevention" is to not allow .exe files from running in the AppData folders and subfolders which is where these suckers normally put themselves.
Check to see if you have shadow copy running. If so recover from a version backed up before the ransom ware hit.
That definitely stinks. I'll second Justin's recommendation on the cloud backup. I use Crashplan, plus local backup, but any of the major paid provider's is a good investment.
We changed that after the last infection which has caused some other issues but it's easier than recovering data from mapped drives which can get nasty pretty quickly.
It takes time to encrypt the files. So leave the backup drive unconnected until you need to backup to it. Check your files first to make sure they are accessible. If so plug in and backup. Point in case the pictures on the computer were encrypted but not the SD card which also gets mounted as a drive letter in Windows. Also you can encrypt already encrypted files. Kinda pointless but still can technically be done. Personally I got a cheap laptop off eBay and use that to view pictures and save them. I never connect it to the internet so limited chance of malware.
