cancel
Showing results for 
Search instead for 
Did you mean: 

Data held to ransom

Community Veteran
Posts: 3,826
Thanks: 44
Fixes: 1
Registered: 24-09-2008

Data held to ransom

An acquaintance I work with has just been hacked and his data is being held to ransom.

I've since heard this is not an unusual event.

What precautions can be taken to prevent this type of hacking. Does virus protection work against it?

41 REPLIES
Community Veteran
Posts: 5,439
Thanks: 1,421
Fixes: 34
Registered: 16-10-2014

Re: Data held to ransom

Frequent backups, and common sense are the only things I can suggest. AV might help in some regards but it's not always the case, Word Document (Macros) are now being used to deliver this type of payload, there is also an exploit that targets outlook that uses place holders to select a name from your address book to imply that you know the sender.

If there is a back up available revert to it and don't pay anything.

Community Veteran
Posts: 8,510
Thanks: 936
Fixes: 9
Registered: 02-08-2007

Re: Data held to ransom

Could this still happen if you only used Linux whilst online ?

Community Veteran
Posts: 5,439
Thanks: 1,421
Fixes: 34
Registered: 16-10-2014

Re: Data held to ransom

Yes, Linux is not immune to ransomeware, as I've said in another thread this (ransomeware) can be done using only javascript so the platform is of no consequence.

VileReynard
Seasoned Pro
Posts: 10,976
Thanks: 265
Fixes: 11
Registered: 01-09-2007

Re: Data held to ransom

But you could only encrypt files that you were authorised to write to in Linux.

So the basic system and other users would be protected.

Community Veteran
Posts: 4,867
Thanks: 126
Fixes: 24
Registered: 14-07-2009

Re: Data held to ransom

The basic system is not targeted on Windows - so that you still have an intact computer with which to pay the ransom!  I don't know about other users.

Community Veteran
Posts: 14,381
Thanks: 713
Fixes: 10
Registered: 01-08-2007

Re: Data held to ransom


Mook wrote:

Yes, Linux is not immune to ransomeware, as I've said in another thread this (ransomeware) can be done using only javascript so the platform is of no consequence.


Yeah I got hit by one of those javascript ransom pages a few weeks ago. It kept calling a javascript alert box which made closing the tab frustrating. When I did eventually crash it and close the tab and looked at the source code, I couldn't believe just how well it had been obfuscated.

I actually called the number on the page too and got through to someone... where I proceeded to tell them exactly what I thought of them - with several profanities included before making it known that I'd got around their little hijacking session.

Anyhow.. yes regular backups are a good thing (and I should learn from that too) but the usual don't click links, don't open unknown attachments etc etc still applies. Using webmail is also a good idea as it keeps any payloads on a remote server instead of downloading it straight to your PC.

Ultimately for the super paranoid you could always browse the web using a virtual machine and have a network share on the desktop so that you can move files between it and the host PC. Or you could do it the other way around - use a virtual machine for file storage (again with a network connection) and have any external USB drives connected to it instead of the host (if you chose not to store the files inside the VM). Then you could simply copy the VM over to multiple external drives for backup.. and if your main system gets hit then you can have it up and running again with minimal fuss - just install a vm player.

If for whatever crazy reason you do ring up and make the payment be sure to remove all excess funds from that account and then have the card cancelled straight after (perform a chargeback if possible too).

I need a new signature... i'm bored of the old one!
Community Veteran
Posts: 4,867
Thanks: 126
Fixes: 24
Registered: 14-07-2009

Re: Data held to ransom

For data held to ransom you are usually requested to make a transfer payment in bitcoins - which is an exercise in itself.

Community Veteran
Posts: 5,439
Thanks: 1,421
Fixes: 34
Registered: 16-10-2014

Re: Data held to ransom


7up wrote:

Yeah I got hit by one of those javascript ransom pages a few weeks ago. It kept calling a javascript alert box which made closing the tab frustrating. When I did eventually crash it and close the tab and looked at the source code, I couldn't believe just how well it had been obfuscated.

I actually called the number on the page too and got through to someone... where I proceeded to tell them exactly what I thought of them - with several profanities included before making it known that I'd got around their little hijacking session.


@7up - I for one would be interested to hear how you manage to get round the hijack, as you normally don't know anything till it's too late!

Also if you were asked to pay by credit card this sounds to me like a lame attempt at a hijack as @ReedRichards says most, if not all, ransoms are paid in bitcoins so it's untraceable.

 

 

Community Veteran
Posts: 5,818
Thanks: 832
Fixes: 1
Registered: 23-09-2010

Re: Data held to ransom

I've had that several times.

Each time I simply turned off the pc and deleted the usual cache and cookies etc. After starting back up there was never any sign of anything bad.

A bluff maybe, there was no sign my virus checker had stopped anything?

If there was a problem I would have just installed the partition backup.

I assume there is hard core ransomware and also bluffware which depends on the reputation of the other.

 

Community Veteran
Posts: 4,867
Thanks: 126
Fixes: 24
Registered: 14-07-2009

Re: Data held to ransom

We seem to be getting confused between web pages (which may or may not use Java) designed to scare you into calling a telephone number and the data ransom software which runs actively on your computer for some time, encrypts all your user files and only then tells you about it.  Where I have seen this done, the security software only managed tor remove some of the encryption software and not enough to stop it working.

 

 

VileReynard
Seasoned Pro
Posts: 10,976
Thanks: 265
Fixes: 11
Registered: 01-09-2007

Re: Data held to ransom


billnotben wrote:

I've had that several times.

Each time I simply turned off the pc and deleted the usual cache and cookies etc. After starting back up there was never any sign of anything bad.

A bluff maybe, there was no sign my virus checker had stopped anything?

If there was a problem I would have just installed the partition backup.

I assume there is hard core ransomware and also bluffware which depends on the reputation of the other.

 


I've never had anything like that, but if I did I could just use the

killall firefox command (in Linux) and save myself from a possible corrupt filesystem.

Community Veteran
Posts: 3,826
Thanks: 44
Fixes: 1
Registered: 24-09-2008

Re: Data held to ransom

VileReynard
Seasoned Pro
Posts: 10,976
Thanks: 265
Fixes: 11
Registered: 01-09-2007

Re: Data held to ransom

Doesn't do anything.

Windows is still insecure.

Community Veteran
Posts: 4,867
Thanks: 126
Fixes: 24
Registered: 14-07-2009

Re: Data held to ransom

I see plenty of Mac computers running fake security software or fake downloaders or with the default browser search engine hijacked.  MacOS is supposed to be derived from Linux, isn't it?  If you or your teenage kids can be tricked into installing the wrong software then it will happen on any OS.