Backups [was Re: Is tape dead?]

Fred Cisin cisin at xenosoft.com
Wed Sep 16 13:01:22 CDT 2015


On Wed, 16 Sep 2015, Robert Feldman wrote:
> There is a ramsomware variant that encrypts the files but silently 
> decrypts them when they are accessed. It does this for six months before 
> deactivating the on-demand decryption and displaying the ransom message, 
> the theory being that by that time all of the backups will be of the 
> encrypted files, and thus will be useless for restoring good versions.

Thereby rendering generations of backups ineffective.  When you restore, 
you still can not get back any of the file modifications (work) done in 
the last 6 months.  Thus, the only acceptable solution would be early 
detection.

Neither AVG (resident), nor McAfee (manually run weekly) detected my 
infection of Cryptowall.  What WILL detect it?

> As to how one can become infected, see 
> http://www.theregister.co.uk/2015/08/27/malvertising_feature/?page=1. 
> Major sites, such as The New York Times, Reuters, Yahoo!, and Bloomberg, 
> have been serving malware -- including ransomeware -- through hijacked 
> advertisements. No need to click on anything, the ad serves up the 
> malware.

But, those still require a gullibility error on the part of the user, 
don't they?  Do the ads actually load and run the ransomware, or just 
present the fraudulent upgrade offer to bring it in?




More information about the cctalk mailing list