Response to certain concerns in the comments: I’m aware that “pulling the plug” can destroy evidence for forensic investigators, but the value of potentially preventing a large amount of data from being encrypted in the first place can be much greater for the user than the slim chance of finding file traces or the encryption key in memory through a high cost forensic investigation. Of course it only makes sense if done early, and as with everything not everyone agrees. This video is meant to be a general guide for most people but of course it cannot tell you how to perfectly deal with every possible scenario.
Tips for avoiding ransomware in the first place: 1. don't click links in emails 2. don't download programs or microsoft docs off the internet 3. Don't visit sketchy websites 4. Don't touch popups or ads 5. don't plug random USB drives you find into your computer.
getting rid of the "malware" is easy, the hard part is getting your data back. If you dont care about your data, just reinstall windows or format your pc
@@Boon_LightBurn For me, I did something else stupid, and attempted to restore cloned backups. I messed up, and the UEFI couldn't find the windows boot location. Then I facepalmed when I realized I could have just used Windows Restore for the issue. Was a bad day, but at least no data loss due to having backups.
Make sure your backups are off line. Attackers tend to delete them. They have been on your network long before the encryption. Check who has admin rights on your network and reset all your password.
Thank you thank you thank you so much, my PC got attached by ransomware. My all the files got encrypted. Luckily I saw this video and I checked with 1 file, it got decrypted. So happy. Thank you so much. I got my all old memories thank you... Guys really it works.
I think the ultimate way around this is to just store any important/sensitive information in a secure cloud server environment (that doesn't sync with your computer) - just do it manually. No matter what happens to your computer, you should have a safe backup as well so that you can just format and restore to get the functionality back - but the whole time your data wouldn't even be in question. That's real peace of mind. Obviously there are other issues associated with keeping information in the cloud - but if you're using a unique secure password and 2FA with a good authentication app then there should be 0 concern. Any input is welcome though :)
Great video! You forgot two important points. 1) only way to be sure you system is clean is to nuke os from orbit. I mean clean reinstall deleting partitions. 2) if you have system restore enabled, you might get files back using tools that can extract files from system restore. I have had success with this several times.
Clean install will delete all files including system restore data. Use USB to boot from and delete all partitions in hard Drive to preform total clean install. So you have to get files from system restore before clean install. So be careful not to infect newly extracted files. It might be smart to use safe mode. Then application named ShadowExplorer you can extract files if system restore was enabled. Move them to external usb drive and then you can clean install. If my explanation was too difficult then turn to professional for help.
I had my entire OneDrive documents folder taken hostage by ransomware when I was 16. It was the week of my GCSE coursework hand ins for my Design class and I had to redo months of work in a few days. It was fucking traumatic and I hope to god as an adult I never get into this situation again.
it thought me a lesson, i bought 5 external hard drives for extra layers of protection, i transfer all my stuff to my external drive weekly for now on, 2 days ago i got all my thousands of photos and videos encrypted, thankfully i had them saved on my external hdd
@@TheGamingChad. What do you guys install to get yourselves in these situations? Do you go on sketchy websites? I am not judging I just have gotten into modding and don't want to ruin my new laptop.
Thank you for the great information. Our company just got hit last night. Turned every file to a ". Nortron " extension. I'll do the steps as you described. Hopefully the files can be decrypted.
This is why Google Drive is so handy for me. Anything that I consider sensitive/irreplacable is always kept in a backup folder that I could access at any time. In case I switch to a new PC or if by some chance I am attacked by ransomware
This is the most informative video I have found with information that is extremely helpful in the efforts of dealing with ransomware attacks. My question for you is, how in good god do you have all of those actual ransomware files to execute??
I wish I had this a few years ago. I do know the basics of Ransomware but your links for help I would have loved. Thank you SO much! I have saved and shared!
I setup my computer to survive a virus attack without relying on an antivirus program, which I have been doing from the early days of Windows. I got hit with a ransomware in the early days of this malware. It encrypted all the Windows doc, text and image files, but my personal files were uninfected, which included my jpg files I saved for my photography business. I laughed at the message it showed on my screen demanding I pay them, because I had backups of everything on CDs. I didn't have to use these backups, because of the steps I took to alleviate the threat. I was impressed at the level of encryption it did to Windows informational files, and I had to reinstall Windows, but I lost none of my personal files.
Best case scenario, you actively back up your work and use external version control for any major project. Thus making it a simple case of wiping your drives and reinstalling your os. Worst case scenario, contact the ransom, ask for a demo to prove they arent just going to scam you further. Perhaps even pay a tiny fee to prove your intent of paying the full ransom. Take that demo to security expects to reverse engineer the ransom. What ever little you spent (if so) likely will help others in the long run.
Hey! Thats a great video. However I have a question, What would you suggest for downloading the decryptor or checking the ID-Ransomware website when the infected device is off network. Also, most enterprise usually tend to block mass storage devices? What would you recommend?
Backups, backups, backups. Ransomware won't be able to touch your AWS S3 objects (unless it knows your root account password, in which case data loss is the least of your worries). It also won't encrypt your external hard drive unless it's plugged into your machine at that moment.
redundancy with randomly generated passwords saves that. ive got 3 accounts with a password i cant even remember and if they can get to the locked flash drive in a place i shant say to get to them...welll
Really depends on the ransomware group, and depends if it's an individual or a business with cyber insurance. Fyi I only know that because the place I work at got hit with ransomware and I've been researching it since.
I wish I saw this a few months ago when I had to deal with it. I got rid of the ransomware, reset and changed the network password and saved a couple files but i didn't figure out how to decrypt the files that got infected. In my case it was the .hese extension. Back in August. Good thing that I had a backup of my most important files but I lost a couple beautiful memories.
So in other words if there is a repair tool for the ransomware you have then you can repair the files if not restore from backup. This is a good reason to back up to a NAS device that uses unique login credentials and is not part of the domain. I have seen people get their backups encrypted too so no way to recover short of paying the ransom.
My solution is to always have backups, and not backups from like..months ago, but bi-daily backups....in other words I have backups from Sunday-Monday, that I overwrite with backups for Tuesday-Wednesday...which get overwritten with backups for Thursday-Friday..etc...and I rotate them and keep it steady and even, I guess once you get into a rhythm with making / storing, and overwriting backups?...ransom ware becomes a thing of the past. There's also the fact that you MUST change ALL passwords when/if you get hit with ransom ware, (I always encrypt my passwords and use long complex, yet easily remember-able passwords too...not a word really but a phrase....like (not ever used by me...just using this for an example): Take your name....say...its "Timothy".... SPLIT it "Timo-thy".... Place something INSIDE your split name....like ... "scH001Bu5"...... SPLIT that as well... "scH001-Bu5" in the middle of THAT?...place your birthdate... 00/00/0000....but use underscores instead: 00_00_0000 so you now have "TimoscH00100_00_0000Bu5thy"......now...take THAT?.. and ENCRYPT IT!...by the time someone cracks THAT?....you already have backups of your backups which are backups of your backups, and if they DO hit you with ransomware?...you can listen to some jazz, sip on some chilled wine...and smile as you restore your latest backup and change your passwords yet again. Just some simple advice from an old Network admin!...(sometimes..."simple" doesn't have to mean "vulnerable"!...LoL!!)
I’ve been pirating stuff for over a decade and not once have I ever had any virus/malware/ransomware, how do people even come across this sort of thing?
just plainly not having an antivirus plus not worrying or being unknowing of any viruses, plus cyber security is more tougher than it was 10 years ago, 10 years ago it was easy for a naive kid back then like i was to download a harmful virus, got a rogue antivirus but luckily some youtube videos figured out the activation key and allowed me to rid the program. nowadays i havent had a virus since that incident i described. and even when downloading stuff i get VERY skeptical when my antivirus goes off even if its a false alarm. i always find reviews, ask friends, and if i have to, use a vm to make sure its safe or not. tbh i tend to get scared connecting my laptop even on my college wifi because those places can be easy breeding grounds for a massive virus spread, i always use my phone instead.
The two primary vehicles I see working at an MSP are email related (attachments or links not yet identified by filters) and wide open remote desktop ports. The former we are training users against phishing with a service called KnowB4 that we launch phishing campaigns and get statistics on who goofed and how badly. Numbers have gone way down so it is successful.
not necessarily, it just havent hit you yet or may be youre just lucky.. if you are using cracked software there maybe 80% chance of getting hit by ransomware
4 года назад+4
Then you are extremely ignorant. I guarantee you your system is infected. There's no way you have never come across infected Warez... they tend to install things in the background. You would never notice what's running in the background and sure it's pinging off of foreign servers.
Yeah that's what i did about 2 years ago. I simply rolled windows back to the day before. Don't know if it works every time but it worked for me. Peace
I needed that a month ago. I just reinstalled Windows and erased anything related to that piece of crap Ransomware. Thankfully I back up my files on a server separated from the attacked machine. And it forgot to actually encrypt my important data since I caught it mid-process when it was busy encrypting TEMP files x3
you should also make a video on ransomware that locks the computer. my brother had a couple of them and i had to go through a few hoops to get them out without a format. as for data security, the best thing to do is get a 2TB+ USB drive (or more if needed), plug it in, make backups and then unplug it. this way you can be sure that nothing has access to the backups, then in case of ransomware, you deal with the problem and if no decryption is available you just restore the backups.
that sounds scary, but i did the following, i got encrypted 2 days ago, first time actually, AFTER rebooting my pc i connected my external drive to my computer to transfer all my files to the computer again, am i good to go or did i do it anything wrong? and while my computer had ransomware i managed to move some stuff to my phone using an usb cable, my phone was not encrypted
By recent past experience on a ransomware attack, I would recommend urgently to keep up-to-date the bios of the computer. It seems this was the only door open to get infected.
since I formatted my computer after the attack my email accounts on social networks and even accounts that I didn't remember existed tried to be connected by strangers, what can that be?
Exactly same , my youtube channel started uploading videos which was logged in into my decrypted pc. Someone also tried using my Instagram and I am bit worried about my money as I do card payments from pc . Although the mail linked to Google pay was also in pc and I changed all of those account passwords , then also someone might use them for thier beneficiary. Plz reply me what all accounts and applications were compromised and need to secured
@@ClashWithArthur it’s very possible it was all broken into. Try to get into these accounts and change passwords + enable 2 step verification. Stop doing payment stuff on PC, do it on IPhone or something of that nature
@@bugginoutw2243 yes , I followed same path.first of all I changed all of my passwords even if they were not signed up into my pc. Then I went to my banks , met mangers and changed details for my online transactions. Also in one or two banks ,I made new account closing existing one.and last but not the least I made new bank account with very low balance just to do online transactions. it's been a while but thanks a lot for the reply!
what's the best imaging/backup software to get a complete sector by sector image of your entire system? And, should the infected drive be wiped or zeroed out before an infected system get restored with an image?
Always have a backup with all your files, as in a seperate drive. If you use an ssd or hdd, it doesn’t matter! Get a hard drive (cheaper) and copy your files on there. If you ever get a virus, shut down and unplug pc, remove your normal drive and plug in the backup and use that until you can wipe the main drive or fix it
@@vidzpit8264 no shit. I'm saying my files are stored on flash drives. I don't leave them plugged in 24/7. I plug them in when I want to use the files, then unplug them.
I use non-network connected external drives, that I write my data out to every few days. As a retiree, anything on my computer is likely a bunch of media files or games that I can re-download. I've always enjoyed the performance increase of a fresh windows install (a relatively quick task in 2022), so that's how I'd cure a ransomware attack. Wipe everything and move on. Personal files are always safe using offline storage solutions. Just don't plug the drive into an infected machine.
Can someone explain to me how to exactly do this at 0:40, does it just mean disconnecting from the internet? I'm not very good with computers so I don't quite know how to do this. I haven't been hit by ransomware btw, but I just wanted to know if my laptop ever gets infected by ransomware.
Thank You kindly for the tips its kind of sad that these people will barely be punished, so lessen thier effectivness is noble deed. Can I ask how it works that files which take over your entire data are usually very small sized? and what are the most common ways to be infected? Sorry if thats silly question Im trying to be as cautious as I can but since Your Ccleaner video Im very stressed :)
I saw personally what ransomware can do to a company. I'm curious about things such as One Drive local files from SharePoint/Teams that can get hit by a ransomware on a client PC - would Microsoft recognize a sync over to the cloud service and stop that from moving over?
athough i am not sure if the system would detect that the files had been encrypted, most cloud storage services (including onedrive and google drive) have file versions, im not sure how it works with onedrive, but with google drive older versions are usually stored for at least 30 days
Step 2 can only be implemented if you don't need Windows specific softwares. It's great for people who do some web surfing, watch videos and stuff. And as you mentioned, with distros like Mint and Ubuntu, linux has become extremely user friendly.
@@smellymomo if you REALLY need a certain bit of windows software, use a VM or dual boot. just make sure that the windows VM/partition does not have access to your linux drives (hard to do anyways since windows hates anything to do with linux) if you need to transfer files between them, mount the windows partition in linux and move files there. always keep the files under linux and also a cold backup too if you wanna be extra safe (a drive that's unplugged most of the time)
Why isn’t there some software that detects that many files are bing encrypted at once like alert the user if more than 10 files are being encrypted at once 😒
Honestly, just owning it and not trying to hide it is partially why I watch you. It's the honorable thing to do and it make the rest of the jobs much more believe when you are call out of the spots like that, so thank you #davkracks.
Just have a backup, open up a mega account and you get 50gb for free, and get yourself a good external hard drive and do also a backup that way, i have 3 backups of all my data, i never dealt with ransomware, but its better to prevent than to heal, you never know if some family member put some pictures on a stick which has been infected by ransomware and gets onto your system that way. Just be carefull where you go online and what kind of foreign devices you plug into your pc
My neighbor was hit last year, he paid, all was good, 5 months later he was hit again and again last month. do not pay, back up, and at the worst format the hard drive. Also, I believe you did a test on eset a few weeks back and rated it very high. Do you still standby your rating? Im thinking of buying
Can you tell me what are some places where ransomware can infect you and also can i just format c if I don’t have any files i care about as i only have games. Im not very tech savvy so I’d love if someone explained this to me
great video mate! just a question though, if i get attacked by ramsonware and i use microsoft onedrive (synchronized) will my files on cloud be encrypted too or are they safe? Thank you in advance for your time and keep up the good work!
As of today, talking from experience, since I had OneDrive synchronized/connected to my pc when I got attacked I can tell you that your files won't be safe if they're connected to your pc. :')
A few months ago I got hit by one with the .boop extension so I basically have 2 TB of data encrypted, that includes approximately 15 years of pictures. The two infected drives are lying here on my desk. I have a new drive in my machine but I operate from home so my work files are on those drives. I became complacent and wasn't backing up as I used to.
The best computer professional is your past self, with frequent backup routine. You will be the only one that can save your future self from those situations.
yah ... you have to have BACK - UPS of your DATA ... but you also have to BACK - UP your BACK - UPS ... and if it isn't RANSOMWARE it's a failed / burnt out motherboard ... so what i recommend is to have 9 laptops ... 9 desktops , 9 HDD
I keep 2 cloud backups, 3 offline backups and 1 synology backup which is only on to back up my stuff. Yeah im paranoid. Ive had hardware failures and viruses before.
Quick question: How often do you do backups Do you have the latest backup on all devices or are you alternating so you wont lose as much time doing everything 4 times?
@@rronaldreagan i have my phone on backup constantly to cloud. My pc backed up weekly to nas and external drives. Then my phone is backed up to nas and off line drives every 3 weeks or however busy i am. A whole image backup is ran once a month or with i do a major software upgrades. I use one drive for pictures and office files for hot backups on laptops and phones and move them from there. Yeah sounds like a real pain but you can only take those pictures once. A trick i do is name the folder with the backup date.
My system was attacked several days ago. Watched this video and then visited ID-Ransomware and uploaded a sample encrypted file and it immediately identified the type of ransomware I am dealing with (DcRat/Lime). It says it's decryptable. Great! So then it says to click for more info. and takes me to a random Twitter thread from years ago and says to leave a message for someone and link them an uploaded sample encrypted file. I did this and have heard nothing back :( It's frustrating to learn that there is hope for my files but then basically to be taken to a dead end by this website. I don't think this is an active Twitter thread anymore because no one has commented on it for years. I had hoped that the "more information" it's going to provide me with some useful tool or decryption program or something but now I'm just at a dead end.
Response to certain concerns in the comments:
I’m aware that “pulling the plug” can destroy evidence for forensic investigators, but the value of potentially preventing a large amount of data from being encrypted in the first place can be much greater for the user than the slim chance of finding file traces or the encryption key in memory through a high cost forensic investigation. Of course it only makes sense if done early, and as with everything not everyone agrees. This video is meant to be a general guide for most people but of course it cannot tell you how to perfectly deal with every possible scenario.
I would go with unplugging the network card or switch!
@Deadpoppin Only if you have n word pass
Ok
@Deadpoppin Your n word pass please.
2019 has started with ransomware attacks and till this day we hearing ransomware attacks happening.
I hope I wont need to use this video in my lifetime
Same
@@malwaretestingfan im not a expert but i think it depends on the kind of ransomware and what methods and algorytms it uses to encrypt
Backup
@@malwaretestingfan how does renaming the zip file to exe help?
@@felixiii4186 Simple. Ransomwares always avoid EXE files, to not corrupt themeselves.
There is a special place in hell for ransomware developers
@Geek Gamer Not always.
@Geek Gamer make a new market..smh
For such people hell does not even exist. Rather address the gullibility on the other side of the keyboard. Backup backup and backup your data.
who knows, people who made this are top Avast or Cisco employees?
@@HK-sw3vi i mean avast is a literal scareware. and cisco.. oh boy.
Tips for avoiding ransomware in the first place:
1. don't click links in emails
2. don't download programs or microsoft docs off the internet
3. Don't visit sketchy websites
4. Don't touch popups or ads
5. don't plug random USB drives you find into your computer.
your steps suck
@@1980woodpixie Your comment rocks!
*just pull out an uno reverse card so now they pay you*
Big brain
No u
@@prettyepicname 👍
Lol
😁
200 IQ move:
Encrypt your files before a ransomware can.
its prettygood genius
Big brain
its not that easy , windows services will not fuction as they target .dll files too
it'lll just encrypt it again
My friend does it lol
getting rid of the "malware" is easy, the hard part is getting your data back.
If you dont care about your data, just reinstall windows or format your pc
i've had to do that but i havent had ransomware yet, just me being stupid and accidently deleting the boot file
@@ChrissQuartz how do you accidentally delete the boot file
Did you corrupt your bios or something
Also don't forget to secure your network, passwords, services, and the like so it doesn't happen again
@@Boon_LightBurn For me, I did something else stupid, and attempted to restore cloned backups. I messed up, and the UEFI couldn't find the windows boot location. Then I facepalmed when I realized I could have just used Windows Restore for the issue. Was a bad day, but at least no data loss due to having backups.
@@JohnSmith-xf1zu that sounds like a bad day, I am sorry sir
Make sure your backups are off line. Attackers tend to delete them. They have been on your network long before the encryption. Check who has admin rights on your network and reset all your password.
Air gap'd backups are a must for every network! Do not leave the only copy of your data connected to the computer/network!!!!!
Good comment and reply.
Or on connected cloud storage with an account with read privileges only. And use a different account on a VM every time you need to create/upload them
What do people mean by network? Your wifi network?
@@yannick6303 they will be inside your organisation moving around the corporate network. They will know more about your internal network than you do
Thank you thank you thank you so much, my PC got attached by ransomware. My all the files got encrypted. Luckily I saw this video and I checked with 1 file, it got decrypted. So happy. Thank you so much. I got my all old memories thank you...
Guys really it works.
How do you do it
How do you do that?
Explain us... How?
Yay UwU
Well there’s no guarantee that the authors of the ransomware would give you the encryption key even if you pay up. So you’re screwed either way.
I think the ultimate way around this is to just store any important/sensitive information in a secure cloud server environment (that doesn't sync with your computer) - just do it manually. No matter what happens to your computer, you should have a safe backup as well so that you can just format and restore to get the functionality back - but the whole time your data wouldn't even be in question. That's real peace of mind. Obviously there are other issues associated with keeping information in the cloud - but if you're using a unique secure password and 2FA with a good authentication app then there should be 0 concern. Any input is welcome though :)
Auto syncing is absolutely fine as far as your backup cloud offers Ransomeware immunity or backup versioning.
Great video!
You forgot two important points.
1) only way to be sure you system is clean is to nuke os from orbit. I mean clean reinstall deleting partitions.
2) if you have system restore enabled, you might get files back using tools that can extract files from system restore. I have had success with this several times.
which files?
@@nimalsenna personal files, documents.
Am I to use system restore before or after reinstalling windows
Clean install will delete all files including system restore data. Use USB to boot from and delete all partitions in hard Drive to preform total clean install.
So you have to get files from system restore before clean install. So be careful not to infect newly extracted files. It might be smart to use safe mode. Then application named ShadowExplorer you can extract files if system restore was enabled. Move them to external usb drive and then you can clean install. If my explanation was too difficult then turn to professional for help.
Everybody gangsta until the decryption file you download is another ransomware
I had my entire OneDrive documents folder taken hostage by ransomware when I was 16. It was the week of my GCSE coursework hand ins for my Design class and I had to redo months of work in a few days. It was fucking traumatic and I hope to god as an adult I never get into this situation again.
it thought me a lesson, i bought 5 external hard drives for extra layers of protection, i transfer all my stuff to my external drive weekly for now on, 2 days ago i got all my thousands of photos and videos encrypted, thankfully i had them saved on my external hdd
@@TheGamingChad. What do you guys install to get yourselves in these situations? Do you go on sketchy websites? I am not judging I just have gotten into modding and don't want to ruin my new laptop.
@@couragecrusader7649 answer this man!
i am currently 16 and my OneDrive, containing my research, is at same situation. wtf do i do🧎♀️🔥
RUclips is recommending me one of your videos called "My Security 2015", and I want to see your security in 2019.
Someone should send this to the Louisiana government. They recently got hit hard by some ransomeware attacks
@@ahsookee Well, it's a government agency hit. They have the money ¯\_(ツ)_/¯
@@Appoxo with elections coming up soon this is sad to hear
@@ahsookee Absolutely. It could be also Megacortex; also, most ransomware intrusion on companies are product of second intrusion and hacking.
@@Appoxo They have our money!
@@lesliesavege1206 Communism intensifies
Thank you for the great information. Our company just got hit last night. Turned every file to a ". Nortron " extension.
I'll do the steps as you described. Hopefully the files can be decrypted.
This is why Google Drive is so handy for me. Anything that I consider sensitive/irreplacable is always kept in a backup folder that I could access at any time. In case I switch to a new PC or if by some chance I am attacked by ransomware
This is the most informative video I have found with information that is extremely helpful in the efforts of dealing with ransomware attacks. My question for you is, how in good god do you have all of those actual ransomware files to execute??
I wish I had this a few years ago. I do know the basics of Ransomware but your links for help I would have loved. Thank you SO much! I have saved and shared!
Backup to cloud. I suggest mega
“Im gonna give a live demonstration, so were gonna infect this system with ransomware”
*pulls out a whole folder of ransomwares*
i believe that the best protection is to use two external drive and alternate them and unplug them as soon as your backup is done
Thanks, Leo.
I setup my computer to survive a virus attack without relying on an antivirus program, which I have been doing from the early days of Windows. I got hit with a ransomware in the early days of this malware. It encrypted all the Windows doc, text and image files, but my personal files were uninfected, which included my jpg files I saved for my photography business. I laughed at the message it showed on my screen demanding I pay them, because I had backups of everything on CDs. I didn't have to use these backups, because of the steps I took to alleviate the threat. I was impressed at the level of encryption it did to Windows informational files, and I had to reinstall Windows, but I lost none of my personal files.
Is your personal files is on different partition or different disk?
My brother had a laptop that was infected with ransonware some years ago. He got rid of it with a complete wipe and reload of his laptop.
no shit, windows format is the only way
Best case scenario, you actively back up your work and use external version control for any major project. Thus making it a simple case of wiping your drives and reinstalling your os.
Worst case scenario, contact the ransom, ask for a demo to prove they arent just going to scam you further. Perhaps even pay a tiny fee to prove your intent of paying the full ransom.
Take that demo to security expects to reverse engineer the ransom. What ever little you spent (if so) likely will help others in the long run.
Hey! Thats a great video.
However I have a question, What would you suggest for downloading the decryptor or checking the ID-Ransomware website when the infected device is off network. Also, most enterprise usually tend to block mass storage devices?
What would you recommend?
Phone tethering?
Backups, backups, backups. Ransomware won't be able to touch your AWS S3 objects (unless it knows your root account password, in which case data loss is the least of your worries). It also won't encrypt your external hard drive unless it's plugged into your machine at that moment.
redundancy with randomly generated passwords saves that. ive got 3 accounts with a password i cant even remember and if they can get to the locked flash drive in a place i shant say to get to them...welll
How much these criminals usually ask to decrypt your files?
Really depends on the ransomware group, and depends if it's an individual or a business with cyber insurance.
Fyi I only know that because the place I work at got hit with ransomware and I've been researching it since.
this video is literally the embodiment of the quote: "having a gun without needing it is better than needing it without having it"
I wish I saw this a few months ago when I had to deal with it. I got rid of the ransomware, reset and changed the network password and saved a couple files but i didn't figure out how to decrypt the files that got infected. In my case it was the .hese extension. Back in August. Good thing that I had a backup of my most important files but I lost a couple beautiful memories.
How did you got it ?
still works! followed steps exactly and it works, thx a ton and keep up the awesome videos
1:05
*pulls out my grandfather's life support*
this comment is so underrated.
So in other words if there is a repair tool for the ransomware you have then you can repair the files if not restore from backup. This is a good reason to back up to a NAS device that uses unique login credentials and is not part of the domain. I have seen people get their backups encrypted too so no way to recover short of paying the ransom.
I just checked ID Ransomware and it says it supports Spora, have they added support since you recorded this yesterday?
... maybe
from what i tried they dont have redeye or wannacry yet
@@CanndyCoating interesting. At first glance it looked like wanna cry was in the list of supported ransomware
@@Samiozd thats not how it works it doesnt just check the name
My solution is to always have backups, and not backups from like..months ago, but bi-daily backups....in other words I have backups from Sunday-Monday, that I overwrite with backups for Tuesday-Wednesday...which get overwritten with backups for Thursday-Friday..etc...and I rotate them and keep it steady and even, I guess once you get into a rhythm with making / storing, and overwriting backups?...ransom ware becomes a thing of the past. There's also the fact that you MUST change ALL passwords when/if you get hit with ransom ware, (I always encrypt my passwords and use long complex, yet easily remember-able passwords too...not a word really but a phrase....like (not ever used by me...just using this for an example):
Take your name....say...its "Timothy"....
SPLIT it "Timo-thy"....
Place something INSIDE your split name....like ...
"scH001Bu5"......
SPLIT that as well...
"scH001-Bu5"
in the middle of THAT?...place your birthdate...
00/00/0000....but use underscores instead:
00_00_0000
so you now have "TimoscH00100_00_0000Bu5thy"......now...take THAT?..
and ENCRYPT IT!...by the time someone cracks THAT?....you already have backups of your backups which are backups of your backups, and if they DO hit you with ransomware?...you can listen to some jazz, sip on some chilled wine...and smile as you restore your latest backup and change your passwords yet again.
Just some simple advice from an old Network admin!...(sometimes..."simple" doesn't have to mean "vulnerable"!...LoL!!)
I’ve been pirating stuff for over a decade and not once have I ever had any virus/malware/ransomware, how do people even come across this sort of thing?
Dark web my guess
just plainly not having an antivirus plus not worrying or being unknowing of any viruses, plus cyber security is more tougher than it was 10 years ago, 10 years ago it was easy for a naive kid back then like i was to download a harmful virus, got a rogue antivirus but luckily some youtube videos figured out the activation key and allowed me to rid the program.
nowadays i havent had a virus since that incident i described. and even when downloading stuff i get VERY skeptical when my antivirus goes off even if its a false alarm. i always find reviews, ask friends, and if i have to, use a vm to make sure its safe or not.
tbh i tend to get scared connecting my laptop even on my college wifi because those places can be easy breeding grounds for a massive virus spread, i always use my phone instead.
The two primary vehicles I see working at an MSP are email related (attachments or links not yet identified by filters) and wide open remote desktop ports. The former we are training users against phishing with a service called KnowB4 that we launch phishing campaigns and get statistics on who goofed and how badly. Numbers have gone way down so it is successful.
not necessarily, it just havent hit you yet or may be youre just lucky.. if you are using cracked software there maybe 80% chance of getting hit by ransomware
Then you are extremely ignorant. I guarantee you your system is infected. There's no way you have never come across infected Warez... they tend to install things in the background. You would never notice what's running in the background and sure it's pinging off of foreign servers.
Demonslayer what a fricken MVP
Please don't pay ransom:
All hackers: *triggered*
You can do system restore on Windows also!!
Yeah that's what i did about 2 years ago. I simply rolled windows back to the day before. Don't know if it works every time but it worked for me.
Peace
Not really some ransonware will not let you system restore
@@thatguyyouseeeverywhere8886 then format the drive or if not just open the pc and take it out go and put another one if you have one
I notice you never brought up a full system restore.
Aren't there some ransomwares that prevent you from running certain applications, such as anti-malware or decryptors?
Can I store some important "Ransomware (phobos) encrypted files" in another pc for further/future decryption without being infected??
I keep isolated system backups. I would do a restore using a full wipe of the partition before restoring.
I needed that a month ago. I just reinstalled Windows and erased anything related to that piece of crap Ransomware. Thankfully I back up my files on a server separated from the attacked machine. And it forgot to actually encrypt my important data since I caught it mid-process when it was busy encrypting TEMP files x3
you should also make a video on ransomware that locks the computer. my brother had a couple of them and i had to go through a few hoops to get them out without a format. as for data security, the best thing to do is get a 2TB+ USB drive (or more if needed), plug it in, make backups and then unplug it. this way you can be sure that nothing has access to the backups, then in case of ransomware, you deal with the problem and if no decryption is available you just restore the backups.
And actually get at least two of these backup drives. Nothing sucks more than needing your backup and finding out the USB stick you put it on is dead.
"Half the time the ransomware will encrypt your backup once u connect it to your PC"
*Laughs in stack of DVD-R's*
Read-only cloud storage is also nice ;)
@ then your just trusting someone else to hold all your data for you .-.
that sounds scary, but i did the following, i got encrypted 2 days ago, first time actually, AFTER rebooting my pc i connected my external drive to my computer to transfer all my files to the computer again, am i good to go or did i do it anything wrong? and while my computer had ransomware i managed to move some stuff to my phone using an usb cable, my phone was not encrypted
If you are planning to put everything on DVD's, why bother, buy a Blu-ray drive and couple of those double layer double side 100GB discs
after watching this video i'm not gonna download anything that isn't from a widely trusted source.
if onedrive is mounted to documents , pictures, desktop, will the ransomware be able to encrypt that, if yes, is it recoverable from cloud
Yes but you can restore these files very easily: support.office.com/en-us/article/Restore-your-OneDrive-fa231298-759d-41cf-bcd0-25ac53eb8a15
OneDrive has retention but only for a limited period of time, you should not use onedrive or any cloud file services as a backup system
one drive is not hackable at this moment we are doing this to use ai to hack shainghai
One drove is usefull but makes pc very slow
By recent past experience on a ransomware attack, I would recommend urgently to keep up-to-date the bios of the computer. It seems this was the only door open to get infected.
since I formatted my computer after the attack my email accounts on social networks and even accounts that I didn't remember existed tried to be connected by strangers, what can that be?
Exactly same , my youtube channel started uploading videos which was logged in into my decrypted pc. Someone also tried using my Instagram and I am bit worried about my money as I do card payments from pc . Although the mail linked to Google pay was also in pc and I changed all of those account passwords , then also someone might use them for thier beneficiary. Plz reply me what all accounts and applications were compromised and need to secured
@@ClashWithArthur it’s very possible it was all broken into. Try to get into these accounts and change passwords + enable 2 step verification. Stop doing payment stuff on PC, do it on IPhone or something of that nature
@@bugginoutw2243 yes , I followed same path.first of all I changed all of my passwords even if they were not signed up into my pc. Then I went to my banks , met mangers and changed details for my online transactions. Also in one or two banks ,I made new account closing existing one.and last but not the least I made new bank account with very low balance just to do online transactions. it's been a while but thanks a lot for the reply!
Silly question but, what is an average price these ransomware hoodlums usually ask?
dang now i have a way to fight this kind of stuff since its been on the rise as of late.
I'm gunna leave a sticky note on my desktop with the link to this video just in case this happens. Thanks bro.
Just backup to cloud. These days they have automatic backup services that make it easier
Since my systems do not have sensitive files I just do a full wipe and reboot
Neither do I, but i had a lot of games and movies on my device. Losing files can be heartbreaking y'know.
what's the best imaging/backup software to get a complete sector by sector image of your entire system? And, should the infected drive be wiped or zeroed out before an infected system get restored with an image?
Simple format is enough, u can use tools like Dd from linux system rescue... there are plenty of ways to save images of your partitions
If you don't care for data JUST REINSTALL WINDOWS FFS
Exactly what i did😂
SAME. Haha
i think almost everyone does that. simple and easy. everyone's just bieng techy in the comments LOL
Same
How did you guys get ransomware?
Same I did 🤣🤣🤣
Great video and just subscribed. Thank you.
Note: Do not execute any virus on real computer, use virtual machine or dont execute them at all. It's for your safety.
Don't forget to close your internet connection, and make sure the malware can't leak from the vm
If you already have encrypted files what can they encrypted?
i dont store super secret stuff on my computer so if i ever get ransomware i have no problem doing a factory reset
they got my anime wallpapers
Lmfaaaaao
Always have a backup with all your files, as in a seperate drive. If you use an ssd or hdd, it doesn’t matter! Get a hard drive (cheaper) and copy your files on there. If you ever get a virus, shut down and unplug pc, remove your normal drive and plug in the backup and use that until you can wipe the main drive or fix it
Thank you. Now I'm calmer about my attack.
Wazuh is a good SIEM to use which can monitor file changes..
I just keep all important files on flash drives. If I was infected I would long format the drive and then reinstall windows.
Ransomware will typically encrypt any devices connected to infected systems
@@vidzpit8264 no shit. I'm saying my files are stored on flash drives. I don't leave them plugged in 24/7. I plug them in when I want to use the files, then unplug them.
Thankyou very much for uploading this video but sadly my version of ransomware isnt decrytable !
Backup your computer regularly, people! My high school recommended doing so every Friday, so that's what I've done for years.
I use non-network connected external drives, that I write my data out to every few days. As a retiree, anything on my computer is likely a bunch of media files or games that I can re-download. I've always enjoyed the performance increase of a fresh windows install (a relatively quick task in 2022), so that's how I'd cure a ransomware attack. Wipe everything and move on.
Personal files are always safe using offline storage solutions. Just don't plug the drive into an infected machine.
This Video : **Exists*
Me : Dont Use Computer lol
Super useful high-level video, thanks!
the dislikes are ransomware makers
Yes.
Can someone explain to me how to exactly do this at 0:40, does it just mean disconnecting from the internet? I'm not very good with computers so I don't quite know how to do this. I haven't been hit by ransomware btw, but I just wanted to know if my laptop ever gets infected by ransomware.
Merry christmas to you and family and a happy free virus 2020 year , greetings from hans of the dutch lowlands nl 👍👌
"free virus 2020 year"
This comment definitely did not age well
Kian Santang Kusumah ikr
is there something you can put out a video o D-DOS attack???
I remember getting ransomware on my computer like 10 years ago from downloading Terrordrome, CSGO, and Fallout 2 on super sketchy sites💀
Thank You kindly for the tips its kind of sad that these people will barely be punished, so lessen thier effectivness is noble deed. Can I ask how it works that files which take over your entire data are usually very small sized? and what are the most common ways to be infected? Sorry if thats silly question Im trying to be as cautious as I can but since Your Ccleaner video Im very stressed :)
will they know my ip address ?? i have the .booa virus on my pc and my pc dont have any important stuffs so lol
I saw personally what ransomware can do to a company. I'm curious about things such as One Drive local files from SharePoint/Teams that can get hit by a ransomware on a client PC - would Microsoft recognize a sync over to the cloud service and stop that from moving over?
athough i am not sure if the system would detect that the files had been encrypted, most cloud storage services (including onedrive and google drive) have file versions, im not sure how it works with onedrive, but with google drive older versions are usually stored for at least 30 days
Step 0: Have backups
Step 1: Nuke the install from orbit
Step 2: Install Linux instead
(I'd reccomend Linux Mint if you're used to Windows.)
@Sybren van den Akker www.notebookcheck.net/Lilu-Lilocked-ransomware-has-now-infected-thousands-of-Linux-servers.434547.0.html
Step 2 can only be implemented if you don't need Windows specific softwares. It's great for people who do some web surfing, watch videos and stuff. And as you mentioned, with distros like Mint and Ubuntu, linux has become extremely user friendly.
@@smellymomo if you REALLY need a certain bit of windows software, use a VM or dual boot. just make sure that the windows VM/partition does not have access to your linux drives (hard to do anyways since windows hates anything to do with linux)
if you need to transfer files between them, mount the windows partition in linux and move files there. always keep the files under linux and also a cold backup too if you wanna be extra safe (a drive that's unplugged most of the time)
There are thingies for linux as well, trust me on that one.
Why isn’t there some software that detects that many files are bing encrypted at once like alert the user if more than 10 files are being encrypted at once 😒
Honestly, just owning it and not trying to hide it is partially
why I watch you. It's the honorable thing to do and it make
the rest of the jobs much more believe when you are call
out of the spots like that, so thank you #davkracks.
The weakest link is the try hard secretary who thinks every email is legitimate and then encrypts the entire office
This is me listening to Leo in the background while I do work
Just have a backup, open up a mega account and you get 50gb for free, and get yourself a good external hard drive and do also a backup that way, i have 3 backups of all my data, i never dealt with ransomware, but its better to prevent than to heal, you never know if some family member put some pictures on a stick which has been infected by ransomware and gets onto your system that way. Just be carefull where you go online and what kind of foreign devices you plug into your pc
I'd always recommend backuping. Can be annoying but is SUCH A RELIEF! if something like this shit happens.
I dont think its nearly so annoying these days. Can set up auto backup to the cloud and deletion for added security
My neighbor was hit last year, he paid, all was good, 5 months later he was hit again and again last month. do not pay, back up, and at the worst format the hard drive. Also, I believe you did a test on eset a few weeks back and rated it very high. Do you still standby your rating? Im thinking of buying
Your neighbour shouldn’t buy allowed a pc
@@Hayden38502 I told him to stay off certain sites lol,
Just came across your channel and you have a new subscriber.
My friend got infected with Cerber Green ransomware 2 years ago and lost all of his data. Very upsetting for him and his business
Can you tell me what are some places where ransomware can infect you and also can i just format c if I don’t have any files i care about as i only have games.
Im not very tech savvy so I’d love if someone explained this to me
great video mate! just a question though, if i get attacked by ramsonware and i use microsoft onedrive (synchronized) will my files on cloud be encrypted too or are they safe? Thank you in advance for your time and keep up the good work!
As of today, talking from experience, since I had OneDrive synchronized/connected to my pc when I got attacked I can tell you that your files won't be safe if they're connected to your pc. :')
@@itzMiee thnx for the reply mate, i'll keep that in mind!
A few months ago I got hit by one with the .boop extension so I basically have 2 TB of data encrypted, that includes approximately 15 years of pictures. The two infected drives are lying here on my desk. I have a new drive in my machine but I operate from home so my work files are on those drives. I became complacent and wasn't backing up as I used to.
Are your accounts (minecraft, battlenet, discord, etc) protected? is iot just your documents and images that get screwed?
The best computer professional is your past self, with frequent backup routine. You will be the only one that can save your future self from those situations.
Since 2020, 100ethics has been the best cyber technician
Thank you bro.
My data files infected by iisa (dajavu Ransom )
Now I would decript my files.
😘
yah ... you have to have BACK - UPS of your DATA ... but you also have to BACK - UP your BACK - UPS ... and if it isn't RANSOMWARE it's a failed / burnt out motherboard ... so what i recommend is to have 9 laptops ... 9 desktops , 9 HDD
I keep 2 cloud backups, 3 offline backups and 1 synology backup which is only on to back up my stuff. Yeah im paranoid. Ive had hardware failures and viruses before.
Quick question:
How often do you do backups
Do you have the latest backup on all devices or are you alternating so you wont lose as much time doing everything 4 times?
@@rronaldreagan i have my phone on backup constantly to cloud. My pc backed up weekly to nas and external drives. Then my phone is backed up to nas and off line drives every 3 weeks or however busy i am. A whole image backup is ran once a month or with i do a major software upgrades. I use one drive for pictures and office files for hot backups on laptops and phones and move them from there. Yeah sounds like a real pain but you can only take those pictures once. A trick i do is name the folder with the backup date.
What about shadow copy? In some cases one version back isn't a big deal for the casual user.
My system was attacked several days ago. Watched this video and then visited ID-Ransomware and uploaded a sample encrypted file and it immediately identified the type of ransomware I am dealing with (DcRat/Lime). It says it's decryptable. Great! So then it says to click for more info. and takes me to a random Twitter thread from years ago and says to leave a message for someone and link them an uploaded sample encrypted file. I did this and have heard nothing back :( It's frustrating to learn that there is hope for my files but then basically to be taken to a dead end by this website. I don't think this is an active Twitter thread anymore because no one has commented on it for years. I had hoped that the "more information" it's going to provide me with some useful tool or decryption program or something but now I'm just at a dead end.
what about the ransomware that creates non minimazable window?