paoloaztig
Merry Christmas !!!
- Joined
- Aug 15, 2015
- Posts
- 10,684
- Reaction
- 41,367
- Points
- 6,029
Mga kasama,
Marahil naging pamilyar na sa inyo itong tinatawag na Ransomware dahil sa kamakailan lang ay naging kontrobersyal ito dahil sa ginawang pag-atake at pamiminsala nito sa iba't-ibang mahalagang establisments sa iba't-bang lugar...
Anu nga ba ang Ransomware at gaano ba ito ka-delikado?
Maihalintulad natin ang ransomware sa isang kidnapper or hostage taker na humihingi ng ransom or kapalit bago mapalaya ang mahal mo sa buhay...
1. Ang Ransomware ay isang uri ng Malware kung saan kinokontrol nito ang mahalagang files ng 'yong computer. Hindi mo na ito magagamit or mabubuksan dahil nilagyan ito ng mabagsik na encryption ng isang häçker...Layunin po nito na humingi na ransom o hihingan ka ng pera para ibigay sa'yo ang isang code na muling magbukas sa'yong encrypted files upang magamit mo na ito muli...
2. Kung wala kang nalalaman or kaunti lang ang yung kaalaman tungko sa internet security ay talagang mababaliw ka pagtinamaan ka nito lalo na pag ang tinamaan ay ang mga mahahalaga mong files at documents...Wag ka na pong mag attempt na i-reformat na ang yung computer dahil hindi yun mawawala at kadalasan yung back-up mo na ginawa sa kaparehong lokasyon ng drive kung saan ka tinamaan ng malware ay deleted na po ...
3. Di katulad sa ibang computer virus,worms, etc na pag-inatake ka ay kailangan mo lang paandarin ang yung anti-virus ay napapatay agad ito...Karamihan sa Ransomware ay hindi nade-detect ng malalakas na anti-virus applications...
Paano umatake ang Ransomare? eto po basahin natin ... eto po yung source/link ...You do not have permission to view the full content of this post. Log in or register now.
Ransomware You do not have permission to view the full content of this post. Log in or register now. can be spread through malicious e-mail attachments, infected software apps, infected external storage devices and compromised websites. In a lockscreen attack, the malware may change the victim’s login credentials for a computing device; in a data kidnapping attack, the malware may You do not have permission to view the full content of this post. Log in or register now. files on the infected device as well as other connected network devices.
Ransomware kits on the deep web have allowed cybercriminals with little or no technical background to purchase inexpensive ransomware-as-a-service (RaaS) programs and launch attacks with very little effort. Attackers may use one of several different approaches to extort digital currency from their victims. For example:
Paano ba maiiwasan ang pag-atake nito? eto po basahin ulit natin,galing po dito...You do not have permission to view the full content of this post. Log in or register now.
1. First and foremost, be sure to back up your most important files on a regular basis.
Ideally, backup activity should be diversified, so that the failure of any single point won’t lead to the irreversible loss of data. Store one copy in the cloud, resorting to services like Dropbox, and the other on offline physical media, such as a portable HDD.
An efficient tactic is to toggle data access privileges and set read/write permissions, so that the files cannot be modified or erased. An additional tip is to check the integrity of your backup copies once in a while.
2. Personalize your anti-spam settings the right way.
Most ransomware variants are known to be spreading via eye-catching emails that contain contagious attachments. It’s a great idea to configure your webmail server to block dubious attachments with extensions like .exe, .vbs, or .scr.
3. Refrain from opening attachments that look suspicious.
Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
4. Think twice before clicking.
Dangerous hyperlinks can be received via social networks or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible.
5. The Show File Extensions feature can thwart ransomware plagues, as well.
This is a native Windows functionality that allows you to easily tell what types of files are being opened, so that you can keep clear of potentially harmful files. The fraudsters may also utilize a confusing technique where one file can be assigned a couple of extensions.
For instance, an executable may look like an image file and have a .gif extension. Files can also look like they have two extensions – e.g., cute-dog.avi.exe or table.xlsx.scr – so be sure to pay attention to tricks of this sort. A standalone known attack vector is through malicious macros enabled in Microsoft Word documents.
6. ρá†ch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date.
This habit can prevent compromises via exploit kits.
7. In the event a suspicious process is spotted on your computer, instantly turn off the Internet connection.
This is particularly efficient on an early stage of the attack because the ransomware won’t get the chance to establish a connection with its Command and Control server and thus cannot complete the encryption routine.
8. Think of disabling vssaexe.
This functionality built into Windows to administer Volume Shadow Copy Service is normally a handy tool that can be used for restoring previous versions of arbitrary files. In the framework of rapidly evolving file-encrypting malware, though, vssadmin.exe has turned into a problem rather than a favorable service.
If it is disabled on a computer at the time of a compromise, ransomware will fail to use it for obliterating the shadow volume snapshots. This means you can use VSS to restore the blatantly encrypted files afterwards.
9. Keep the Windows Firewall turned on and properly configured at all times.
10. Enhance your protection more by setting up additional Firewall protection.
There are security suites out there that accommodate several Firewalls in their feature set, which can become a great addition to the stock defense against a trespass.
11. Adjust your security software to scan compressed or archived files, if this feature is available.
12. Disabling Windows Script Host could be an efficient preventive measure, as well.
13. Consider disabling Windows PowerShell, which is a task automation framework.
Keep it enabled only if absolutely necessary.
14. Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.).
In particular, disable macros and ActiveX. Additionally, blocking external content is a dependable technique to keep malicious code from being executed on the PC.
15. Install a browser add-on to block popups as they can also pose an entry point for ransom Trojan attacks.
16. Use strong passwords that cannot be brute-forced by remote criminals.
Set unique passwords for different accounts to reduce the potential risk.
17. Deactivate AutoPlay.
This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
18. Make sure you disable file sharing.
This way, if you happen to get hit, the ransomware infection will stay isolated to your machine only.
19. Think of disabling remote services.
Otherwise, the threat could rapidly propagate across the enterprise network, thus calling forth serious security issues for the business environment if your computer is a part it.
For example, the Remote Desktop Protocol can be leveraged by the black hat häçkers to expand the attack surface.
20. Switch off unused wireless connections, such as Bluetooth or infrared ports.
There are cases when Bluetooth get exploited for s†éálthily compromising the machine.
21. Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system.
The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow.
22. Block known-malicious Tor IP addresses.
Ano ang maaaring gagawin kung sakaling infected ka na nito? Basa ulit tayo ...
If your web browser is locked
You can try to unlock your browser by using Task Manager to stop the web browser's process:
1. Open Task Manager. There are a number of ways you can do this:
Right-click on an empty space on the taskbar and click Task Manager or Start Task Manager.
Press Ctrl+Shift+Esc.
Press Ctrl+Alt+Delete.
2. In the list of Applications or Processes, click on the name of your web browser.
3. Click End task. If you are asked if you want to wait for the program to respond, click Close the program.
4. In some workplaces, access to Task Manager may be restricted by your network administrator. Contact your IT department for help.
When you open your web browser again, you may be asked to restore your session. Do not restore your session or you may end up loading the ransomware again.
See the question “How do I protect myself from ransomware” above for tips on preventing browser-based ransomware from running on your PC.
If your PC is locked
Method 1: Use the Microsoft Safety Scanner, Malwarebytes or RogueKiller in safe mode
First, download a copy of the You do not have permission to view the full content of this post. Log in or register now. from a clean, non-infected PC. Copy the downloaded file to a blank USB drive or CD, and then insert it into the infected PC.
Try to restart your PC in safe mode:
You do not have permission to view the full content of this post. Log in or register now.
When you're in safe mode, try to run the Microsoft Safety Scanner or any Anti-malware software. (My Recommendation is to use Malwarebytes and RogueKiller) Tried and Tested ko na po yan.
Method 2: Use Windows Defender Offline
Because ransomware can lock you out of your PC, you might not be able to download or run the Microsoft Safety Scanner. If that happens, you will need to use the free tool Windows Defender Offline:
You do not have permission to view the full content of this post. Log in or register now.
Steps you can take after your PC has been cleaned
Make sure your PC is protected with anti-malware software.
Microsoft has You do not have permission to view the full content of this post. Log in or register now. that you can use:
If you have Windows 10 or Windows 8.1, your PC comes with antimalware software: You do not have permission to view the full content of this post. Log in or register now.
If you’re using Windows 7 or Windows Vista, you should install antimalware software, such as You do not have permission to view the full content of this post. Log in or register now.
You can update Microsoft security software on our You do not have permission to view the full content of this post. Log in or register now.
If you don't want to use Windows Defender or Microsoft Security Essentials, you can download other security software from another company. Just make sure it is turned on all the time, fully updated, and provides real-time protection.
Paalala: Tandaan, wag na wag kang magbayad ng ransom para lang mabuksan muli ang yung mga files dahil wala pong 100% assurance na mangyayari ito. Baka ang mangyari ay lalo ka pang hihingan ng pera.
Sundin lang lahat ng mga safetips na nandyan para maka iwas sa perwisyo...Salamat !!!
Marahil naging pamilyar na sa inyo itong tinatawag na Ransomware dahil sa kamakailan lang ay naging kontrobersyal ito dahil sa ginawang pag-atake at pamiminsala nito sa iba't-ibang mahalagang establisments sa iba't-bang lugar...
Anu nga ba ang Ransomware at gaano ba ito ka-delikado?
Maihalintulad natin ang ransomware sa isang kidnapper or hostage taker na humihingi ng ransom or kapalit bago mapalaya ang mahal mo sa buhay...
1. Ang Ransomware ay isang uri ng Malware kung saan kinokontrol nito ang mahalagang files ng 'yong computer. Hindi mo na ito magagamit or mabubuksan dahil nilagyan ito ng mabagsik na encryption ng isang häçker...Layunin po nito na humingi na ransom o hihingan ka ng pera para ibigay sa'yo ang isang code na muling magbukas sa'yong encrypted files upang magamit mo na ito muli...
2. Kung wala kang nalalaman or kaunti lang ang yung kaalaman tungko sa internet security ay talagang mababaliw ka pagtinamaan ka nito lalo na pag ang tinamaan ay ang mga mahahalaga mong files at documents...Wag ka na pong mag attempt na i-reformat na ang yung computer dahil hindi yun mawawala at kadalasan yung back-up mo na ginawa sa kaparehong lokasyon ng drive kung saan ka tinamaan ng malware ay deleted na po ...
3. Di katulad sa ibang computer virus,worms, etc na pag-inatake ka ay kailangan mo lang paandarin ang yung anti-virus ay napapatay agad ito...Karamihan sa Ransomware ay hindi nade-detect ng malalakas na anti-virus applications...
Paano umatake ang Ransomare? eto po basahin natin ... eto po yung source/link ...You do not have permission to view the full content of this post. Log in or register now.
Ransomware You do not have permission to view the full content of this post. Log in or register now. can be spread through malicious e-mail attachments, infected software apps, infected external storage devices and compromised websites. In a lockscreen attack, the malware may change the victim’s login credentials for a computing device; in a data kidnapping attack, the malware may You do not have permission to view the full content of this post. Log in or register now. files on the infected device as well as other connected network devices.
Ransomware kits on the deep web have allowed cybercriminals with little or no technical background to purchase inexpensive ransomware-as-a-service (RaaS) programs and launch attacks with very little effort. Attackers may use one of several different approaches to extort digital currency from their victims. For example:
- The victim may receive a pop-up message or email warning that if the ransom is not ρáíd by a certain date, the You do not have permission to view the full content of this post. Log in or register now. required to unlock the device or decrypt files will be destroyed.
- The victim may be duped into believing he is the subject of an official inquiry. After being informed that unlicensed software or îllégâl web content has been found on his computer, the victim is given instructions for how to pay an electronic fine.
- The attacker encrypts files on infected computed devices and makes money by selling a product that promises to help the victim unlock files and prevent future malware attacks.
Paano ba maiiwasan ang pag-atake nito? eto po basahin ulit natin,galing po dito...You do not have permission to view the full content of this post. Log in or register now.
1. First and foremost, be sure to back up your most important files on a regular basis.
Ideally, backup activity should be diversified, so that the failure of any single point won’t lead to the irreversible loss of data. Store one copy in the cloud, resorting to services like Dropbox, and the other on offline physical media, such as a portable HDD.
An efficient tactic is to toggle data access privileges and set read/write permissions, so that the files cannot be modified or erased. An additional tip is to check the integrity of your backup copies once in a while.
2. Personalize your anti-spam settings the right way.
Most ransomware variants are known to be spreading via eye-catching emails that contain contagious attachments. It’s a great idea to configure your webmail server to block dubious attachments with extensions like .exe, .vbs, or .scr.
3. Refrain from opening attachments that look suspicious.
Not only does this apply to messages sent by unfamiliar people but also to senders who you believe are your acquaintances. Phishing emails may masquerade as notifications from a delivery service, an e-commerce resource, a law enforcement agency, or a banking institution.
4. Think twice before clicking.
Dangerous hyperlinks can be received via social networks or instant messengers, and the senders are likely to be people you trust, including your friends or colleagues. For this attack to be deployed, cybercriminals compromise their accounts and submit bad links to as many people as possible.
5. The Show File Extensions feature can thwart ransomware plagues, as well.
This is a native Windows functionality that allows you to easily tell what types of files are being opened, so that you can keep clear of potentially harmful files. The fraudsters may also utilize a confusing technique where one file can be assigned a couple of extensions.
For instance, an executable may look like an image file and have a .gif extension. Files can also look like they have two extensions – e.g., cute-dog.avi.exe or table.xlsx.scr – so be sure to pay attention to tricks of this sort. A standalone known attack vector is through malicious macros enabled in Microsoft Word documents.
6. ρá†ch and keep your operating system, antivirus, browsers, Adobe Flash Player, Java, and other software up-to-date.
This habit can prevent compromises via exploit kits.
7. In the event a suspicious process is spotted on your computer, instantly turn off the Internet connection.
This is particularly efficient on an early stage of the attack because the ransomware won’t get the chance to establish a connection with its Command and Control server and thus cannot complete the encryption routine.
8. Think of disabling vssaexe.
This functionality built into Windows to administer Volume Shadow Copy Service is normally a handy tool that can be used for restoring previous versions of arbitrary files. In the framework of rapidly evolving file-encrypting malware, though, vssadmin.exe has turned into a problem rather than a favorable service.
If it is disabled on a computer at the time of a compromise, ransomware will fail to use it for obliterating the shadow volume snapshots. This means you can use VSS to restore the blatantly encrypted files afterwards.
9. Keep the Windows Firewall turned on and properly configured at all times.
10. Enhance your protection more by setting up additional Firewall protection.
There are security suites out there that accommodate several Firewalls in their feature set, which can become a great addition to the stock defense against a trespass.
11. Adjust your security software to scan compressed or archived files, if this feature is available.
12. Disabling Windows Script Host could be an efficient preventive measure, as well.
13. Consider disabling Windows PowerShell, which is a task automation framework.
Keep it enabled only if absolutely necessary.
14. Enhance the security of your Microsoft Office components (Word, Excel, PowerPoint, Access, etc.).
In particular, disable macros and ActiveX. Additionally, blocking external content is a dependable technique to keep malicious code from being executed on the PC.
15. Install a browser add-on to block popups as they can also pose an entry point for ransom Trojan attacks.
16. Use strong passwords that cannot be brute-forced by remote criminals.
Set unique passwords for different accounts to reduce the potential risk.
17. Deactivate AutoPlay.
This way, harmful processes won’t be automatically launched from external media, such as USB memory sticks or other drives.
18. Make sure you disable file sharing.
This way, if you happen to get hit, the ransomware infection will stay isolated to your machine only.
19. Think of disabling remote services.
Otherwise, the threat could rapidly propagate across the enterprise network, thus calling forth serious security issues for the business environment if your computer is a part it.
For example, the Remote Desktop Protocol can be leveraged by the black hat häçkers to expand the attack surface.
20. Switch off unused wireless connections, such as Bluetooth or infrared ports.
There are cases when Bluetooth get exploited for s†éálthily compromising the machine.
21. Define Software Restriction Policies that keep executable files from running when they are in specific locations in the system.
The directories most heavily used for hosting malicious processes include ProgramData, AppData, Temp and Windows\SysWow.
22. Block known-malicious Tor IP addresses.
Ano ang maaaring gagawin kung sakaling infected ka na nito? Basa ulit tayo ...
If your web browser is locked
You can try to unlock your browser by using Task Manager to stop the web browser's process:
1. Open Task Manager. There are a number of ways you can do this:
Right-click on an empty space on the taskbar and click Task Manager or Start Task Manager.
Press Ctrl+Shift+Esc.
Press Ctrl+Alt+Delete.
2. In the list of Applications or Processes, click on the name of your web browser.
3. Click End task. If you are asked if you want to wait for the program to respond, click Close the program.
4. In some workplaces, access to Task Manager may be restricted by your network administrator. Contact your IT department for help.
When you open your web browser again, you may be asked to restore your session. Do not restore your session or you may end up loading the ransomware again.
See the question “How do I protect myself from ransomware” above for tips on preventing browser-based ransomware from running on your PC.
If your PC is locked
Method 1: Use the Microsoft Safety Scanner, Malwarebytes or RogueKiller in safe mode
First, download a copy of the You do not have permission to view the full content of this post. Log in or register now. from a clean, non-infected PC. Copy the downloaded file to a blank USB drive or CD, and then insert it into the infected PC.
Try to restart your PC in safe mode:
You do not have permission to view the full content of this post. Log in or register now.
When you're in safe mode, try to run the Microsoft Safety Scanner or any Anti-malware software. (My Recommendation is to use Malwarebytes and RogueKiller) Tried and Tested ko na po yan.
Method 2: Use Windows Defender Offline
Because ransomware can lock you out of your PC, you might not be able to download or run the Microsoft Safety Scanner. If that happens, you will need to use the free tool Windows Defender Offline:
You do not have permission to view the full content of this post. Log in or register now.
Steps you can take after your PC has been cleaned
Make sure your PC is protected with anti-malware software.
Microsoft has You do not have permission to view the full content of this post. Log in or register now. that you can use:
If you have Windows 10 or Windows 8.1, your PC comes with antimalware software: You do not have permission to view the full content of this post. Log in or register now.
If you’re using Windows 7 or Windows Vista, you should install antimalware software, such as You do not have permission to view the full content of this post. Log in or register now.
You can update Microsoft security software on our You do not have permission to view the full content of this post. Log in or register now.
If you don't want to use Windows Defender or Microsoft Security Essentials, you can download other security software from another company. Just make sure it is turned on all the time, fully updated, and provides real-time protection.
Paalala: Tandaan, wag na wag kang magbayad ng ransom para lang mabuksan muli ang yung mga files dahil wala pong 100% assurance na mangyayari ito. Baka ang mangyari ay lalo ka pang hihingan ng pera.
Sundin lang lahat ng mga safetips na nandyan para maka iwas sa perwisyo...Salamat !!!