So everyone has been hearing about these ransomware hitting big networks. So I decided to check some of the ransomware code to reverse the infection. Any input would be amazing. The best spot to find all the ransomware is on the deep Web a forum called K-A. Here is the link: http://kickassugvgoftuk.onion/
>>53667862
I get one of these a year 90% can be removed with malware bites. The 10% of the time that I get 100% locked up I just reformat C:
>>53667862
Never call the number or pay them money they are criminals and belong in jail.
>>53667862
lol. no.
>>53667862
If you manage to find the infection before it is fully encrypted, the encryption key will be stored somewhere in the machine.
Your best bet would be to find the encryption algorithm that the software uses, and where it stores the key.
You are right. But looking at some of these new codes, they have a you to hide themselves from anti viruses and anti malware. Most of the time they are injecting them into pdf files. Any code to cross script the injection so we can detect the malware?
>>53668108
>code to cross script the injection
not sure if trolling, or just retarded.
But finding that encryption key would take long by that time you can't use shit on your pic because it gets locked down
>>53667862
I've heard that ZFS with properly configured backups and snapshots can basically make the ransomware pointless because you can simply rollback to the snapshot that occurred before the infection. I'm not quite sure how to properly set this up but i think this is a strategy that could turn ransomware into more of a minor inconvenience rather than a catastrophe.
Don't click on it. Even if you do go on it. It's tough to get accepted. They make you complete some hard questions to see if your actually a advanced coder/hacker.
>>53667995
>I get one of these a year
????
But that's the thing. How would you roll back if they've locked you down?
this shit actually happened to my older sisters boyfriends laptop
i was quite amused and bothered checking their tor link but i guess it expired by the time i took a look
all documents were encrypted and there was a text file on the desktop asking for money to get it unencrypted
>>53668500
What kind of questions?
I can't be arsed about their community but I love challenges. Got a sample?
>>53667862
>So I decided to check some of the ransomware code to reverse the infection
phew, good to know someone is looking out for us. Why didn't the authorities call you months ago?
Jokes aside, some security firm has been looking at the recent Linux ransomware and found that in one case they used the current timestamp as seed for generating the encryption key, making it trivial to recreate. In another the ransomware tried to hash the encryption key, but forgot to choose a hashing algorithm and basically did nothing
>this entire thread
Lmao you get one a year?
>>53668483
>dd if=/dev/zero of=/dev/disk/by-label/zfstank bs=1M
Your snapshots are not all gone.
Redundancy and snapshots don't replace backups. Make backups, and keep them safe from the machine you are backing up.
>>53667995
100% of those infections can be avoided with common sense.
They give you challenges. Such as creating an sql injection on there server or making a code of there request. They grill you hardcore. There pretty advanced. Just don't be stupid those guys are known for many hacks
Well remember something. Two things a black-haired hacker has skills at are hacking/cracking and social engineering. I was reading on that forum that guys get big corporations by dropping a infected USB stick in a corporate office smoking section... that's smart reverse social engineering lol
>>53668065
what is asymmetric cryptography?
>>53668556
>are not all gone
are now all gone*
>>53668653
I heard somewhere they did a study on dropping storage media around randomly
a high percentage of unmarked CDs were inserted, and 100% of corporate branded USB drives were used.
desu if I found a USB stick lying around I'd test it out too.
You mean pgp keys. That's a secure way to hide your identity and keep creditenials of your identity. You send encrypted messages.
>>53668658
thank you
I got to go. Keep this thread going. I want to hear all your input. I'll be back later.
>>53668752
Nobody cares about you, you stupid little faggot. We don't even know which posts are yours in this thread. Fuck off back to plebbit, you stupid nigger.
>>53668752
holy shit this is an 18+ website you fucking skid
>tfw I've gotten ransomware viruses on purpose on old junk computers/HDDs I bought for cheap or got for free
I dunno why I do it. It's kinda fun.
>>53668752
>>53668942
It's actually funny how you can spot newtards
>>53668949
I'd do it too if I had the patience to reformat then so often
Didn't cryptolocker get raided and the keys got released?
>>53668610
dude where the FUCK do you think you are
we are Anonymous the best fucking hackers this freakin world!!
Pools Closed or open cuz we could HACK it!
Anonymous. .. they are a bunch of skids... the real anons are on that forum... I witnessed it for myself.
I asked this the other day in a sim thread but fell asleep.
I've heard these things only encrypt common file types such as jpg, mp3, etc. Can you protect files by preemptively encrypting them or breaking file extensions?
I've got independent backups and common sense v80085 but I was just wondering.
>>53671236
Many variants just look for something with one of the desired file extensions and encrypts the file blindly. If the file is already encrypted by someone else, it still gets hit. If the filename is something else, it gets ignored. Obviously don't really want to touch exe's or dll's in system folders.
>>53669545
Yes, but cryptolocker isn't the only ransomware. Copycats are plentiful
>>53668556
Tried this on my command prompt, doesn't work. Stop spreading FUD
There are many different types of ransomware malware. Like the other user said. Every ransomware targets specific files.
I've never had ransomware. I think everyone else gets them through ads and shit, and I've got an adblocker so yeah
Also I open most pdf files and other documents through chrome, and only open suspicious exes through sandboxie.
Most ransomware self-terminates if it detects that it is running inside a VM or a sandbox, so that the person running the VM/sandbox cannot do any virus research on it. If we had something that tricked all ransomware into thinking your regular computer is actually a VM, you could make your computer immune to it
>>53673163
>trusting a sandbox program
>running on Microsoft windows
>closed source
>named “sandboxie”
holy shit all those ref glags. I hope you get fucked hard some day
>>53667862
I get customers with these at least once a week.
Reformat computer, restore encrypted files on network shares from backup and call it a day.
