24 Sep 2012

Ransomware Panic on the desktop

Author: will | Filed under: assault, information loss, Ireland, Irish, Links, security, software, technology

Malware is a useful catch all term, but sometimes things are nastier than viruses and auto-deleting thingamajigs.

For example; Ransomware put simply it is a nasty program which put itself on your machine and refuses you access to it unless you pay someone.

There is a version doing the rounds in Ireland purporting to be from An Garda Síochána (The Irish Police force) saying simply pay up since we found naughty files on your computer.
The give-away is that its in both Gaeilge and English, or rather badly translated versions of both. Like it or lump it, but since, legally at least, all Irish laws are written in Gaeilge and translated in to English then the Gaeilge should be correct. In practice however the laws are written in English first, translated in to Irish and sometimes translated back to make sure the meaning hasn't changed.

So its a fake. That and the fact that the Irish Authorities prefer to prosecute after a forensics team have paid a visit to your hard drive (for the moment).

Its also fairly easy to remove this version, there are nastier ones which encrypt on the go (so go and back-up your datas now).

The steps are taken from Jimmy Collins' blog (link below) who I used to work with in a computer security company that I'm not going to mention in case it gets both of us in trouble.

"The infection itself is quite simple to remove. After booting into safe mode and checking the usual places like the Windows folder I came across a suspiciously name folder in ‘C:ProgramData’. It was a randomly named folder with a name like ‘ajklvnksnvsdfvfv’.
Inside, a 158mb HTML page, and all the necessary images, and CSS files etc. There was also an .exe in the root of the ‘C:ProgramData’ folder, the name of which I can’t remember, but it was name similarly to the folder with the HTML file, images etc. (I didn’t have a USB key handy regretfully).
Deleting these files and folders removes the infection, so it doesn’t seem too complex in the methods it employs to evade detection."

Still it would give you quite a shock to be suddenly presented with this. Automatic shutdowns rarely have an appeals process which works in a reasonable time.

Play safe out there…

This is a Loose Bloggers Consortium post on the theme of “Panic”.
To find out that the others in the consortium think, check out, …
Delirious, Maria/Gaelikaa, Maria SilverFox OCD writer, Padmum, Paul, Ramana, The Old Fossil, Grannymar.

Embedded Link

Beware – Ransomware
So this evening I was sitting at home when I get a panicked call from a friend in some distress. When he eventually explained what he was seeing on his computer screen at that moment, I immediately suspected a Ransomeware infection.
Ransomware, for those who have been living on the third moon of Jupiter for the last few years, is a type of malicious software that basically holds your PC for ransom. The user is prompted to pay a fee to ‘free’ thei…

Tags: , , , ,

4 Responses to “Ransomware Panic on the desktop”

  1. Grannymar Says:

    Great post Will. Thanks for the info, it is scary when you are not very familiar with the innards of a computer to find something like this happen. Makes you wonder how it gets there in the first place.

  2. Will Knott Says:

    Usually it ends up there either via a trojan download or by going to a web site with a malicious script on it.

    Assuming that the user didn’t download random or very “interesting” files.

  3. Rummuser Says:

    I am blissfully ignorant and shall stay so as I am a Mac fiend.

  4. Maxi Says:

    Helpful information, Will. Hope I never run into this kind of problem. Should this happen, I know what to do.

    Blessings ~ Maxi (new LBC member)

Leave a Reply