No More Ransome

My special interest is computers. Let's talk geek here.
Post Reply
User avatar
yogi
Posts: 9978
Joined: 14 Feb 2015, 21:49

No More Ransome

Post by yogi »

You've read about computers being taken over by ransomeware, I'm sure. I know one of our members has been a victim of such an attack. It could be devastating and/or expensive to recover but now there is significant and meaningful help. A group called No More Ransom was formed by several private and governmental agencies. Working together they are sharing resources and coming down hard on the distributors of ransomeware. There are a lot of keys and solutions on their web site but obviously not everything can be known. The concept of collaboration between public and private sectors is brilliantly simple and effective. I hope none of us will ever need this information, but just in case, here it is:

ARTICLE: http://www.zdnet.com/article/no-more-ra ... ir-tracks/
WEBSITE: https://www.nomoreransom.org/
User avatar
Kellemora
Guardian Angel
Guardian Angel
Posts: 7494
Joined: 16 Feb 2015, 17:54

Re: No More Ransome

Post by Kellemora »

All I can say is, it was a good thing I had off-line backups of almost everything.
Unfortunately, the frau did not, lost most of her pictures again.
User avatar
yogi
Posts: 9978
Joined: 14 Feb 2015, 21:49

Re: No More Ransome

Post by yogi »

You instinctively did the right thing with backups. Us geeks do those kind of things. :grin:

The interesting aspect of the decryption repository is how it coordinated between several groups with a common interest. Normally those people are competing with one another. I don't know if ransomware will ever be defeated, but it seems as if it can be contained much the same way as any other virus. Or, at least recovery is becoming a viable option.
User avatar
Kellemora
Guardian Angel
Guardian Angel
Posts: 7494
Joined: 16 Feb 2015, 17:54

Re: No More Ransome

Post by Kellemora »

It still irks me that they got from the frau's Windows computer, through my Linux boxes, to the external drives formatted as NTFS.
I assume since they were shared on the network, perhaps they just went straight from her computer to the shared drive on the LAN. A lesson learned!
User avatar
yogi
Posts: 9978
Joined: 14 Feb 2015, 21:49

Re: No More Ransome

Post by yogi »

There is a Linux version (or two) for what you inherited from your Windows box. No system is safe.
User avatar
Kellemora
Guardian Angel
Guardian Angel
Posts: 7494
Joined: 16 Feb 2015, 17:54

Re: No More Ransome

Post by Kellemora »

Apparently no system is safe. Our county library replaced their MVS 370 with a 390 about 8 to 10 years ago, and only a couple of years ago changed to an IBM ZOS. They got hit a year ago with a Ransomware attack as well, and lost thousands of jpg and other images across all their storage devices.
Multiple servers were supposed to protect against things like that, or so I thought.
When we heard of this, I became even more leery of cloud servers, since I've heard they don't actually back-up data per se. They rely on redundant storage so data is supposed to be in too many places to be obliterated or changed.
I used to go to a website that could show me each change to several of websites I belonged to over the years. They were screenshots taken and stored. It was neat being able to go back and see how the index page changed over the years.
But what keeps them from losing everything? Just because they have so many ?nodes?...
User avatar
yogi
Posts: 9978
Joined: 14 Feb 2015, 21:49

Re: No More Ransome

Post by yogi »

I read an article describing the Google server farm which is shrouded in secrecy. For example, they rent (share) buildings in which to build their farms. It is highly secure and barricaded so that only Google employees can access the area. The lights in the room are off - all the lights. Not one blinking LED can be seen on any of their servers. Techs walk around and do their maintenance using those miner hats with lights on them. I don't recall what processors they use, but I'm thinking they are custom made if memory serves me right. They invented their own machine code to interact with the processors and also invented a programming language that only exists within Google-land. It's darned near impossible to hack a server with an unknown architecture. And, if it is hacked, they know damned well who it could have been. It's all about secrecy, but everything from the processors to the programming to the fiber optic cables is designed for speed.

You must have wondered at some point how they can deliver 312,906,227 search results in .o12 seconds. It's the result of distributed processing. Their tens of thousands of servers share pieces of data so that the home page for Brainformation, as an example, is spread across maybe 1000 servers. The amazing part is that being distributed the way they are it all acts as if it were a single processor with tens of thousands of cores. Why don't they lose anything? Well, I'm sure they do, but it's recovered easily much like hot swapping works in RAID memory. They could lose, say, a thousand servers and the system would hardly glitch. When they come back on line they are rebuild automatically.

Bottom line is that there are not enough bot nets in the world to take them down with DDoS - much the same as Amazon's amazing network. They don't have to back up anything because it's all there, always, and self-healing. Google cloud uses all this but the final link to your home network is the most vulnerable node. Anyone can break in there if they were clever enough.

The current level of ransomware exploits network service vulnerabilities in Windows. Lately it has conquered other OS's as well. It's extremely difficult to detect the virus because it's embedded within a .dll file. Virus scanners see it as a normal system file. The system calls are not unusual either and in fact necessary to allow networking to function. During those calls the rogue .dll spreads by looking for other nodes on the network. No problem there given that is exactly how networks are supposed to work. Each node found gets it's own infected stealth .dll file. At the appointed time these infected system files call into the master server and download the payload which captures your files. It calls a separate server to get the encryption keys. No need to have your password or any other network security measures known because it's operating within a legitimate and necessary service. Once everything is encrypted, the working code erases itself. Lately it's been creating mutants that are spread over the same network so that if you manage to decrypt files and remove the original virus, there are other trojans lurking about that can do it all over again.

Cloud storage is fairly safe given that the targets of the bad operator are known OS's. Google has it's own and cannot run a .dll or anything else Windows. Not only that, but should you attempt to put an infection on Google's cloud servers, they capture it immediately, identify you, and block you permanently. They also have the capability to strike back, but that would be illegal. So, don't worry about cloud storage being compromised on Google servers. I know it's safe for enterprises but don't know if it's the same setup for us common folk. Regardless, cloud or any other backup storage, save your important things off line and disconnected from any LAN. What could go wrong then? :mrgreen:
User avatar
Kellemora
Guardian Angel
Guardian Angel
Posts: 7494
Joined: 16 Feb 2015, 17:54

Re: No More Ransome

Post by Kellemora »

What could go wrong? Well, no way to read 5-1/4 floppies, and tons of my CDs have rotted. Well, actually, the foil surface has corroded enough they are no longer readable. On the bright side, all of my old hard drives still worked. Well here too, a couple of them, small very old one, the capacitors must have dried up from not being used. But the data that was on them was moved to other drives, so no big deal.

Someone gave me one of those small half-size old computers. It only has 1 gig of memory, and a 50 gig HD. The LAN card is 10/100. I'm thinking of using it as a text only computer for my writing. It's too old and slow for anything else. About like the new computers in that half-size case, hi hi...
User avatar
yogi
Posts: 9978
Joined: 14 Feb 2015, 21:49

Re: No More Ransome

Post by yogi »

It's like the game developers who will no longer have Flash to ply their wares. Upgrade to what is current or risk losing it forever. I know hardware upgrades are an expense most of us do not want to deal with, but progress stands still for nobody. You have to decide how much your old data is worth. Some of it is priceless, I'm sure. I sympathize with you because I know how much work you put into your family research. Unfortunately I don't know of an other approach beyond timely upgrading.
User avatar
Kellemora
Guardian Angel
Guardian Angel
Posts: 7494
Joined: 16 Feb 2015, 17:54

Re: No More Ransome

Post by Kellemora »

I learned yesterday Slashkey is developing their own multi-level system that will load with the game, and you only need a web browser to see and play the game, without a 3rd party add-on like Flash. It will use HTML5 graphics display on our end, which is already installed as part of the web browser.
If the information they provided is accurate, it will still work on their end the same as Flash only better, but this will be in the background on their end, instead of on our end like it works with Flash.
Someone not associated with Slashkey said they purchased the programming for an open virtual gaming platform so they can control and modify it themselves.
Another person said they are also building a second game that will not be associated with Farcebook, but it will be monthly fee type game. But several others said it is going to be totally different game, nothing like Farm Town. So who knows what's up their sleeve.
Post Reply