IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ransomware]

Ransomware is a lethal kind of Malware that Encrypts your harddrive(s) and holds them hostage, providing the decryption key if you pay the hostage-taker(s) money (well-known variants are the FBI Virus and the Police Virus).

Ransomeware (malware variant), once infected with, holds your system (mostly harddrive(s) and/or storage media) hostage by either encrypting the info, or holding an OS hostage (non-encryption ransomware).

Questions aksed with this tag should have information concidering ransomware, having a system infected with Ransomware, having questions on preventing ransomware, etc.

For more information, please see these sites explaining ransomeware, its definitions, history, and more:

269 questions
250
votes
10 answers

How is the "WannaCry" Malware spreading and how should users defend themselves from it?

There's a new strain of attacks which is affecting a lot of systems around the world (including the NHS in the UK and Telefonica in Spain) which is being called "WannaCry" amongst other names. It seems to be a both a standard phishing/ransomware…
Rory McCune
  • 60,923
  • 14
  • 136
  • 217
211
votes
10 answers

What should you do if you catch encryption ransomware mid-operation?

You boot up your computer one day and while using it you notice that your drive is unusually busy. You check the System Monitor and notice that an unknown process is using the CPU and both reading and writing a lot to the drive. You immediately do a…
Fiksdal
  • 3,076
  • 3
  • 18
  • 29
173
votes
4 answers

GitLab account hacked and repo wiped

I was working on a project, a private repo, and suddenly all the commits disappeared and were replaced with a single text file saying To recover your lost code and avoid leaking it: Send us 0.1 Bitcoin (BTC) to our Bitcoin address…
Stefan Gabos
  • 1,113
  • 2
  • 6
  • 9
125
votes
4 answers

How does ransomware get on people's computers?

I've noticed increased frequency of ransomware questions around Stack Exchange. Some of the people I remotely know had their devices recently infected as well. I'm starting to be concerned. When people ask me how to avoid viruses, I typically tell…
Tomáš Zato - Reinstate Monica
  • 1,237
  • 3
  • 11
  • 16
81
votes
6 answers

Getting files back by paying Ransomware

A company I support/do work for has been hit with ransomware. I've gone down all the data recovery paths etc ... and the business has decided that paying the ransom is cheaper then rebuilding and trying to recover. My question is: has anyone gone…
Jason
  • 3,086
  • 4
  • 20
  • 24
80
votes
5 answers

Why are ransomware attackers not tracked down via bitcoin transactions?

A bitcoin transaction has details of the incoming address as well as the outgoing address (where the bitcoins are being transferred), so my question is why that outgoing address has not done anything in tracking down ransomware attackers, like the…
Ashmika
  • 789
  • 1
  • 5
  • 4
72
votes
15 answers

Are cloud storage services a good strategy to protect against ransomware attacks?

I have been reading a lot here about Ransomware attacks and I am wondering if my strategy for protecting myself is valid or not. I have 10Gb of personal data and 90Gb of photos and videos. I have them in D:\ drive in two separate folders. Personal…
Oscar Foley
  • 850
  • 1
  • 7
  • 12
69
votes
3 answers

How does ransomware get the permissions to encrypt your disk?

Recently, my employer blocked access to Gmail, Yahoo Mail, etc., because an employee downloaded an email attachment which contained ransomware and got their disk encrypted. QUESTION : How does ransomware get the root/admin permissions to encrypt…
irritable_phd_syndrome
  • 757
  • 1
  • 5
  • 6
67
votes
4 answers

Why is so much ransomware breakable?

The site: https://www.nomoreransom.org/ offers many decrypter tools for ransomware. But why? It shouldn't be so hard to use the Windows Crypto API (e.g. just google "create AES Key in Windows") to create AES Keys, encrypt them with a locally…
kiara
  • 671
  • 1
  • 6
  • 9
65
votes
3 answers

What happens if you run WannaCry after installing the necessary patches?

I understand that WannaCry spreads itself by exploiting the SMBv1 vulnerability, which is fixed by patch MS17-010. Does this mean that even with the patch installed, WannaCry can still infect the computer--if the user downloads and executes it--but…
Lh Lee
  • 647
  • 1
  • 5
  • 5
53
votes
7 answers

How can a company ensure cybercriminals destroy hacked data after payment?

Cloud computing provider Blackbaud reported on https://www.blackbaud.com/securityincident "...the cybercriminal removed a copy of a subset of data from our self-hosted environment. ... we paid the cybercriminal’s demand with confirmation that the…
Gnubie
  • 573
  • 1
  • 4
  • 7
50
votes
8 answers

How does malicious software encrypt victims' files so quickly?

Encrypting a file to me is akin to dealing with a very long string, feeding it into the hashing or encryption function to get another long encrypted string (or a hash in the case of hashing). This process takes some good amount of time. I know that…
Ulkoma
  • 8,793
  • 16
  • 65
  • 95
47
votes
11 answers

Why are ransom attacks successful?

I just read that "ransom" attacks are on the rise - where the attacker uses a vulnerability to enable them to encrypt files and demand money for the key. Why is this any different to a disk failure, where the solution is "get the backup"?
GreenAsJade
  • 1,031
  • 1
  • 9
  • 10
47
votes
3 answers

Help! Ransomware encrypted my files. What do I do now?

I just discovered that my files have been encrypted by ransomware. Can I get my files back? How? Should I pay the ransom? What should I do so that this never happens again?
Anders
  • 64,406
  • 24
  • 178
  • 215
45
votes
4 answers

Can the ransomware encryption key be derived from comparing encrypted and unencrypted files?

A firm has 10 million files, all ransomware encrypted, but the firm has all of those 10 million files backed up, and almost all of them have not changed. Would comparing all of those files against their unencrypted backups in addition to the other…
David Scott
  • 451
  • 4
  • 3
1
2 3
17 18