# @#$!*& [email protected]%$#%@



## ShirlandDesign (Nov 29, 2009)

Got hit over the weekend, everything from the network server, bookkeeping, composition, everything encrypted. 

p.s. "cryptowall" sorry


----------



## kheebl (Nov 26, 2014)

What's that? Never heard of it before


----------



## ShirlandDesign (Nov 29, 2009)

It encrypts all of your files and will not let you have them back without first paying a $500 ransom.


----------



## Decal Garage (Sep 21, 2012)

No you won't get your files back either, don't pay the money. My best recommendation is to pull the drives and some day somebody might get the keys. I've been down this road with a client already.


----------



## ShirlandDesign (Nov 29, 2009)

I appreciate the advice, you never take backing up as serious as you should until...


----------



## joe83 (Apr 26, 2013)

Do you have any idea of how they got you?


----------



## ShirlandDesign (Nov 29, 2009)

According to our resident Guru it can hide in any of a number of different file types. It will later disguise itself as an email you would expect and after you open it will do its mischief after hours. It then encrypts all of your working files and simply cannot be undone without the key.


----------



## joe83 (Apr 26, 2013)

ShirlandDesign said:


> According to our resident Guru it can hide in any of a number of different file types. It will later disguise itself as an email you would expect and after you open it will do its mischief after hours. It then encrypts all of your working files and simply cannot be undone without the key.


It can happen to anybody. I am sorry this happened to you. I hope you can recover faster than expected.

I will make sure to be extra careful with incoming emails and regular anti-virus-malware check ups. They might target businesses. Thank you for sharing.


----------



## ShirlandDesign (Nov 29, 2009)

I appreciate the sympathy. Time to get serious about regular backups


----------



## wormil (Jan 7, 2008)

Do you use an AV product?


----------



## ShirlandDesign (Nov 29, 2009)

I do personally, the guys at the day job.... not so much


----------



## Decal Garage (Sep 21, 2012)

Ok just to set the tone I'm a Certified PC and Network tech and have unfortunately had to deal with theses issues. The Internet has been an will be the Wild Wild West. Keeping yourself informed of the various malicious social engineering attacks is crucial if your business is relevant to the daily operation of your pc's and network. Daily backups are also susceptible to encryption if compromised by either crypto wall or crypto lock etc, not even Dropbox can protect you! At this point I would use isolated email terminals, routine virus and malware scanning software and regular back-ups to removable media that will be removed from the system after each back-up.


----------



## tshirtjac (Apr 18, 2015)

Never knew this existed, damn now I'm going to scan every file with my anti-virus.


----------



## jgabby (Mar 29, 2007)

never heard as well, freaking malware, I have time to protect my network now.

thank you for sharing,


----------



## Quartier (Apr 29, 2014)

So how often should I do a complete back up of my computer? Should I keep the necessary for operation files on GoogleDrive? Most of what I have is replaceable and there are copies on multiple devices, but there are some files that we can't afford to lose.


----------



## freebird1963 (Jan 21, 2007)

4th and 99 with half a second to go. Hail Mary time
Remove CryptoWall 3.0 virus: how to decrypt CryptoWall 3.0 encrypted files | Nabz Software

Some ideas near the bottom to try. 

Good Luck


----------



## ShirlandDesign (Nov 29, 2009)

Unfortunately the shadow volume method only works if the infected drive has an operating system. There are 7 computers in in our network all saving to a common storage server. Except my computer, just me being old I guess. My files are all saved on the machine that originated them. So I unhooked the network cable, and will back up today. Also embroidery files aren't common enough for the virus to seek, the screen print artwork in cdr format is though and the bastards got over 10 years of engraving set ups.


----------



## Decal Garage (Sep 21, 2012)

How important is your data?
"You’re backing your important files up to Google Drive, right? Everything is there, right? Think again. If you’re infected with CryptoLocker, the files on your local hard drive will be held at ransom (by encryption) and guess what, the copy that you have in Google Drive was overwritten when your computer synced. Your “backup” is also now held at ransom. Is that it, is everything lost?"


----------



## ShirlandDesign (Nov 29, 2009)

Off site w/ external hard drive weekly?


----------



## Decal Garage (Sep 21, 2012)

That would be my recommendation, also an isolated email terminal because this is the entry point. Adobe flash has become a prime target for entry.


----------



## Quartier (Apr 29, 2014)

Can you give an example of an isolated email terminal?


----------



## Decal Garage (Sep 21, 2012)

Just a stand alone machine that is only tied to the Internet and not your network. Download emails from customers that contains artwork etc, scan them, transport them to production via flash drive. It's a pain in the *** but what's easier, rebuilding a simple pc with no sensitive data or loosing years of files that once encrypted are gone forever.


----------



## wormil (Jan 7, 2008)

Decal Garage said:


> Just a stand alone machine that is only tied to the Internet and not your network. Download emails from customers that contains artwork etc, scan them, transport them to production via flash drive. It's a pain in the *** but what's easier, rebuilding a simple pc with no sensitive data or loosing years of files that once encrypted are gone forever.


Sneakernet is nothing new and provides zero protection against viruses.


----------



## NoXid (Apr 4, 2011)

Decal Garage said:


> That would be my recommendation, also an isolated email terminal because this is the entry point. Adobe flash has become a prime target for entry.


Uninstall Flash. It is a prime vector for malicious code (besides being hopeless outdated junk itself).


Use something like MailWasherFree that detects and labels suspect email and allows you to inspect questionable email without opening them on your computer (no attached files or graphics will be loaded, only the first little bit of text content). It then deletes the bad ones off the mail server and launches your mail program to download the good ones.

^ This has greatly reduced the time I spend dealing with dangerous junk as well as being really effective at keeping junk off my system.


I have two external drives that I backup all data files to twice a month. I alternate between them, just in case of sleeper bugs, hardware failure, unnoticed issues with seldom used files, etc. They are unplugged when not being used for a backup.

I do a nightly backup of commonly changed files, and really, really important files to a USB thumb drive. I guess I should probably pull that drive and insert it only during backups ...


The problem with working on a network with other people is that everyone is only as safe as the least diligent, least savvy co-worker. No Flash. No surfing porn. No opening wired emails. No clicking odd looking links.


----------



## Dekzion (May 18, 2015)

I've never been held to ransom thankfully and I only use one totally rubbish, 'cos it's very old, IBM that has a 60gb hardrive and doesn't even have a soundcard, for emails.
My main design computer backs up externally every day constantly to 2tb WD's and is turned off night times, anything that is going to print goes on a flash and is taken to a Dell netbook which is only used for printing and doesn't have access to the web but also stores designs that it has printed so if I've printed it it is on there.
My partner is Linux so there is very little chance of trouble there but still backs up externally constantly.
We bought an HP netbook specifically for banking online as it has 'quickweb' so when it's fired up it doesn't even go to windows but you have a choice of 4 web pages to go directly to instead. That gets used for nothing else ever. It doesn't even have windows updates installed because it never gets that far.
Both of us use iPads for browsing Me,1st generation and my Partner a 2nd,

This is after losing everything when my main had a hard drive seizure and it stopped completely dead.
The funny thing is that when I plugged it into another computer to try and retrieve my work, that computer went crazy and acted like it had lost it's marbles, so I really don't know if we were hit by anything but now we don't give anything the chance to give us a kicking.

I've heard lately that the 'windows 10' is being used by scammers that are sending out emails with the 'complete' windows 10 program ready to install 'just click here and we do it for you' only to lock your computer with the same ransom ware.

The internet is evil, but as long as you realize this you can avoid a lot of the problems.


----------



## artlife (Jan 15, 2010)

ShirlandDesign said:


> Got hit over the weekend, everything from the network server, bookkeeping, composition, everything encrypted.
> 
> p.s. "cryptowall" sorry


we run malwarebytes. One needs at least weekly off-site backups. It's really not just a question of malware/virus- but lightning, hardware failure, fire, etc. There are many ways to lose data so anything irreplaceable should be backed up off site, and what I mean is removable drives taken off site, not online backup. Online backup is not secure for sensitive company data, and connected storage such as One Drive, Dropbox, etc, are as vulnerable as local drives.


----------

