New MBR Infecting Ransomware 'Petya' Found In The Wild - Polidicks

[QUOTE=phygon;50019896]Four machines with the data copied between them? Sounds like if you get a virus you're just kinda opening the door for it to spread through your whole network automagically[/QUOTE] I don't automatically copy data. All of these PCs run different operating systems, one windows dualbooted with linux, two linuxes, one freeBSD, so I don't think I'll be having a problem of viruses jumping to every PC. It's just that the only media I care to preserve, my music and documents, are on multiple PCs. Unless I'm an idiot and give them root, the *nix viruses will just thrash my home directory typically if I get any due to permissions, which I then just delete the partition and then grab my files again from another PC. So I'm pretty safe I think.

[QUOTE=SharpTeeth;50016337]Bootkits are always a massive pain in the arse to remove. This is really evil stuff since it's ransomware too.[/QUOTE] They aren't. Just declare Exterminatus on your computer and send a hundred billion files to oblivion and wipe anything else that may be used as memory to back it up such as your bios and pull your memory and let them lose the charge.

[QUOTE=Passing;50020659]They aren't. Just declare Exterminatus on your computer and send a hundred billion files to oblivion and wipe anything else that may be used as memory to back it up such as your bios and pull your memory and let them lose the charge.[/QUOTE] OK, what if you need to preserve the data and programs?

[QUOTE='[EG] Pepper;50020977']OK, what if you need to preserve the data and programs?[/QUOTE] Backups.

[QUOTE=thelurker1234;50021077]Backups.[/QUOTE] Unless it is a system image, most backups do not backup programs. And that's assuming the user even does backups. You must only really use a reformat as a last resort. Some ransomware leaves volume shadow copies intact.

[QUOTE='[EG] Pepper;50021149']Unless it is a system image, most backups do not backup programs. And that's assuming the user even does backups. You must only really use a reformat as a last resort. Some ransomware leaves volume shadow copies intact.[/QUOTE] Backups will backup whatever you tell them to, though there is that registry that may provide complications on windows, in that case you might just backup configuration files. You can also easily redownload most programs. But yes, for most people just nuking their drive probably shouldn't be the first resort. But if your backup game is on point it can be your first resort, because it can be much easier to just reinstall everything than to remove a virus and then making sure everything checks out.

One time at work one of our employees got infected with ransomware, he had the domain controller share mapped as a network drive so it went around the DC encrypting everyone's shit and it rendered our accounting software unusable. That was a long night, had an iSCSI backup plan so nothing was lost.

[QUOTE=rndgenerator;50017399]It's either that or losing all your 2TB of data to ransomware. I think I know which option is better.[/QUOTE] You do realize that it would take me [b]over two years[/b] to upload that, right? 18747 Hours, 52 Minutes and 23 Seconds to be precise. Two [b]years[/b] to make a single backup. Download would be a bit faster, on the order of a month or two. Cloud backups are not practical for everyone.

[QUOTE=TestECull;50022282]You do realize that it would take me [b]over two years[/b] to upload that, right? 18747 Hours, 52 Minutes and 23 Seconds to be precise. Two [b]years[/b] to make a single backup. Download would be a bit faster, on the order of a month or two. Cloud backups are not practical for everyone.[/QUOTE] The unfortunate state of internet is that at the moment many people do not have access to decent upstream connections. It is only through the fruition of case examples where upstream is integral where upstream will become an actual commodity. It may take 2-5 years for providers to realise this (if their noses aren't already stuck elsewhere,) but once gigabit hits a decent stake of the population then I can only assume we will all experience gigabit soon.

[QUOTE=Stiffy360;50018517]Doesn't it also encrypt your important files? so even if you got them off they would be useless?[/QUOTE] This particular one encrypts the MFT, which keeps track of file system data. However, the actual file data is left intact so traditional file recovery techniques should be possible.