Fuente: http://news.softpedia.com/news/distributors-of-dridex-banking-trojan-take-a-break-deliver-ransomware-instead-500513.shtml
How to stay safe
- As always, don’t open suspicious attachments (e.g. .doc, .xls, and .zip files)
- Disable Microsoft Office macros by default and never enable macros in strange/unknown attachments that you receive via email
- Keep recent backup copies of important data in a secure place either online or offline
- Ensure that your system and applications are fully updated and patched
http://www.heise.de/security/meldung/Erpressungs-Trojaner-Locky-schlaegt-offenbar-koordiniert-zu-3104069.html
RSA und AES
Die Opfer der Ransomware sollen im Tor-Netz die "special software" Locky Decryptor kaufen, um ihre Daten zu entschlüsseln. Der Inhalt der Datei macht den Betroffenen wenig Hoffnung: Laut den Tätern verschlüsselt Locky mit RSA mit 2048 Bit Schlüssellänge und AES mit 128 Bit. Wenn das stimmt und die Entwickler bei der Krypto-Implementierung nicht gepatzt haben, besteht keine Hoffnung, die verschlüsselten Dateien zu retten. Eine unabhängige Analyse der von Locky eingesetzten Verschlüsselung steht derzeit noch aus. Aktuell ist kein Weg bekannt, die von Locky verschlüsselten Dateien ohne Zahlung des Lösegelds zu retten.
https://decrypter.emsisoft.com/
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1105975.aspx
https://support.kaspersky.com/viruses/disinfection/8547?
http://malwarefixes.com/remove-locky-ransomware-and-decrypt-files/
Was not able to do System Restore, nor Previous Versions (none found).
Took the hard drive out and attached it to another Windows 7 -64bit computer as a 2nd hard drive.
Ran antivirus scan against the encrypted drive. (clean).
Ran CHKDSK /R against the encrypted drive. (some tweaks, no bad sectors)
Put the hard drive back in original PC.
Was able to do System Restore.
Was able to turn on Service Volume Shadow Copy.
Was able to use Previous Versions!
pandaunransom.exe
32-bit Version – http://download.eset.com/special/ERARemover_x86.exe
64-bit Version – http://download.eset.com/special/ERARemover_x64.exe
---
Download ShadowExplorer
http://www.shadowexplorer.com/downloads.html
=====
http://www.heise.de/security/meldung/Erpressungs-Trojaner-CryptXXX-kostenlos-entschluesseln-3189766.html
http://www.techworld.com/security/7-best-ransomware-removal-tools-how-clean-up-cryptolocker-cryptowall-extortion-malware-3626974/
https://labs.bitdefender.com/2016/03/combination-crypto-ransomware-vaccine-released/
3 comments:
You can include this information about Locky to your guide too https://malwareless.com/locky-ransomware-goes-egyptian-style-with-osiris-extension/
Really Good article.provided a helpful information about Technicus stultissimus .keep updating...
E-mail marketing company in india
Post a Comment