IT Security Stack Exchange
IT Security Stack Exchange

Questions tagged [ransomware]

Ransomware is a lethal kind of Malware that Encrypts your harddrive(s) and holds them hostage, providing the decryption key if you pay the hostage-taker(s) money (well-known variants are the FBI Virus and the Police Virus).

Ransomeware (malware variant), once infected with, holds your system (mostly harddrive(s) and/or storage media) hostage by either encrypting the info, or holding an OS hostage (non-encryption ransomware).

Questions aksed with this tag should have information concidering ransomware, having a system infected with Ransomware, having questions on preventing ransomware, etc.

For more information, please see these sites explaining ransomeware, its definitions, history, and more:

288 questions
81
votes
6 answers

Getting files back by paying Ransomware

A company I support/do work for has been hit with ransomware. I've gone down all the data recovery paths etc ... and the business has decided that paying the ransom is cheaper then rebuilding and trying to recover. My question is: has anyone gone…
Jason
  • 3,106
  • 4
  • 22
  • 24
69
votes
3 answers

How does ransomware get the permissions to encrypt your disk?

Recently, my employer blocked access to Gmail, Yahoo Mail, etc., because an employee downloaded an email attachment which contained ransomware and got their disk encrypted. QUESTION : How does ransomware get the root/admin permissions to encrypt…
irritable_phd_syndrome
  • 757
  • 1
  • 5
  • 6
47
votes
11 answers

Why are ransom attacks successful?

I just read that "ransom" attacks are on the rise - where the attacker uses a vulnerability to enable them to encrypt files and demand money for the key. Why is this any different to a disk failure, where the solution is "get the backup"?
GreenAsJade
  • 1,021
  • 1
  • 9
  • 10
45
votes
4 answers

Can the ransomware encryption key be derived from comparing encrypted and unencrypted files?

A firm has 10 million files, all ransomware encrypted, but the firm has all of those 10 million files backed up, and almost all of them have not changed. Would comparing all of those files against their unencrypted backups in addition to the other…
David Scott
  • 451
  • 1
  • 4
  • 3
41
votes
2 answers

How can ransomware be so prevalent when there is such a clear money trail to the attackers?

If there's one thing the Internet is good at, it's keeping track money and knowing where it has moved. Ransomware attacks typically request payment for a decryption key. How is it with such an easily tracked transaction that authors of ransomware…
Sidney
  • 699
  • 5
  • 10
21
votes
4 answers

How can ransomware know file types?

When ransomware searches the victim's files in scanning step, how can ransomware know the types of files? It can check the file name (e.g. book.pdf) or file signatures. What I'm wondering is when I change the extension in my file's name (say,…
Hwan
  • 255
  • 2
  • 3
11
votes
3 answers

How does genuine ransomware exist?

Typically, ransomware will encrypt the victim's files and ask for money in exchange for the decryption key. If you do pay the ransom, does it actually deliver on this promise? It seems to me that having employed the ransomware in the first place,…
Superbest
  • 1,104
  • 8
  • 21
8
votes
2 answers

Are machines patched against WannaCry protected against the ongoing Petya attacks?

Our environment has a few Windows 2012 R2 servers which is already patched against the WannaCry ransomware. The update installed was KB4012213. Is this good enough to protect against the ongoing Petya attacks? Anything else we should be doing…
Sreeraj
  • 1,317
  • 1
  • 14
  • 23
7
votes
1 answer

100% on all cpu cores in `htop`, but no process with high CPU usage shown

for context: my machine was hacked by junglesec today, so all user files are encrypted. I looked at htop and saw this. How can one hide process activity from htop (and top) and how can I find out which process is causing it?
nnolte
  • 171
  • 3
6
votes
2 answers

Why isn’t Secure Boot protecting against ransomware like PETYA

Some ransomwares, like PETYA, are encrypting the MBR and asking for a ransom. I don’t understand why Secure Boot isn’t preventing that of happening.
paulgreg
  • 163
  • 4
5
votes
5 answers

In the era of cryptolockers, is it possible to prevent Windows from modifying your Linux partition?

I could imagine that in few years, cryptolockers could become so advanced that instead of just encrypting some files on the partition of the current OS, they could also touch all other partitions on main drive (let's say in a laptop). Full hard…
Rok Kralj
  • 151
  • 3
5
votes
1 answer

Can ransomware hide in cloud storage/backup environments?

I currently use Dropbox as an online backup to protect my important files (work related, save files, some hobby projects) against data loss, including ransomware, hardware loss, theft,... However, I'm wondering whether this might actually cause more…
Nzall
  • 7,433
  • 6
  • 31
  • 46
5
votes
1 answer

Ransomware in virtual machines. Running Locky for testing security measures

We have several binaries of the ransomware Locky. We tried to run it in a virtual machine, which has several storages like Samba, etc. attached, in order to see how the files are going to be encrypted. Basically it starts, spawns its process and…
honze
  • 1,106
  • 1
  • 9
  • 19
4
votes
3 answers

Does Ransomware on one computer put entire network at risk?

I was visiting an office recently where one computer had become infected with a ransomware variant and turned off until the 'network guy' could come take a look (I don't know which one as no one took an image of the screen or was at all…
jclarkv
  • 495
  • 5
  • 10
4
votes
1 answer

How to combat Doxware?

There is seemingly very little information available about the emergence of ransomware; doxware. I could only find a couple of news articles suggesting that doxware encrypts your files, but also copies them over to the attacker. Current (server…
jortiexx
  • 141
  • 1
1
2 3 4