Response to certain concerns in the comments: I’m aware that “pulling the plug” can destroy evidence for forensic investigators, but the value of potentially preventing a large amount of data from being encrypted in the first place can be much greater for the user than the slim chance of finding file traces or the encryption key in memory through a high cost forensic investigation. Of course it only makes sense if done early, and as with everything not everyone agrees. This video is meant to be a general guide for most people but of course it cannot tell you how to perfectly deal with every possible scenario.
Tips for avoiding ransomware in the first place: 1. don't click links in emails 2. don't download programs or microsoft docs off the internet 3. Don't visit sketchy websites 4. Don't touch popups or ads 5. don't plug random USB drives you find into your computer.
Make sure your backups are off line. Attackers tend to delete them. They have been on your network long before the encryption. Check who has admin rights on your network and reset all your password.
Thank you thank you thank you so much, my PC got attached by ransomware. My all the files got encrypted. Luckily I saw this video and I checked with 1 file, it got decrypted. So happy. Thank you so much. I got my all old memories thank you... Guys really it works.
getting rid of the "malware" is easy, the hard part is getting your data back. If you dont care about your data, just reinstall windows or format your pc
@@Boon_LightBurn For me, I did something else stupid, and attempted to restore cloned backups. I messed up, and the UEFI couldn't find the windows boot location. Then I facepalmed when I realized I could have just used Windows Restore for the issue. Was a bad day, but at least no data loss due to having backups.
I think the ultimate way around this is to just store any important/sensitive information in a secure cloud server environment (that doesn't sync with your computer) - just do it manually. No matter what happens to your computer, you should have a safe backup as well so that you can just format and restore to get the functionality back - but the whole time your data wouldn't even be in question. That's real peace of mind. Obviously there are other issues associated with keeping information in the cloud - but if you're using a unique secure password and 2FA with a good authentication app then there should be 0 concern. Any input is welcome though :)
Great video! You forgot two important points. 1) only way to be sure you system is clean is to nuke os from orbit. I mean clean reinstall deleting partitions. 2) if you have system restore enabled, you might get files back using tools that can extract files from system restore. I have had success with this several times.
Clean install will delete all files including system restore data. Use USB to boot from and delete all partitions in hard Drive to preform total clean install. So you have to get files from system restore before clean install. So be careful not to infect newly extracted files. It might be smart to use safe mode. Then application named ShadowExplorer you can extract files if system restore was enabled. Move them to external usb drive and then you can clean install. If my explanation was too difficult then turn to professional for help.
I had my entire OneDrive documents folder taken hostage by ransomware when I was 16. It was the week of my GCSE coursework hand ins for my Design class and I had to redo months of work in a few days. It was fucking traumatic and I hope to god as an adult I never get into this situation again.
it thought me a lesson, i bought 5 external hard drives for extra layers of protection, i transfer all my stuff to my external drive weekly for now on, 2 days ago i got all my thousands of photos and videos encrypted, thankfully i had them saved on my external hdd
@@TheGamingChad. What do you guys install to get yourselves in these situations? Do you go on sketchy websites? I am not judging I just have gotten into modding and don't want to ruin my new laptop.
This is why Google Drive is so handy for me. Anything that I consider sensitive/irreplacable is always kept in a backup folder that I could access at any time. In case I switch to a new PC or if by some chance I am attacked by ransomware
Thank you for the great information. Our company just got hit last night. Turned every file to a ". Nortron " extension. I'll do the steps as you described. Hopefully the files can be decrypted.
This is the most informative video I have found with information that is extremely helpful in the efforts of dealing with ransomware attacks. My question for you is, how in good god do you have all of those actual ransomware files to execute??
I wish I had this a few years ago. I do know the basics of Ransomware but your links for help I would have loved. Thank you SO much! I have saved and shared!
I setup my computer to survive a virus attack without relying on an antivirus program, which I have been doing from the early days of Windows. I got hit with a ransomware in the early days of this malware. It encrypted all the Windows doc, text and image files, but my personal files were uninfected, which included my jpg files I saved for my photography business. I laughed at the message it showed on my screen demanding I pay them, because I had backups of everything on CDs. I didn't have to use these backups, because of the steps I took to alleviate the threat. I was impressed at the level of encryption it did to Windows informational files, and I had to reinstall Windows, but I lost none of my personal files.
I needed that a month ago. I just reinstalled Windows and erased anything related to that piece of crap Ransomware. Thankfully I back up my files on a server separated from the attacked machine. And it forgot to actually encrypt my important data since I caught it mid-process when it was busy encrypting TEMP files x3
I wish I saw this a few months ago when I had to deal with it. I got rid of the ransomware, reset and changed the network password and saved a couple files but i didn't figure out how to decrypt the files that got infected. In my case it was the .hese extension. Back in August. Good thing that I had a backup of my most important files but I lost a couple beautiful memories.
Backups, backups, backups. Ransomware won't be able to touch your AWS S3 objects (unless it knows your root account password, in which case data loss is the least of your worries). It also won't encrypt your external hard drive unless it's plugged into your machine at that moment.
redundancy with randomly generated passwords saves that. ive got 3 accounts with a password i cant even remember and if they can get to the locked flash drive in a place i shant say to get to them...welll
Best case scenario, you actively back up your work and use external version control for any major project. Thus making it a simple case of wiping your drives and reinstalling your os. Worst case scenario, contact the ransom, ask for a demo to prove they arent just going to scam you further. Perhaps even pay a tiny fee to prove your intent of paying the full ransom. Take that demo to security expects to reverse engineer the ransom. What ever little you spent (if so) likely will help others in the long run.
Hey! Thats a great video. However I have a question, What would you suggest for downloading the decryptor or checking the ID-Ransomware website when the infected device is off network. Also, most enterprise usually tend to block mass storage devices? What would you recommend?
My solution is to always have backups, and not backups from like..months ago, but bi-daily backups....in other words I have backups from Sunday-Monday, that I overwrite with backups for Tuesday-Wednesday...which get overwritten with backups for Thursday-Friday..etc...and I rotate them and keep it steady and even, I guess once you get into a rhythm with making / storing, and overwriting backups?...ransom ware becomes a thing of the past. There's also the fact that you MUST change ALL passwords when/if you get hit with ransom ware, (I always encrypt my passwords and use long complex, yet easily remember-able passwords too...not a word really but a phrase....like (not ever used by me...just using this for an example): Take your name....say...its "Timothy".... SPLIT it "Timo-thy".... Place something INSIDE your split name....like ... "scH001Bu5"...... SPLIT that as well... "scH001-Bu5" in the middle of THAT?...place your birthdate... 00/00/0000....but use underscores instead: 00_00_0000 so you now have "TimoscH00100_00_0000Bu5thy"......now...take THAT?.. and ENCRYPT IT!...by the time someone cracks THAT?....you already have backups of your backups which are backups of your backups, and if they DO hit you with ransomware?...you can listen to some jazz, sip on some chilled wine...and smile as you restore your latest backup and change your passwords yet again. Just some simple advice from an old Network admin!...(sometimes..."simple" doesn't have to mean "vulnerable"!...LoL!!)
Really depends on the ransomware group, and depends if it's an individual or a business with cyber insurance. Fyi I only know that because the place I work at got hit with ransomware and I've been researching it since.
I’ve been pirating stuff for over a decade and not once have I ever had any virus/malware/ransomware, how do people even come across this sort of thing?
just plainly not having an antivirus plus not worrying or being unknowing of any viruses, plus cyber security is more tougher than it was 10 years ago, 10 years ago it was easy for a naive kid back then like i was to download a harmful virus, got a rogue antivirus but luckily some youtube videos figured out the activation key and allowed me to rid the program. nowadays i havent had a virus since that incident i described. and even when downloading stuff i get VERY skeptical when my antivirus goes off even if its a false alarm. i always find reviews, ask friends, and if i have to, use a vm to make sure its safe or not. tbh i tend to get scared connecting my laptop even on my college wifi because those places can be easy breeding grounds for a massive virus spread, i always use my phone instead.
The two primary vehicles I see working at an MSP are email related (attachments or links not yet identified by filters) and wide open remote desktop ports. The former we are training users against phishing with a service called KnowB4 that we launch phishing campaigns and get statistics on who goofed and how badly. Numbers have gone way down so it is successful.
not necessarily, it just havent hit you yet or may be youre just lucky.. if you are using cracked software there maybe 80% chance of getting hit by ransomware
4 роки тому+4
Then you are extremely ignorant. I guarantee you your system is infected. There's no way you have never come across infected Warez... they tend to install things in the background. You would never notice what's running in the background and sure it's pinging off of foreign servers.
you should also make a video on ransomware that locks the computer. my brother had a couple of them and i had to go through a few hoops to get them out without a format. as for data security, the best thing to do is get a 2TB+ USB drive (or more if needed), plug it in, make backups and then unplug it. this way you can be sure that nothing has access to the backups, then in case of ransomware, you deal with the problem and if no decryption is available you just restore the backups.
By recent past experience on a ransomware attack, I would recommend urgently to keep up-to-date the bios of the computer. It seems this was the only door open to get infected.
So in other words if there is a repair tool for the ransomware you have then you can repair the files if not restore from backup. This is a good reason to back up to a NAS device that uses unique login credentials and is not part of the domain. I have seen people get their backups encrypted too so no way to recover short of paying the ransom.
Yeah that's what i did about 2 years ago. I simply rolled windows back to the day before. Don't know if it works every time but it worked for me. Peace
Just have a backup, open up a mega account and you get 50gb for free, and get yourself a good external hard drive and do also a backup that way, i have 3 backups of all my data, i never dealt with ransomware, but its better to prevent than to heal, you never know if some family member put some pictures on a stick which has been infected by ransomware and gets onto your system that way. Just be carefull where you go online and what kind of foreign devices you plug into your pc
These scammers How much cash do they usually ask for, no particular reason just wondering why the heck this sort of thing still go's on in 2021 or am I being totally naïve. Very interesting video's I might add, thank you..
I use non-network connected external drives, that I write my data out to every few days. As a retiree, anything on my computer is likely a bunch of media files or games that I can re-download. I've always enjoyed the performance increase of a fresh windows install (a relatively quick task in 2022), so that's how I'd cure a ransomware attack. Wipe everything and move on. Personal files are always safe using offline storage solutions. Just don't plug the drive into an infected machine.
Always have a backup with all your files, as in a seperate drive. If you use an ssd or hdd, it doesn’t matter! Get a hard drive (cheaper) and copy your files on there. If you ever get a virus, shut down and unplug pc, remove your normal drive and plug in the backup and use that until you can wipe the main drive or fix it
that sounds scary, but i did the following, i got encrypted 2 days ago, first time actually, AFTER rebooting my pc i connected my external drive to my computer to transfer all my files to the computer again, am i good to go or did i do it anything wrong? and while my computer had ransomware i managed to move some stuff to my phone using an usb cable, my phone was not encrypted
since I formatted my computer after the attack my email accounts on social networks and even accounts that I didn't remember existed tried to be connected by strangers, what can that be?
Exactly same , my youtube channel started uploading videos which was logged in into my decrypted pc. Someone also tried using my Instagram and I am bit worried about my money as I do card payments from pc . Although the mail linked to Google pay was also in pc and I changed all of those account passwords , then also someone might use them for thier beneficiary. Plz reply me what all accounts and applications were compromised and need to secured
@@ClashWithArthur it’s very possible it was all broken into. Try to get into these accounts and change passwords + enable 2 step verification. Stop doing payment stuff on PC, do it on IPhone or something of that nature
@@bugginoutw2243 yes , I followed same path.first of all I changed all of my passwords even if they were not signed up into my pc. Then I went to my banks , met mangers and changed details for my online transactions. Also in one or two banks ,I made new account closing existing one.and last but not the least I made new bank account with very low balance just to do online transactions. it's been a while but thanks a lot for the reply!
yah ... you have to have BACK - UPS of your DATA ... but you also have to BACK - UP your BACK - UPS ... and if it isn't RANSOMWARE it's a failed / burnt out motherboard ... so what i recommend is to have 9 laptops ... 9 desktops , 9 HDD
Can you tell me what are some places where ransomware can infect you and also can i just format c if I don’t have any files i care about as i only have games. Im not very tech savvy so I’d love if someone explained this to me
@@vidzpit8264 no shit. I'm saying my files are stored on flash drives. I don't leave them plugged in 24/7. I plug them in when I want to use the files, then unplug them.
there is actually a better way, in 1 PC or Laptop, there is an option to have 2 accounts and more in 1 device, and you know what i mean at this point, as long as the files are seperated and not asccesible from one account to another then you are fine, but for safety measure, be sure to stop and remove the ransom on the account been infected first then remove then switch to your main account, backup all your important files and put it on Drive or somewhere safe, be sure to check if they are encrypted yet, if not then start back up those thing ASAP, then either remove the infected account of just hard reset the PC to it original state when you bought it
Step 2 can only be implemented if you don't need Windows specific softwares. It's great for people who do some web surfing, watch videos and stuff. And as you mentioned, with distros like Mint and Ubuntu, linux has become extremely user friendly.
@@smellymomo if you REALLY need a certain bit of windows software, use a VM or dual boot. just make sure that the windows VM/partition does not have access to your linux drives (hard to do anyways since windows hates anything to do with linux) if you need to transfer files between them, mount the windows partition in linux and move files there. always keep the files under linux and also a cold backup too if you wanna be extra safe (a drive that's unplugged most of the time)
Honestly, just owning it and not trying to hide it is partially why I watch you. It's the honorable thing to do and it make the rest of the jobs much more believe when you are call out of the spots like that, so thank you #davkracks.
Why isn’t there some software that detects that many files are bing encrypted at once like alert the user if more than 10 files are being encrypted at once 😒
Thank You kindly for the tips its kind of sad that these people will barely be punished, so lessen thier effectivness is noble deed. Can I ask how it works that files which take over your entire data are usually very small sized? and what are the most common ways to be infected? Sorry if thats silly question Im trying to be as cautious as I can but since Your Ccleaner video Im very stressed :)
The best computer professional is your past self, with frequent backup routine. You will be the only one that can save your future self from those situations.
Don't store lots of your data on the mounted hard-drive. Use removable USB or SD cards. Upload files to the cloud. Have a backup version of your favorite OS on a USB or CD ready to go, so you can simply clean-install and never be touched. That way you can skip all of this.
Response to certain concerns in the comments:
I’m aware that “pulling the plug” can destroy evidence for forensic investigators, but the value of potentially preventing a large amount of data from being encrypted in the first place can be much greater for the user than the slim chance of finding file traces or the encryption key in memory through a high cost forensic investigation. Of course it only makes sense if done early, and as with everything not everyone agrees. This video is meant to be a general guide for most people but of course it cannot tell you how to perfectly deal with every possible scenario.
I would go with unplugging the network card or switch!
@Deadpoppin Only if you have n word pass
Ok
@Deadpoppin Your n word pass please.
2019 has started with ransomware attacks and till this day we hearing ransomware attacks happening.
I hope I wont need to use this video in my lifetime
Same
@@malwaretestingfan im not a expert but i think it depends on the kind of ransomware and what methods and algorytms it uses to encrypt
Backup
@@malwaretestingfan how does renaming the zip file to exe help?
@@felixiii4186 Simple. Ransomwares always avoid EXE files, to not corrupt themeselves.
Tips for avoiding ransomware in the first place:
1. don't click links in emails
2. don't download programs or microsoft docs off the internet
3. Don't visit sketchy websites
4. Don't touch popups or ads
5. don't plug random USB drives you find into your computer.
your steps suck
@@1980woodpixie Your comment rocks!
There is a special place in hell for ransomware developers
@Geek Gamer Not always.
@Geek Gamer make a new market..smh
For such people hell does not even exist. Rather address the gullibility on the other side of the keyboard. Backup backup and backup your data.
who knows, people who made this are top Avast or Cisco employees?
@@HK-sw3vi i mean avast is a literal scareware. and cisco.. oh boy.
Make sure your backups are off line. Attackers tend to delete them. They have been on your network long before the encryption. Check who has admin rights on your network and reset all your password.
Air gap'd backups are a must for every network! Do not leave the only copy of your data connected to the computer/network!!!!!
Good comment and reply.
Or on connected cloud storage with an account with read privileges only. And use a different account on a VM every time you need to create/upload them
What do people mean by network? Your wifi network?
@@yannick6303 they will be inside your organisation moving around the corporate network. They will know more about your internal network than you do
200 IQ move:
Encrypt your files before a ransomware can.
its prettygood genius
Big brain
its not that easy , windows services will not fuction as they target .dll files too
it'lll just encrypt it again
My friend does it lol
Thank you thank you thank you so much, my PC got attached by ransomware. My all the files got encrypted. Luckily I saw this video and I checked with 1 file, it got decrypted. So happy. Thank you so much. I got my all old memories thank you...
Guys really it works.
How do you do it
How do you do that?
Explain us... How?
Yay UwU
getting rid of the "malware" is easy, the hard part is getting your data back.
If you dont care about your data, just reinstall windows or format your pc
i've had to do that but i havent had ransomware yet, just me being stupid and accidently deleting the boot file
@@ChrissQuartz how do you accidentally delete the boot file
Did you corrupt your bios or something
Also don't forget to secure your network, passwords, services, and the like so it doesn't happen again
@@Boon_LightBurn For me, I did something else stupid, and attempted to restore cloned backups. I messed up, and the UEFI couldn't find the windows boot location. Then I facepalmed when I realized I could have just used Windows Restore for the issue. Was a bad day, but at least no data loss due to having backups.
@@JohnSmith-xf1zu that sounds like a bad day, I am sorry sir
*just pull out an uno reverse card so now they pay you*
Big brain
No u
@@prettyepicname 👍
Lol
😁
I think the ultimate way around this is to just store any important/sensitive information in a secure cloud server environment (that doesn't sync with your computer) - just do it manually. No matter what happens to your computer, you should have a safe backup as well so that you can just format and restore to get the functionality back - but the whole time your data wouldn't even be in question. That's real peace of mind. Obviously there are other issues associated with keeping information in the cloud - but if you're using a unique secure password and 2FA with a good authentication app then there should be 0 concern. Any input is welcome though :)
Auto syncing is absolutely fine as far as your backup cloud offers Ransomeware immunity or backup versioning.
Great video!
You forgot two important points.
1) only way to be sure you system is clean is to nuke os from orbit. I mean clean reinstall deleting partitions.
2) if you have system restore enabled, you might get files back using tools that can extract files from system restore. I have had success with this several times.
which files?
@@nimalsenna personal files, documents.
Am I to use system restore before or after reinstalling windows
Clean install will delete all files including system restore data. Use USB to boot from and delete all partitions in hard Drive to preform total clean install.
So you have to get files from system restore before clean install. So be careful not to infect newly extracted files. It might be smart to use safe mode. Then application named ShadowExplorer you can extract files if system restore was enabled. Move them to external usb drive and then you can clean install. If my explanation was too difficult then turn to professional for help.
I had my entire OneDrive documents folder taken hostage by ransomware when I was 16. It was the week of my GCSE coursework hand ins for my Design class and I had to redo months of work in a few days. It was fucking traumatic and I hope to god as an adult I never get into this situation again.
it thought me a lesson, i bought 5 external hard drives for extra layers of protection, i transfer all my stuff to my external drive weekly for now on, 2 days ago i got all my thousands of photos and videos encrypted, thankfully i had them saved on my external hdd
@@TheGamingChad. What do you guys install to get yourselves in these situations? Do you go on sketchy websites? I am not judging I just have gotten into modding and don't want to ruin my new laptop.
@@couragecrusader7649 answer this man!
i am currently 16 and my OneDrive, containing my research, is at same situation. wtf do i do🧎♀️🔥
Well there’s no guarantee that the authors of the ransomware would give you the encryption key even if you pay up. So you’re screwed either way.
UA-cam is recommending me one of your videos called "My Security 2015", and I want to see your security in 2019.
This is why Google Drive is so handy for me. Anything that I consider sensitive/irreplacable is always kept in a backup folder that I could access at any time. In case I switch to a new PC or if by some chance I am attacked by ransomware
Thank you for the great information. Our company just got hit last night. Turned every file to a ". Nortron " extension.
I'll do the steps as you described. Hopefully the files can be decrypted.
Everybody gangsta until the decryption file you download is another ransomware
Someone should send this to the Louisiana government. They recently got hit hard by some ransomeware attacks
@@ahsookee Well, it's a government agency hit. They have the money ¯\_(ツ)_/¯
@@Appoxo with elections coming up soon this is sad to hear
@@ahsookee Absolutely. It could be also Megacortex; also, most ransomware intrusion on companies are product of second intrusion and hacking.
@@Appoxo They have our money!
@@lesliesavege1206 Communism intensifies
This is the most informative video I have found with information that is extremely helpful in the efforts of dealing with ransomware attacks. My question for you is, how in good god do you have all of those actual ransomware files to execute??
I wish I had this a few years ago. I do know the basics of Ransomware but your links for help I would have loved. Thank you SO much! I have saved and shared!
Backup to cloud. I suggest mega
Thanks, Leo.
I setup my computer to survive a virus attack without relying on an antivirus program, which I have been doing from the early days of Windows. I got hit with a ransomware in the early days of this malware. It encrypted all the Windows doc, text and image files, but my personal files were uninfected, which included my jpg files I saved for my photography business. I laughed at the message it showed on my screen demanding I pay them, because I had backups of everything on CDs. I didn't have to use these backups, because of the steps I took to alleviate the threat. I was impressed at the level of encryption it did to Windows informational files, and I had to reinstall Windows, but I lost none of my personal files.
Is your personal files is on different partition or different disk?
I needed that a month ago. I just reinstalled Windows and erased anything related to that piece of crap Ransomware. Thankfully I back up my files on a server separated from the attacked machine. And it forgot to actually encrypt my important data since I caught it mid-process when it was busy encrypting TEMP files x3
i believe that the best protection is to use two external drive and alternate them and unplug them as soon as your backup is done
I wish I saw this a few months ago when I had to deal with it. I got rid of the ransomware, reset and changed the network password and saved a couple files but i didn't figure out how to decrypt the files that got infected. In my case it was the .hese extension. Back in August. Good thing that I had a backup of my most important files but I lost a couple beautiful memories.
How did you got it ?
Backups, backups, backups. Ransomware won't be able to touch your AWS S3 objects (unless it knows your root account password, in which case data loss is the least of your worries). It also won't encrypt your external hard drive unless it's plugged into your machine at that moment.
redundancy with randomly generated passwords saves that. ive got 3 accounts with a password i cant even remember and if they can get to the locked flash drive in a place i shant say to get to them...welll
My brother had a laptop that was infected with ransonware some years ago. He got rid of it with a complete wipe and reload of his laptop.
no shit, windows format is the only way
Best case scenario, you actively back up your work and use external version control for any major project. Thus making it a simple case of wiping your drives and reinstalling your os.
Worst case scenario, contact the ransom, ask for a demo to prove they arent just going to scam you further. Perhaps even pay a tiny fee to prove your intent of paying the full ransom.
Take that demo to security expects to reverse engineer the ransom. What ever little you spent (if so) likely will help others in the long run.
Hey! Thats a great video.
However I have a question, What would you suggest for downloading the decryptor or checking the ID-Ransomware website when the infected device is off network. Also, most enterprise usually tend to block mass storage devices?
What would you recommend?
Phone tethering?
My solution is to always have backups, and not backups from like..months ago, but bi-daily backups....in other words I have backups from Sunday-Monday, that I overwrite with backups for Tuesday-Wednesday...which get overwritten with backups for Thursday-Friday..etc...and I rotate them and keep it steady and even, I guess once you get into a rhythm with making / storing, and overwriting backups?...ransom ware becomes a thing of the past. There's also the fact that you MUST change ALL passwords when/if you get hit with ransom ware, (I always encrypt my passwords and use long complex, yet easily remember-able passwords too...not a word really but a phrase....like (not ever used by me...just using this for an example):
Take your name....say...its "Timothy"....
SPLIT it "Timo-thy"....
Place something INSIDE your split name....like ...
"scH001Bu5"......
SPLIT that as well...
"scH001-Bu5"
in the middle of THAT?...place your birthdate...
00/00/0000....but use underscores instead:
00_00_0000
so you now have "TimoscH00100_00_0000Bu5thy"......now...take THAT?..
and ENCRYPT IT!...by the time someone cracks THAT?....you already have backups of your backups which are backups of your backups, and if they DO hit you with ransomware?...you can listen to some jazz, sip on some chilled wine...and smile as you restore your latest backup and change your passwords yet again.
Just some simple advice from an old Network admin!...(sometimes..."simple" doesn't have to mean "vulnerable"!...LoL!!)
How much these criminals usually ask to decrypt your files?
Really depends on the ransomware group, and depends if it's an individual or a business with cyber insurance.
Fyi I only know that because the place I work at got hit with ransomware and I've been researching it since.
I'm gunna leave a sticky note on my desktop with the link to this video just in case this happens. Thanks bro.
Just backup to cloud. These days they have automatic backup services that make it easier
“Im gonna give a live demonstration, so were gonna infect this system with ransomware”
*pulls out a whole folder of ransomwares*
still works! followed steps exactly and it works, thx a ton and keep up the awesome videos
I’ve been pirating stuff for over a decade and not once have I ever had any virus/malware/ransomware, how do people even come across this sort of thing?
Dark web my guess
just plainly not having an antivirus plus not worrying or being unknowing of any viruses, plus cyber security is more tougher than it was 10 years ago, 10 years ago it was easy for a naive kid back then like i was to download a harmful virus, got a rogue antivirus but luckily some youtube videos figured out the activation key and allowed me to rid the program.
nowadays i havent had a virus since that incident i described. and even when downloading stuff i get VERY skeptical when my antivirus goes off even if its a false alarm. i always find reviews, ask friends, and if i have to, use a vm to make sure its safe or not.
tbh i tend to get scared connecting my laptop even on my college wifi because those places can be easy breeding grounds for a massive virus spread, i always use my phone instead.
The two primary vehicles I see working at an MSP are email related (attachments or links not yet identified by filters) and wide open remote desktop ports. The former we are training users against phishing with a service called KnowB4 that we launch phishing campaigns and get statistics on who goofed and how badly. Numbers have gone way down so it is successful.
not necessarily, it just havent hit you yet or may be youre just lucky.. if you are using cracked software there maybe 80% chance of getting hit by ransomware
Then you are extremely ignorant. I guarantee you your system is infected. There's no way you have never come across infected Warez... they tend to install things in the background. You would never notice what's running in the background and sure it's pinging off of foreign servers.
you should also make a video on ransomware that locks the computer. my brother had a couple of them and i had to go through a few hoops to get them out without a format. as for data security, the best thing to do is get a 2TB+ USB drive (or more if needed), plug it in, make backups and then unplug it. this way you can be sure that nothing has access to the backups, then in case of ransomware, you deal with the problem and if no decryption is available you just restore the backups.
And actually get at least two of these backup drives. Nothing sucks more than needing your backup and finding out the USB stick you put it on is dead.
dang now i have a way to fight this kind of stuff since its been on the rise as of late.
By recent past experience on a ransomware attack, I would recommend urgently to keep up-to-date the bios of the computer. It seems this was the only door open to get infected.
Since my systems do not have sensitive files I just do a full wipe and reboot
Neither do I, but i had a lot of games and movies on my device. Losing files can be heartbreaking y'know.
So in other words if there is a repair tool for the ransomware you have then you can repair the files if not restore from backup. This is a good reason to back up to a NAS device that uses unique login credentials and is not part of the domain. I have seen people get their backups encrypted too so no way to recover short of paying the ransom.
You can do system restore on Windows also!!
Yeah that's what i did about 2 years ago. I simply rolled windows back to the day before. Don't know if it works every time but it worked for me.
Peace
Not really some ransonware will not let you system restore
@@thatguyyouseeeverywhere8886 then format the drive or if not just open the pc and take it out go and put another one if you have one
Just have a backup, open up a mega account and you get 50gb for free, and get yourself a good external hard drive and do also a backup that way, i have 3 backups of all my data, i never dealt with ransomware, but its better to prevent than to heal, you never know if some family member put some pictures on a stick which has been infected by ransomware and gets onto your system that way. Just be carefull where you go online and what kind of foreign devices you plug into your pc
I just checked ID Ransomware and it says it supports Spora, have they added support since you recorded this yesterday?
... maybe
from what i tried they dont have redeye or wannacry yet
@@HideoKojima_EN interesting. At first glance it looked like wanna cry was in the list of supported ransomware
@@Samiozd thats not how it works it doesnt just check the name
I keep isolated system backups. I would do a restore using a full wipe of the partition before restoring.
I notice you never brought up a full system restore.
These scammers How much cash do they usually ask for, no particular reason just wondering why the heck this sort of thing still go's on in 2021 or am I being totally naïve.
Very interesting video's I might add, thank you..
1:05
*pulls out my grandfather's life support*
this comment is so underrated.
I use non-network connected external drives, that I write my data out to every few days. As a retiree, anything on my computer is likely a bunch of media files or games that I can re-download. I've always enjoyed the performance increase of a fresh windows install (a relatively quick task in 2022), so that's how I'd cure a ransomware attack. Wipe everything and move on.
Personal files are always safe using offline storage solutions. Just don't plug the drive into an infected machine.
Can I store some important "Ransomware (phobos) encrypted files" in another pc for further/future decryption without being infected??
Always have a backup with all your files, as in a seperate drive. If you use an ssd or hdd, it doesn’t matter! Get a hard drive (cheaper) and copy your files on there. If you ever get a virus, shut down and unplug pc, remove your normal drive and plug in the backup and use that until you can wipe the main drive or fix it
"Half the time the ransomware will encrypt your backup once u connect it to your PC"
*Laughs in stack of DVD-R's*
Read-only cloud storage is also nice ;)
@ then your just trusting someone else to hold all your data for you .-.
that sounds scary, but i did the following, i got encrypted 2 days ago, first time actually, AFTER rebooting my pc i connected my external drive to my computer to transfer all my files to the computer again, am i good to go or did i do it anything wrong? and while my computer had ransomware i managed to move some stuff to my phone using an usb cable, my phone was not encrypted
If you are planning to put everything on DVD's, why bother, buy a Blu-ray drive and couple of those double layer double side 100GB discs
Good content 👍 For my sight I prefer back up solutions routine. Sperate from any source connect to internet.
Note: Do not execute any virus on real computer, use virtual machine or dont execute them at all. It's for your safety.
Don't forget to close your internet connection, and make sure the malware can't leak from the vm
Thank you bro.
My data files infected by iisa (dajavu Ransom )
Now I would decript my files.
😘
if onedrive is mounted to documents , pictures, desktop, will the ransomware be able to encrypt that, if yes, is it recoverable from cloud
Yes but you can restore these files very easily: support.office.com/en-us/article/Restore-your-OneDrive-fa231298-759d-41cf-bcd0-25ac53eb8a15
OneDrive has retention but only for a limited period of time, you should not use onedrive or any cloud file services as a backup system
one drive is not hackable at this moment we are doing this to use ai to hack shainghai
One drove is usefull but makes pc very slow
this video is literally the embodiment of the quote: "having a gun without needing it is better than needing it without having it"
Please don't pay ransom:
All hackers: *triggered*
I'd always recommend backuping. Can be annoying but is SUCH A RELIEF! if something like this shit happens.
I dont think its nearly so annoying these days. Can set up auto backup to the cloud and deletion for added security
since I formatted my computer after the attack my email accounts on social networks and even accounts that I didn't remember existed tried to be connected by strangers, what can that be?
Exactly same , my youtube channel started uploading videos which was logged in into my decrypted pc. Someone also tried using my Instagram and I am bit worried about my money as I do card payments from pc . Although the mail linked to Google pay was also in pc and I changed all of those account passwords , then also someone might use them for thier beneficiary. Plz reply me what all accounts and applications were compromised and need to secured
@@ClashWithArthur it’s very possible it was all broken into. Try to get into these accounts and change passwords + enable 2 step verification. Stop doing payment stuff on PC, do it on IPhone or something of that nature
@@bugginoutw2243 yes , I followed same path.first of all I changed all of my passwords even if they were not signed up into my pc. Then I went to my banks , met mangers and changed details for my online transactions. Also in one or two banks ,I made new account closing existing one.and last but not the least I made new bank account with very low balance just to do online transactions. it's been a while but thanks a lot for the reply!
Thankyou very much for uploading this video but sadly my version of ransomware isnt decrytable !
Merry christmas to you and family and a happy free virus 2020 year , greetings from hans of the dutch lowlands nl 👍👌
"free virus 2020 year"
This comment definitely did not age well
Kian Santang Kusumah ikr
yah ... you have to have BACK - UPS of your DATA ... but you also have to BACK - UP your BACK - UPS ... and if it isn't RANSOMWARE it's a failed / burnt out motherboard ... so what i recommend is to have 9 laptops ... 9 desktops , 9 HDD
If you don't care for data JUST REINSTALL WINDOWS FFS
Exactly what i did😂
SAME. Haha
i think almost everyone does that. simple and easy. everyone's just bieng techy in the comments LOL
Same
How did you guys get ransomware?
Same I did 🤣🤣🤣
Great video and just subscribed. Thank you.
i dont store super secret stuff on my computer so if i ever get ransomware i have no problem doing a factory reset
they got my anime wallpapers
Lmfaaaaao
My friend got infected with Cerber Green ransomware 2 years ago and lost all of his data. Very upsetting for him and his business
Thank you. Now I'm calmer about my attack.
This is me listening to Leo in the background while I do work
Backup your computer regularly, people! My high school recommended doing so every Friday, so that's what I've done for years.
Super useful high-level video, thanks!
I remember getting ransomware on my computer like 10 years ago from downloading Terrordrome, CSGO, and Fallout 2 on super sketchy sites💀
Aren't there some ransomwares that prevent you from running certain applications, such as anti-malware or decryptors?
This Video : **Exists*
Me : Dont Use Computer lol
Can you tell me what are some places where ransomware can infect you and also can i just format c if I don’t have any files i care about as i only have games.
Im not very tech savvy so I’d love if someone explained this to me
I just keep all important files on flash drives. If I was infected I would long format the drive and then reinstall windows.
Ransomware will typically encrypt any devices connected to infected systems
@@vidzpit8264 no shit. I'm saying my files are stored on flash drives. I don't leave them plugged in 24/7. I plug them in when I want to use the files, then unplug them.
after watching this video i'm not gonna download anything that isn't from a widely trusted source.
the dislikes are ransomware makers
Yes.
I was trying to find some clip like this but I just couldn't find it, and UA-cam recommended me after I got rid of my important files...
will they know my ip address ?? i have the .booa virus on my pc and my pc dont have any important stuffs so lol
there is actually a better way, in 1 PC or Laptop, there is an option to have 2 accounts and more in 1 device, and you know what i mean at this point, as long as the files are seperated and not asccesible from one account to another then you are fine, but for safety measure, be sure to stop and remove the ransom on the account been infected first then remove then switch to your main account, backup all your important files and put it on Drive or somewhere safe, be sure to check if they are encrypted yet, if not then start back up those thing ASAP, then either remove the infected account of just hard reset the PC to it original state when you bought it
Step 0: Have backups
Step 1: Nuke the install from orbit
Step 2: Install Linux instead
(I'd reccomend Linux Mint if you're used to Windows.)
@Leon Voerman most common ransomware is made for Windows, so it doesn't work on oinux
@@sybrenvandenakker9064 www.notebookcheck.net/Lilu-Lilocked-ransomware-has-now-infected-thousands-of-Linux-servers.434547.0.html
Step 2 can only be implemented if you don't need Windows specific softwares. It's great for people who do some web surfing, watch videos and stuff. And as you mentioned, with distros like Mint and Ubuntu, linux has become extremely user friendly.
@@smellymomo if you REALLY need a certain bit of windows software, use a VM or dual boot. just make sure that the windows VM/partition does not have access to your linux drives (hard to do anyways since windows hates anything to do with linux)
if you need to transfer files between them, mount the windows partition in linux and move files there. always keep the files under linux and also a cold backup too if you wanna be extra safe (a drive that's unplugged most of the time)
There are thingies for linux as well, trust me on that one.
This is the worst thing that has ever happened to me hours of work thousands of beats gone in a second for what.
Honestly, just owning it and not trying to hide it is partially
why I watch you. It's the honorable thing to do and it make
the rest of the jobs much more believe when you are call
out of the spots like that, so thank you #davkracks.
Thanks for Sharing.... Really good to know how to react when hit by Ransomware....
Wazuh is a good SIEM to use which can monitor file changes..
I feel like ransomwares came from the internet so that's where I'm going to plug out
I’m always so careful with my backup external drive, and the one time I left it plugged in this happened 😞
Just came across your channel and you have a new subscriber.
Silly question but, what is an average price these ransomware hoodlums usually ask?
I subscribed on this video... Great information.. how have you downloaded ransomware.. please make one video
Demonslayer what a fricken MVP
I'm here after Conti Ransomware took down Ireland's HSE Health Service network
You actually have a folder, with these WMOs. :-O
If you already have encrypted files what can they encrypted?
Why isn’t there some software that detects that many files are bing encrypted at once like alert the user if more than 10 files are being encrypted at once 😒
Thank You kindly for the tips its kind of sad that these people will barely be punished, so lessen thier effectivness is noble deed. Can I ask how it works that files which take over your entire data are usually very small sized? and what are the most common ways to be infected? Sorry if thats silly question Im trying to be as cautious as I can but since Your Ccleaner video Im very stressed :)
Me: *watching video to deal with ransomware*
The hacker that been spying me: *panik*
I just did backup and it worked :D, at least with most of files :(
The best computer professional is your past self, with frequent backup routine. You will be the only one that can save your future self from those situations.
Don't store lots of your data on the mounted hard-drive. Use removable USB or SD cards. Upload files to the cloud. Have a backup version of your favorite OS on a USB or CD ready to go, so you can simply clean-install and never be touched. That way you can skip all of this.