Ransomware As Fast As Possible

Back your data to an external Hard drive, then UNPLUG that drive from your computer. Leaving it plugged in is a huge no no.

This is why I use MalwareBytes. Even if a malware prevents it from scanning, I can boot it's chameleon mode and make my PC think it's actually just launching say Firefox, while it is actually just doing a deep scan.

my friend had a " you downloaded child porn or illegal music" I charged him 100$ to wipe his pc

Luke as fast as possible

Vinyl records as fast as possible

7/11 was a part time job

Happened to me once years ago every time i turned pc i got an fake Australian police screen saying i had downloading child porn and illegal dvds etc, and asked me to pay "a fine" to unlock it. PC guy removed it but was like 100 bucks!!! Good times!

Depending on the virus, I actually find the challenge of removing it fun sometimes, not that I want to get hit with one again...

When I worked at a PC repair shop I had at least 3 computers come in every week with one of these.
Happily only the "Lock out" type which is quite easy to deal with. Most of the time they are just simple programs that are set to always be on top.
We did have someone who spent a crazy amount before he finally decided that maybe he should come to a computer shop to ask for advice.
I was always glad to have a "fast as possible" episode to quickly show them, and explain the kind of problem they are having, and why they should just come to someone for help rather then just believe what these viruses are telling them.

Some of the worst kind of malware so far.
Most that I've seen people get just show back up w/in 30 days even if people pay.

Last month my toaster was infected with ransomware. Fortunately, true to their word, after I paid them the money my toast popped up. However, it was burnt pretty bad. I also despise ransomware.

When I worked at a PC repair shop, 99% of 'repairs' were malware removal, and 90% of those were regular customers who constantly got their machines infected. One of those customers didn't seem to understand why he should have to keep paying for our services when we had done the very same job the other day.
I honestly don't understand how people get infected so often. I haven't had malware for years.

Ransomware: GIMME ALL YOUR MONEY OR THE HARD DRIVE GETS IT!
Me: *hands over all money*
Ransomware: PSYCH! *headshot*

And this is the exact reason why I always back up my files in multiple different locations. This is the worst thing that can happen other than a failure in your system

So I work for Geek Squad (I get awesome benefits, suck it). The most common issue I see people having is ransomeware. Specifically, since I'm in Canada, people get a pop-up from the "RCMP" saying their computer was used for child porn and they can not go to prison by paying 250 bucks. We usually just do what Linus said, boot to Safe Mode and run a custom antivirus to see if that fixes it, and if it doesn't, we backup the user data and wipe to whatever version of Windows they had. Which I always feel sorry that they had to pretty much start from scratch. But I've been virus free on my PCs since 2010 with only the free version of Avast, so maybe it's a learning lesson.
Be safe on the internet, folks.

I remember it was pretty much a link to Ransomware for me. I was just searching the internet. Randomly some pop up ad tells me I'm searching up something extremely illegal and the cops were already headed my way.
I then just restarted my PC and nothing else happened.

I'm glad you're saving technology around the world, love your vids

"Your battery system has been infected malware! Tap here to upgrade battery system NOW and get 100% more battery time!"
Hehe. These kind of fake warning-ads are funny.

BIOS infection as fast as possible...
Boy, if you thought that get a malware in your hard drive was bad... the BIOS infection is a real nightmare.

I don't know if you guys ever read my comments in the past about making a video like this, but thank you , glad to share this with my clients.

"You know what Toby, when the son of the deposed king of Nigeria emails you directly, asking for help, you help! His father ran the freaking country! Ok?" - Michael, The Office America

This video popped on top of recommendations since this WannaCry thing is everywhere

Love me some ransomware :)

I just went through this with a neighbor. Fortunately, it was a new PC and I just did a recovery of the OS.
All is good ... until the next time she falls for it.

"Download ram" as fast as possible pls

who is watching this after getting to know about Wannacry.

thank you Linus for the ransomware video. i got hit hard and wanted someway to tell others about it. i got hit by the encryption type.. hopefully others will be spared from this kind of virus.

Thank goodness I'm so obsessed with backing up data. I could reset my entire operating system and I will have lost literally nothing.

I got hit by the second one because my stupid cousin tried downloading gta 5 for free on my PC.

that all in one pc burn..

This is so relevant today even though this was two years ago

My school literally got a message that they were a victim of ransomware

Unless they got in your BIOS/UEFI, there is always the option to reformat and start from scratch. Just hope you have family photos and the like, backed up somewhere and change the passwords for those services. Don't ever pay these criminals.

The first virus I've ever had on my Mac was ransomware, had my computer completely locked down and even hard reboots wouldn't get rid of. I eventually figured out how to remove it, but even still freaky stuff.

A quick little related fact:
Some months ago the city hall from a small town here in Brazil got victim of BitLocker. After a long analysis and failed attempt to decrypt the important files the conclusion from the engineers and analysts was simply to pay the ransom as it would be impossible to decrypt the files and yeah, don't be shocked this is Brazil, the city hall didn't had any backup of any file. And to make the whole thing event more interesting, its illegal to a public entity to pay for extortion with public money, so this city mayor got REALLY screwed.

Last year my step mother's pc got hit with a nasty bit of ransomware. It locked down all her personal pics, docs and vids with a ridiculous 2048 bit encryption. A little over 6 years of data and almost 9000 files that couldn't be recovered. I just about pulled all my hair out for nothing.

Whenever I need to remove a virus from a computer I use the ultimate Nuke 'n Pave method of erasing and formatting the storage devices and reflashing the firmware of every flash chip, 100% of the time. No other method has the advantages of 100% guaranteed removal of all malicious software without having to interact with any of it. When it comes to encrypted files, it is easy to act like the virus has ATA secure erased an SSD containing them, so they cannot be accessed anymore, and the Nuke 'n Pave method works equally well in this case as with all other cases.

I once had a website show up saying my files on my hard drive has been encrypted and I had to pay Bitcoins to decrypt them. The joke is, I was using my Chromebook and everything is in the cloud. xD

And it's happening. Great.

I love the distain he has when he says "all in one pc". classic.

Arduino as fast as possible!!

You should do Potentially Unwanted Software (PUP).

I remember when I got infected with ransomware... it, fortunately, just locked my computer off and didn't touch my data.

Really useful to know, thanks!

who's here after " wannacry "

Women As Fast As Possible

Reminds me of the ones that ring you on your phone, my mother got a call from one of these, they hung up quickly since she didn't own a computer.

Love the all in one pc dig at the end lol

when has the FBI EVER advised ANYONE to "just pay the random"!!?? this sounds suspiciously false. I'd like to see you cite your sources on this

Hey linus, your video was on the radio in the States:D

For the people that are wondering, yes you can format your whole PC which works fine if it is just on your PC. However certain versions of this nasty thing got network capabilities and that is where it really starts stinking. We had one of these things at work because a certain user clicked on a bad link and spend over 2 weeks doing nothing but trying to get it off the network and restoring data. Your backup data is only safe if it is not actually connected to the network itself else a ransomware might find its way to there as well.

Banner ads? Ads? oh right, those things I exterminated from my parent's pc and my sibling's pc with an Ad-Blocker.

Ransomware is great they have Indian call centers.

I work in an IT Support centre. A school we support got Locky on their server via an email a teacher opened. Luckily she didn't have many permissions so it didn't spread much. We removed it and booted up the last known good (which was the night before so nothing was lost)

I remember a few years back having my computer locked for "distributing illegal music..." yes, as if the music were illegal, not the distribution "... child pornography, and or animal pornography"
not even sure if that last one is illegal or not but i hadn't been involved in any of them so that alone told me it was a hoax
i mean seriously $500 to not serve a prison sentence? what kind of law enforcement actually runs that way?

Who came here from WannaCry(pt) ?

Anyone watching this in 2017 after wannaCry attack?

Thank you sir

Ugh... I had this problem with my 70+ year old neighbor. She had her 5000 pictures encrypted because she thought she won a trip to Spain. Good times

I am watching this video because I was trying to understand a video where a guy downloaded as much malware as he could

Thank you so much for this video 👍🏻👌🏻✌🏻

I've had to fix my grandparents computer wayyyy too may times, while saying: stop clicking random stuff until I am blue in the face... they are going to do it again (x _ x)

I DON'T KNOW WHAT TO BELIEVE RIGHT NOW. WHAT DO I DO?!

Only have one virus in the 13 or so years I've been using computers. Was on my PC one night, browser closed on it's own. Re-opened it and in the address bar something typed "We were having so much fun." Pooped my pants a little, shut down, formatted all drives.

I removed it for a friends pc recently, I just did a fresh install and wiped the drive completely. Took care of the problem! Hope this helps :)

I have had "Microsoft Support" call me several times on my land line, telling me that I have malware on my computer. They direct you to do this and do that so they can get access to your computer so "they can remove the malware". Right. Well, Microsoft doesn't call you - you call Microsoft Support for problems like this. Microsoft can't even know you have malware on your computer unless you tell them. If someone calls to tell you about the malware on your computer, tell them you have an Apple, then hang up. It's been a while since I got a call from them, so maybe they've given up on me for a while.

thankyou it was really informative sir

Randsomware sounds like a fair description of subscription-based antivirus programs that don't uninstall properly.

A few years ago, I got locked out of my PC for 'illegal activities', which was ransomware, and system restore solved my problem.

I had it happen today. It happened when there were ads that were made invisible and stretch across the screen so no matter where you click it still opens. I wish i could just kick this thing down as im poor and i cant afford this or even an updated antivirus as it gets as expensive as an operating system.

just an FYI for people, the cryptolocker version of this malware can spread to and encrypt files on a NAS so please use off site backup/ drop box

The encryption algorithm has nothing to do with the malware being able to load it's self during safe-mode.
Most ransomware targets files in the users directory.
What makes malware able to load during safe-boot is by loading it in the MBR before Windows begins to initiate, it's called a bootkit.

This is why i have both a 3 TB drive for monthly backups, and i do weekly backups to my home file server with shadow copy through freenas. then on top of that i have all of my drives encrypted with 256 bit AES

Ransomware is vulnerable to security programs that provide real time protection and security programs that kill malicious processes then runs a scan to quaratine and/or delete them.

radio lab has an awesome episode about this that came out last month

Thanks Linus! My sister had a Virus and a Friend of my father had a usb stick with Software that repares the Computer! My sister had no important Software and IT WORKED! Thanks Thanks Thanks Linus! I´ll subscribe!

I got hit with it when it was downloaded to my computer through the net a couple years back. Since I already knew about what this virus does, the information on the lockout screen was absolute bullshit. I certainly wasn't gonna pay these assholes, so I promptly wiped my boot drive and reinstalled my OS as well as my other programs. My dad got hit with the same virus as well. When he attempted to dismantle the virus, he ended up corrupting his OS. The only advice I can give to people that got hit by this virus is to keep your files stored on separate drive and wipe your boot drive clean. It's time consuming to reinstall your programs, but it's worth it in the end.

sounds like my parents, they actually have had this happening even tho there are ironically, parental controlls active..
biggest issue was that it changed every extension (.exe became .3475734587) etc. and renaming them did nothing, it would reverse before being able to open the browser for example, all important files were changed as well and was a hell to fix in folders with multiple types of files since they all got this random extansion. filetype not recognized.
something that always works is a fresh install. use them wisely!

if the virus encrypts your drive, will you still be able to use your system restore? Or does it fuck up your restore points?

My roommate got this ransomware before. Thankfully it did not encrypt the data so it was easy to remove it. I have been using PC for a while now and I learned to backup my stuff. I keep the external HDD unplugged as well so if this ever happens, I will just reinstall windows.

When i encounter that problem about ransomware, i must do to reformat my own computer if i have not enough money for that solving this issue.

what about those bit torrent copyright notices that people receive forwarded from their isp that ask for settlement payment? would that be like ransomware?

My kid's PC got hit by the CrytoLocker, luckily they only encrypt the Documents folder which had nothing in it, so I didn't have to pay for it. But yeah, it went around Avast free version so something to consider is to always keep current backups of important files.

I got some on my iPad Safari and was luckily able to get rid of it. Thanks for this video though!

And this is why I have a copy of a C folder on my external hard drive.

I use OneDrive for business to back up my files, is that fairly safe from ransomware?

The last one was actually done to my school district's network. all the teachers are locked out of their user and can't access their files.

I had that a lot years ago. It kept accusing me of terroristic activities, child pornography or sending spam (gasp!), claiming to be the police. It wasn't quite sure which one of the three was true, but it was very sure that I could be let go for 100$. All of that, with grammar on par with google translate.
Luckily, those were weak. All they did was stopping the explorer process and locking their image into the foreground on startup. I had another bootable partition which was completely unaffected, so I could scan and repair the main partition from there. It was scary at first and later on just annoying.

I had once that lock-out fake FBI ransomware on my netbook (not the encrypting kind) and I didn't have any AV on it, so I proceeded to booting up into Safe Mode, and checking the registry where I found the source and killed the virus myself.
My dad's corporation didn't have that same luck. The virus got into my dad's computer, and it spreaded through the entire company, killing all files along the way. I built myself a botnet with all those office computers (they were brand new, and had CUDA-compatible cards, and one of the fastest Ethernets I've ever seen), so I used all that high speed connection and computing power (big servers with higher-end processors included) to try, and after like 2 months of slow computers for everyone, finally cracked the single password to all the files by brute-force. My dad insisted on paying me after he saw me recover all the company's data, but I'm a teenager who only stays in his bedroom/cave, what am I gonna use that money for? I refused.

linus media group: they have enough power to decrypt an encrypted drive

it happened to my dad, what i did is boot it up in safe mode and made the pc go back to an earlier save (a month ago), and it fixed it

also i would recommend removing the ethernet cable or turning the wifi off because some of these programs like to verify data with some form of server

Happened to me today.
The pain is real.

+techquickie you forgot to mention that some encrypting variants of ransomware are broken and there are sites that may give you the key

Happened to my dads work computer and the IT at where he works was freaking out because they thought it was real.

My ela teacher fell victim to ransomware, all of her lesson files were gone. That was a interesting year of school.

the way you said "all in one pc -_-" XD

Quantum computing as fast as possible! Do it.

I had one of those ransomware before. I was afraid that my information was compromised while I was dealing with moneypak transactions for shopping. It locked my user account up so I couldn't do anything. So I just did a factory reset since I didn't want do deal removal and searching for hidden viruses that it gave me.

So how does it work, is it just being unlucky and having a page load up in the browser or do you have to click on "download" or some kind of .exe program from that page? Would seem like you're screwed if its merely a link.