+- MacResource (https://forums.macresource.com)
+-- Forum: My Category (https://forums.macresource.com/forumdisplay.php?fid=1)
+--- Forum: Tips and Deals (https://forums.macresource.com/forumdisplay.php?fid=3)
+--- Thread: Site taken down by ransomware (/showthread.php?tid=201270)
Site taken down by ransomware - chopper - 02-03-2017
One of my sites has been taken down by ransomware. Just like Frank Sinatra Jr.
The hackers want $6000 to restore it. They will unencrypt all files.
I have an office insurance policy ... would this in any way be covered under our equipment insurance?
Re: Site taken down by ransomware - space-time - 02-03-2017
Why not restore from backup?
Re: Site taken down by ransomware - Paul F. - 02-03-2017
space-time wrote:
Why not restore from backup?
A local school discovered that hard way that if the backup drive is connected in any way to the affected server, it gets encrypted too. Apparently that can include cloud based backups (little fuzzy on which ones, etc).
They had to restore their Student Information System database from a backup two months old... They lost a LOT of student data.
Re: Site taken down by ransomware - chopper - 02-03-2017
Yeah they got the local back up too. Bastids.
I made an removed a back up from last Sept and put it away but a lot of water under the bridge since then.
Re: Site taken down by ransomware - michaelb - 02-03-2017
My worry about paying the money is that they are just ripping you off and won't decrypt the files. So are you taking a loss on the equipment, or hoping insurance pays the ransom?
Re: Site taken down by ransomware - numbered - 02-03-2017
Paul F wrote:
A local school discovered that hard way that if the backup drive is connected in any way to the affected server, it gets encrypted too.
Are schools a regular target? I have not heard many school examples...
Re: Site taken down by ransomware - onthedownlow - 02-03-2017
michaelb wrote:
My worry about paying the money is that they are just ripping you off and won't decrypt the files. So are you taking a loss on the equipment, or hoping insurance pays the ransom?
That is always a worry, but the funny thing is, the very large majority of people who are behind such incidents like this, do honor the payment and decrypt the files and/or provide the key, tools, or instructions to do so.
Honor among thieves, I suppose.
Re: Site taken down by ransomware - Ombligo - 02-03-2017
Plus as long as they do fulfill the promise, they are more likely to get people to comply. If they just start ripping people off, no one will pay.
Re: Site taken down by ransomware - onthedownlow - 02-03-2017
chopper wrote:
One of my sites has been taken down by ransomware. Just like Frank Sinatra Jr.
The hackers want $6000 to restore it. They will unencrypt all files.
I have an office insurance policy ... would this in any way be covered under our equipment insurance?
Do you know what ransomware it specifically is and/or the group behind it? Search with any information you have, as there may be online decryption solutions already out there from white hats that have cracked the encryption and made the information available to many vendors and sites.
Examples:
https://noransom.kaspersky.com/
http://www.thewindowsclub.com/list-ransomware-decryptor-tools
Many people do not know these sites exist and may have the information they need to unlock the data for free.
Good luck.
Re: Site taken down by ransomware - Paul F. - 02-03-2017
numbered wrote:
[quote=Paul F]
A local school discovered that hard way that if the backup drive is connected in any way to the affected server, it gets encrypted too.
Are schools a regular target? I have not heard many school examples...
Any server with open ports and an accessible IP address that is sloppily protected can be a target.
My impression from the other schools tech was this was something of a "target of opportunity". In this case, some security features were turned "off" by a tech from the SIS vendor who was troubleshooting, and they were not turned back "on" by the local tech by mistake..... a few weeks went by, and one morning there's this message on the screen.