in english:
in 9 december a friend got infected with new ransomware that encrypt all files adding .rmd extension.that pc was runing windows 7 ultimate sp1 and no antivirus software installed and can't say for sure if it was an av installed will make diference.damage was made to files use by accounting software while other stuff no importance.this type of ransomware doesn't hurt windows as others ransomware can use browser,watch videos,install antivirus.now (19 december) doesn't exist anything made by antivirus companies to recover(heal) infected files so until will be available a simple protection method is to archivate files(winrar if aren't many manyy maanyy moore)because can't alterate files inside archive.no worry about software can be re installed but if accountig files are infected with no backup it's HUGE.luckly someone made a backup before few months so less "paper" needs to be through in accounting software.
the certainty of infection is done by a url shortcut "published" on desktop with name "YOUR_FILES.url" so on next restart files are encrypted not deleted.doesn't matter if you think "i won't open that link maybe will bring some viruses" because it's already in the ideea of that shortcut is to announce infection(looks like picture above).
now simple question:to pay or not ?.depends the damage made meaning on what infected files was use and if you have any backup. in case of a pay no garantee of recovering files also possible that ransomware to reactivate later.no matter the damage level format entire hard disk with infected files.only exception for a future case to archive it them in case of healing.
visit this discussion site about this ransomware www.bleepingcomputer.com/forums/t/599368/ransomware-encrypts-files-with-rdm-extension-leaves-yourfileshtml/ day by day the number of people saying and asking for a decryipting tools is increasing.also visit this site to see which type of files are infected and how it's happening http://www.bleepingcomputer.com/news/security/new-radamant-ransomware-kit-adds-rdm-extension-to-encrypted-files/
IN ROMANA:
recent pe net a aparut un nou tip de infectie a fisierelor din calculator(windowsul se poate folosi in continuare).acest mesaj este pentru cei ce folosesc pc-ul,laptopul la serviciu adica in scop profesional si nu-si protejeaza datele.scopul acestui ransomware este de a cripta fisierele (nu le sterge) adica le face inutilizabile de catre aplicatia care le foloseste.exemplu practic al unei cunostinte:folosea un program de contabilitate si softul salva fiecare factura intr-o baza de date pe hard.cand a dat sa deschida baza de date creata pana atunci softul nu a mai recunoscut-o si tot ce s-a lucrat la contabilitate pe acea firma pana atunci a disparut in sens de neutilizare pentru ca baza de date este acolo insa alterata.alt exemplu aplicabil mai larg cu cine nu foloseste office(word,excel,power point).dupa fiecare folosire a unui fisier la inchidere ne intreaba daca vrem sa-l salvam si toate acele salvari formeaza o baza de date cu munca fiecaruia.dupa infectare softul(officeul)nu mai poate citi continutul documentelor salvate.va dati seama daca fisierele au inca o extensie adaugata .rdm la cea existenta adica salvare.doc.rdm asa arata fisierul infectat si pe desktop a aparut o scurtatura a unei adrese de net cu numele "YOUR_FILES.url".chiar daca o stergeti infectia sa produs pentru ca singurul scop al acelei adrese este o simpla informare ca sunteti "infestat" si ce-i de facut pentru vindecare(poza de sus).
acum partea cu plata.pentru cei ce-s in belea rau de tot nu-si mai are rost partea morala a discutiei cu datul banilor catre infractori insa chiar si asa nu-i sigura reutilizarea fisierelor.la fel cum e posibil ca dupa o anumita perioada sa recripteze fisierele(nu stiu cat de sadic este acel grup de programatori cand au realizat acest ransomware).sfat proactiv:vedeti in ce locatie sunt salvate fisierele,le arhivati cu winrar si mutate pe alta partitie in caz de reinstalare windows pentru ca munca voastra de ani de zile dispare in cateva secunde.exista si alte metode de salvare mai complicate numai deschid alt subiect.sfat reactiv:s-a intamplat asta e.procedati la fel ca mai sus(arhivarea fisierelor infectate) apoi le mutati de pe acel hard (evitati stick)urmat de formatarea intregului hard.arhiva cu fisierele corupte nu o stergeti e posibil ca dupa un timp firmele de antivirus sa creeze o unelta de vindecare(decriptare) si astfel vor fi reutilizabile.
MARE RUGAMINTE SI SFAT adresat celor ce lucreaza cu orice aplicatie din suita SIUI:FACETI BACKUPUL BAZEI DE DATE ZILNIC la terminarea programului urmand acel simplu pas (arhivare si mutare) pentru ca foarte multi dintre voi nu cunosc chestii simple(chiar daca aveti antivirus instalat) dar si mai important este acela ca lucrati zilnic cu oamenii si-n cazul unei infectii cu acest ransomware doar oamenii vor avea de tras,windowsul se reinstaleaza.
discutie despre acest tip de infectie pe siteul http://www.bleepingcomputer.com/forums/t/599368/ransomware-encrypts-files-with-rdm-extension-leaves-yourfileshtml/ iar pentru cei ce asa de curiozitate vor detalii cum actioneaza gasiti pe siteul http://www.bleepingcomputer.com/news/security/new-radamant-ransomware-kit-adds-rdm-extension-to-encrypted-files/
Niciun comentariu:
Trimiteți un comentariu