Welcome, Guest. Please login or register.

Author Topic: Hands-on Experience With Ransomware!!!!!  (Read 6059 times)

0 Members and 1 Guest are viewing this topic.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
Re: Hands-on Experience With Ransomware!!!!!
« Reply #16 on: May 18, 2016, 06:19:51 AM »
Here is a link to Kasperky for the decrypting tool;

https://noransom.kaspersky.com/


Hal you might want to try this!   :066:
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online Keighlar

  • Moderator
  • Location: New Hampshire
  • Posts: 1605
Re: Hands-on Experience With Ransomware!!!!!
« Reply #17 on: May 18, 2016, 07:13:36 AM »
Huh.  Look at that.  Kapersky does say they can decrypt:
https://noransom.kaspersky.com/

Received this  notice today:

New form of Ransomware.  The Trojan now deletes the files if you don't pay. 

Jigsaw Ransomware spotted in the wild (April 22, 2016)
Cisco has received reports of a new Ransomware Trojan, Jigsaw (named after the fictional character) which encrypts the system files and also deletes them if the payment is not made on time.

https://www.mysonicwall.com/sonicalert/searchresults.aspx?utm_campaign=48798-43691-NS-NA-SonStarNewsletter_May16&utm_medium=email&utm_source=Eloqua&ev=article&id=922
“You know you’re in love when you can’t fall asleep because reality is finally better than your dreams.”
Dr Seuss

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
Re: Hands-on Experience With Ransomware!!!!!
« Reply #18 on: May 18, 2016, 07:29:48 AM »
I'll bet the "pay on time" is due to victims finding out what I did.  The pressure of time will get victims to react more quickly to paying instead of look for alternatives.

I say; Just keep setting your clock back and keep looking for a solution!   :066:
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online MacGyver

  • Administrator
  • Location: Dallas, Texas
  • Posts: 4634
Re: Hands-on Experience With Ransomware!!!!!
« Reply #19 on: May 18, 2016, 10:01:25 AM »
Kaspersky can and did de-crypt my files!   :003:

Interesting.  Did Kaspersky identify which variant infectedthe system?
-I'm only here because my flux capacitor is broken.

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
Re: Hands-on Experience With Ransomware!!!!!
« Reply #20 on: May 18, 2016, 01:33:25 PM »
They list about 5 different types and claim if it is one of them they will have success.

If you are real heavy with files and not a lot of disk space it could be a problem.  It creates a new file for every infected file and does not remove the encrypted file.
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online hbiss

  • Administrator
  • Location: Westchester County, NY
  • Posts: 3310
Re: Hands-on Experience With Ransomware!!!!!
« Reply #21 on: May 18, 2016, 07:02:00 PM »
Quote
The encrypted files are benign but can't be removed.

Do you mean that they are system or other files that now are now back to normal that Win won't let you remove or that for some reason you cannot delete the encrypted files?

If you want to see if they really weren't encrypted and just the extension was changed just take an encrypted Word, ,pdf or .jpg file and change the extension to what it should be.

-Hal
I gotta get out of this business...

COMSYSTEC- Phone Systems | paging systems | background music systems | foreground music systems | retail music | restaurant music

Online CMDL_GUY

  • Administrator
  • Location: Mt. Sidney Virginia
  • Posts: 8183
    • www.lscg.net
Re: Hands-on Experience With Ransomware!!!!!
« Reply #22 on: May 18, 2016, 07:06:55 PM »
Quote
The encrypted files are benign but can't be removed.

Do you mean that they are system or other files that now are now back to normal that Win won't let you remove or that for some reason you cannot delete the encrypted files?

If you want to see if they really weren't encrypted and just the extension was changed just take an encrypted Word, ,pdf or .jpg file and change the extension to what it should be.

-Hal

The files, docs, pdfs, xls, and others are converted, you cannot change the file extension because the file becomes read only
"Government is not reason; it is not eloquent; it is force. Like fire, it is a dangerous servant and a fearful master." - George Washington

“Remember democracy never lasts long. It soon wastes, exhausts, and murders itself. There never was a democracy yet, that did not commit suicide.”   -John Adams

K4LRM

www.lscg.net

Faster horses, younger women, older whiskey, more money.

Online hbiss

  • Administrator
  • Location: Westchester County, NY
  • Posts: 3310
Re: Hands-on Experience With Ransomware!!!!!
« Reply #23 on: May 18, 2016, 07:28:20 PM »
Well, it looks like they really were encrypted anyway so changing the extension won't help if you could. It's a different story now. Sounds like the purps were busted and Kasperkey obtained the decryption keys. Without those keys one would have to use brute force and if strong keys were used it would be nearly impossible to crack the encryption.

-Hal
I gotta get out of this business...

COMSYSTEC- Phone Systems | paging systems | background music systems | foreground music systems | retail music | restaurant music