How to deal with ransomware that encrypts documents?

digdream2012-12-11 12:10:01

Malware

digdream, 2012-12-11 12:10:01

To my great indignation, in recent days I have been observing a surge in infection among not very literate acquaintances with a relatively new type of virus.
The technology of penetrating the victim's computer is simple to disgrace. a simple user himself infects his computer, receiving a letter supposedly from the Arbitration Court, opening the attached archive, which contains an exe file with a pdf icon.
The malware, in turn, runs through all available disks, modifying all found documents, photographs, archives, everything that can be of value to the computer owner, adding the soap of its owners to the file name, as well as the number (identifier) of the key that corrupted the files.
Only a small part of the file is encrypted, which makes it possible to recover the document with losses.
extortionists actively respond, offering a decryption for transferring an n-th amount to the Yandex-money wallet.
it is clear that users who open such attachments are too frivolous and no antivirus will save them, but still I would like retribution.
and if earlier winlockers were removed sometimes easily, sometimes not so much. now there is no other way out than to pay extortionists - no

advise, is it possible to contact the police and, most importantly, will it be of any use?
Or where should I turn to stop the further spread of this evil?

according to the number of Ya.D. would it be possible to know something?

Answer the question

In order to leave comments, you need to log in

8 answer(s)

cjey, 2012-12-11
@cjey

The antivirus is just designed for such frivolous users, so it definitely will not be superfluous.
There is only one way to protect data - timely backup to a separate media / computer.
It is better to write a statement to the police, indicating the details for sending money, let them try to trace their path. It won't get any worse.
It will not be possible to stop the spread of this evil, just as spam and viruses on the network have not been overcome. The only way out is if none of the victims pays.
Perhaps antivirus companies know how to decrypt files, but everything depends on the virus itself.

Artur Smirnov, 2012-12-11
@wisd

In my opinion, this is extortion ... turning to the police - of course, you can play the fool and pull out information about them from them sequentially ...

Ilya Plotnikov, 2012-12-11
@ilyaplot

There was a post. habrahabr.ru/post/159811/

@sledopit, 2012-12-11
_

It was recently .

garbager, 2012-12-13
@garbager

install ubuntu

Sargass, 2012-12-11
@Sargass

money.yandex.ru/doc.xml?id=524781#qu74

What should I do if I have been scammed? Please let us know
immediately . Contact the police station at your place of residence and write a statement. If you received a fake email on behalf of Yandex.Money, contact support
These guys work with “Anonymous Accounts” in Poison, which means that Yandex, even if they really want to, cannot give you anything, because they themselves have absolutely no information about these people.
Not to mention the fact that usually such information is not disclosed to anyone except the authorized bodies, no matter what they do.

Dmitry, 2012-12-11
@EvilsInterrupt

Alas. But the Anti-Virus side is the "catching up" side. She can't heal what isn't there yet. Of course, it tries to predict by identifying common features, but this heuristic breaks down by inserting any non-standard logic, and virus makers can do this.
As already mentioned: a timely backup is the surest means of salvation. Moreover, if a user, with a good machine, has the opportunity to install VirtualBox and put a system there, which is much easier for him to back up!

Dmitry Sidorov, 2012-12-12
@Doomsday_nxt

This type of virus is not new at all and I heard about them about 3-4 years ago. For starters, you can try using services like sms.kaspersky.ru. You can also send the file to antivirus companies, there is a chance that the keys and algorithms are protected somewhere in the body.