EPDM Coatings
rvupgradestore.com Composet Products PO Box Zone
Over The Network Custom Yacht Interiors

Author Topic: Warning about Ransomware  (Read 5453 times)

HueyPilotVN

  • ---
  • Posts: 1169
Warning about Ransomware
« on: August 22, 2016, 09:19:57 PM »
I have been getting several FEDEX deliveries lately so I was not surprised to get an email that looked like it was from FEDEX.

When I opened it it said that they could not deliver a package and to click on the delivery details below for information.

As soon as I opened the attachment a large message came up on the screen.

It informed me that all my data files, pictures, and music files had been incripted and I had to go online and buy a certain amount of Bit Coins and send them to an online address to get the instructions to reverse the incription.  If I did not do that within three days the file would not be recoverable.

I looked at the files and they are all incripted.

I would never pay a ransom so I went out and bought a new laptop and software.

I spent much of two days transfering files from another backup laptop to recover as much as I could.  I still lost at least two years of files.

I am posting this to remind all of us to backup our important data every so often.

I hate a thief.
« Last Edit: August 22, 2016, 09:21:39 PM by HueyPilotVN »
Bill Waugh
40' Country Coach DP
34' Stacker Trailer, Trailer Toad
Jeep Commander
Mustang Bracket Race Car
35 years on the road

whiteva

  • ---
  • Posts: 322
Re: Warning about Ransomware
« Reply #1 on: August 22, 2016, 09:37:22 PM »
Very good reminders, thanks
2008 Winnie 29TR, Class C
Me: RETIRED: Aerobatic flight instructor, RE Broker, EE,-
DW, Nan, works Finance for RV dealer. Travel short distances pulling 77' MGB on dolly.
 If not in the RV we are on the Sea Ray, with Shadeaux the black cat. Stop by for coffee or beverage

RVRAC

  • ---
  • Posts: 1020
Re: Warning about Ransomware
« Reply #2 on: August 22, 2016, 10:31:01 PM »
Sorry to hear about it. 
2017 Leprechaun 311 FS
Toad: 2016 Jeep Patriot
American Dolly
Home: WI
Snowbird 6 months/yr.

Sun2Retire

  • Photo moderator
  • ---
  • *
  • Posts: 1855
Re: Warning about Ransomware
« Reply #3 on: August 22, 2016, 10:52:00 PM »
I have been getting several FEDEX deliveries lately so I was not surprised to get an email that looked like it was from FEDEX.

When I opened it it said that they could not deliver a package and to click on the delivery details below for information.

As soon as I opened the attachment a large message came up on the screen.

It informed me that all my data files, pictures, and music files had been incripted and I had to go online and buy a certain amount of Bit Coins and send them to an online address to get the instructions to reverse the incription.  If I did not do that within three days the file would not be recoverable.

I looked at the files and they are all incripted.

I would never pay a ransom so I went out and bought a new laptop and software.

I spent much of two days transfering files from another backup laptop to recover as much as I could.  I still lost at least two years of files.

I am posting this to remind all of us to backup our important data every so often.

I hate a thief.

Bill,

If you haven't tossed your old laptop, do some research. The decrypt keys for **some** of those ransomware attacks have been found and posted on various sites. There is a slight chance your files could be recovered.
Scott
2005 Newmar Dutch Star 3810, Spartan, Cat C7 350 "OURVEE"
Eezrv TPMS, VMSpc, 800W Solar
2002 Dodge RAM 1500 Quad Cab "RTOAD"
Stowmaster towbar & Brakemaster

SeilerBird

  • ---
  • Posts: 10690
  • Everything I state is my opinion.
Re: Warning about Ransomware
« Reply #4 on: August 23, 2016, 04:45:26 AM »
I sure love my Chromebook. That would never happen on a Chromebook. Chrome can run programs so ransomware is impossible.
I would like to apologize to anyone I have not yet offended. Please be patient and I will get to you shortly.
Life list of birds:
https://goo.gl/photos/xuP9zPD2KP2swN1g8
Grand Canyon photos:
https://photos.app.goo.gl/Nc1AT8tQp25wJwfm1
My portfolio:
https://goo.gl/photos/Cx4SaYhGfYFShSty7

Daffy

  • ---
  • Posts: 78
Re: Warning about Ransomware
« Reply #5 on: August 23, 2016, 06:13:03 AM »
Do some searching, it is possible to recover the computer. Try "Ransomware Removal" for multiple options.
Too new at this to be a fool yet..

1999 Itasca Sunflyer 36L

KandT

  • ---
  • Posts: 743
Re: Warning about Ransomware
« Reply #6 on: August 23, 2016, 06:30:11 AM »
I sure love my Chromebook. That would never happen on a Chromebook. Chrome can run programs so ransomware is impossible.

I hope this is sarcasm!
2005 Winnebago Vectra
American Car Dolly
2009 Accord Toad
It's not a problem.  It's a project!

kdbgoat

  • ---
  • Posts: 3968
Re: Warning about Ransomware
« Reply #7 on: August 23, 2016, 06:39:39 AM »
Probably not. That statement is from the same guy that says posting your SS# won't lead to identity theft. 8)
I know you believe you understand what you think I said,
But I am not sure you realize what you heard is not what I meant


2016 Leprechaun 319DS

SeilerBird

  • ---
  • Posts: 10690
  • Everything I state is my opinion.
Re: Warning about Ransomware
« Reply #8 on: August 23, 2016, 06:52:36 AM »
Probably not. That statement is from the same guy that says posting your SS# won't lead to identity theft. 8)
Well it won't. No one has ever been able to convince me of that by telling me step by step how it can happen.
I would like to apologize to anyone I have not yet offended. Please be patient and I will get to you shortly.
Life list of birds:
https://goo.gl/photos/xuP9zPD2KP2swN1g8
Grand Canyon photos:
https://photos.app.goo.gl/Nc1AT8tQp25wJwfm1
My portfolio:
https://goo.gl/photos/Cx4SaYhGfYFShSty7

kdbgoat

  • ---
  • Posts: 3968
Re: Warning about Ransomware
« Reply #9 on: August 23, 2016, 07:00:31 AM »
Just picking at you Tom, please don't take it to heart. ;)
I know you believe you understand what you think I said,
But I am not sure you realize what you heard is not what I meant


2016 Leprechaun 319DS

SeilerBird

  • ---
  • Posts: 10690
  • Everything I state is my opinion.
Re: Warning about Ransomware
« Reply #10 on: August 23, 2016, 07:41:05 AM »
ok, I just did not understand it was sarcasm.
I would like to apologize to anyone I have not yet offended. Please be patient and I will get to you shortly.
Life list of birds:
https://goo.gl/photos/xuP9zPD2KP2swN1g8
Grand Canyon photos:
https://photos.app.goo.gl/Nc1AT8tQp25wJwfm1
My portfolio:
https://goo.gl/photos/Cx4SaYhGfYFShSty7

SargeW

  • Forum Staff
  • ---
  • *
  • Posts: 6301
  • Life is better on the road!
Re: Warning about Ransomware
« Reply #11 on: August 23, 2016, 07:47:39 AM »
Good reminder Bill, thanks.
Marty--
2017 Tiffin Allegro Bus 40SP
Cummins ISL 450 HP/Powerglide chassis
Visit our new travel blog! http://www.mytripjournal.com/rvnchickTNG
Support your local Police Officer, Fire Fighter and Military!

John From Detroit

  • ---
  • Posts: 19633
  • ^My New Home^
    • Diabetics Forum
Re: Warning about Ransomware
« Reply #12 on: August 23, 2016, 07:58:31 AM »
Fed Ex will never send you an E-mail.  Neither will bank of ____ or ___ bank,he FBI, the IRS or anyone else who has legitimate business UNLESS you first E-mail them and request a reply.

I do get al ot of E-mails from businesses but they are ones where I specifically requested them (Signed up for the e-mail list).

But if you get an E-mail about Money.. Very good chance it's phony

NOTE: If you can identify (if you have paid for example, the ransom and have the payee listed on your Charge Card statement) prosecution is possible and you can hold them for ransom in a manner of speaking (They go to prison).
Nothing adds excitement like something that is none of your business
My Home is where I park it.

glen54737

  • ---
  • Posts: 1187
  • My camping buddy
Re: Warning about Ransomware
« Reply #13 on: August 23, 2016, 08:13:22 AM »
There are ways of removing these programs. Google it.
I had this one time and it was as simple as starting in safe mode and restoring to a point a few days earlier.
2018 Thor Miramar 35.2
2015 F-350 CC short box 6.7l 3.55 axle
2015 Alpine 3510RE-sold

Glen,Nene
Mickey & Jayco (yorkies)

scottydl

  • Admin assist
  • ---
  • *
  • Posts: 7654
  • Central IL
Re: Warning about Ransomware
« Reply #14 on: August 23, 2016, 09:54:03 AM »
I know this seems obvious to Bill (OP) so I'm not trying to add insult to injury.  But as John mentioned, NEVER open an attachment that you are not expecting, from any e-mail address / person that you do not know.  These days, NO business, banks, etc. will send you attachments or request your login credentials over e-mail.  They should direct you to go to their website, log in as regular, and check whatever details need to be checked there.  If the e-mail provides the clickable link (odd but still sometimes happens), be very careful to ensure it is the actual website and not a fake mirror site that is used to farm usernames and passwords.  The actual URL will usually give away the fakers, i.e. instead of www.fedex.com the site link might be www.fedmex.com.hk or something like that, slight misspellings and/or a site based out of another country's URL suffix.

All that said, ransonware can invade through less intrusive means than tricking you to open an attachment.  A couple years ago, my work computer (a hardwired desktop at the office) ended up being infected and I (nor our IT people) ever figured out how.  Luckily the network regularly backed up all files every week or so, but I had to go through hundreds of individual documents and restore to their pre-infected versions.

For home computers, get an external hard drive and copy/backup all your important folders/files at least once a month... then you're only a few weeks behind if you do lose everything somehow.  Windows makes this pretty easy with almost everything directing to Documents/Photos/Videos/Downloads folders now (and you can add custom folders), if you leave those defaults in place.  I would assume Macs have a similar setup?  I don't worry about system images or copying programs anymore, since almost everything is internet based now and can be re-downloaded or re-installed as needed.
« Last Edit: August 23, 2016, 10:45:44 AM by scottydl »
Scott, wife, 3 boys... and the dog
- 2008 Forest River Wildwood 32BHDS
- 1995 Chevrolet Suburban C2500 tow vehicle
- 1994 Thor Residency motorhome... owned 2007-2012

HueyPilotVN

  • ---
  • Posts: 1169
Re: Warning about Ransomware
« Reply #15 on: August 23, 2016, 10:36:33 AM »
I completely understand what you are saying. 

I have been receiving all kinds of delivery notifications for internet purchases this last month and I did click on the attachment without proofreading the email address.

What actually bothers me even more than the psychology behind getting me to allow a malicious program past the basic defenses by clicking on it is the lack of any easy way to report and assist in finding these criminals.

I called the FBI office in Minneapolis and eventually got thru to the cyber crimes division.  I offered them the actual laptop which I had turned off after verifying that the encryption had actually happened.  My thought was that it had the evidence including the IP address of the originator of the email.  I know that one person's ransom demand is not the crime of the century.  However the cumulative effect on many does make it a crime worthy of finding the perpetrators.

The lady I talk with simply referred me to the IC3.gov website where you can fill out a report online.

This reminds me of an incident a few years ago when my Credit Card number was used to purchase about $3,000.00 in merchandise and the police would not even take a report because they said that the credit card companies would not prosecute and it was a waste of their time even though the perpetrator was on camera at Sears.

Sorry if this seems like a rant, but I hate crooks.

 
« Last Edit: August 23, 2016, 10:38:09 AM by HueyPilotVN »
Bill Waugh
40' Country Coach DP
34' Stacker Trailer, Trailer Toad
Jeep Commander
Mustang Bracket Race Car
35 years on the road

Corky

  • ---
  • Posts: 260
Re: Warning about Ransomware
« Reply #16 on: August 23, 2016, 10:51:28 AM »
I ship and receive a lot of packages via USPS, and UPS. And I do a fair amount of business thru Paypal.
All 3 of these entities will send varying amounts of email during the day, and I have gotten so paranoid that I don't even use my own shortcut icons to go to these respective web sites. I type each one in. So far this has proven to be the safest way to avoid these dastardly deeds.

Hope you recover your files, send the the crook to jail.

Corky
'05 Itasca Meridian 36G
15 Jeep Wrangler Orange toad
'86 Suzuki Samurai Camo dirt toad

kdbgoat

  • ---
  • Posts: 3968
Re: Warning about Ransomware
« Reply #17 on: August 23, 2016, 11:09:20 AM »
I agree with the PayPal thing. It seems like every time I use PayPal, I end up getting one or two scam emails.
I know you believe you understand what you think I said,
But I am not sure you realize what you heard is not what I meant


2016 Leprechaun 319DS

SeilerBird

  • ---
  • Posts: 10690
  • Everything I state is my opinion.
Re: Warning about Ransomware
« Reply #18 on: August 23, 2016, 11:11:06 AM »
I try not to use Paypal unless there is no other options. I have been scammed by Paypal twice.
I would like to apologize to anyone I have not yet offended. Please be patient and I will get to you shortly.
Life list of birds:
https://goo.gl/photos/xuP9zPD2KP2swN1g8
Grand Canyon photos:
https://photos.app.goo.gl/Nc1AT8tQp25wJwfm1
My portfolio:
https://goo.gl/photos/Cx4SaYhGfYFShSty7

garyb1st

  • ---
  • Posts: 2087
Re: Warning about Ransomware
« Reply #19 on: August 23, 2016, 11:11:26 AM »
Sorry you had to experience that Bill.  Had a similar credit card situation a few months back.   Not sure how but two of my credit cards were used to charge almost $4,000 several months ago.   All the charges have been reversed from my accounts but, from the little I know, no real investigation into the theft was done.  Personally I believe credit card companies have factored in a certain percentage of fraud as a cost of doing business, and as long as their usurious interest rates and obscene late fees are adequate to cover the costs, they're happy with the bottom line.     
Gary B1st

2005 Pace Arrow 35G
2016 Jeep Wrangler

Tom

  • Administrator
  • ---
  • *
  • Posts: 44396
    • RV Forum web site
Re: Warning about Ransomware
« Reply #20 on: August 23, 2016, 11:17:30 AM »
 
Quote
... it had the evidence including the IP address of the originator of the email.

Unfortunately, like email addresses, IP addresses can be spoofed.

Quote
The lady I talk with simply referred me to the IC3.gov website where you can fill out a report online.

The only time I tried filling that out, I gave up when it asked to show financial loss.
Tom.  Need help? Click the Help button in the toolbar above.

Tom

  • Administrator
  • ---
  • *
  • Posts: 44396
    • RV Forum web site
Re: Warning about Ransomware
« Reply #21 on: August 23, 2016, 11:20:49 AM »
Quote
I believe credit card companies have factored in a certain percentage of fraud as a cost of doing business ...


Yep, they have a large slush fund for fraudulent charges.
Tom.  Need help? Click the Help button in the toolbar above.

kdbgoat

  • ---
  • Posts: 3968
Re: Warning about Ransomware
« Reply #22 on: August 23, 2016, 11:24:46 AM »
I try not to use Paypal unless there is no other options. I have been scammed by Paypal twice.

I have never had a problem with PayPal, and have used it quite a bit. I'm like Corky, I don't use links, I type and go direct to site.
I know you believe you understand what you think I said,
But I am not sure you realize what you heard is not what I meant


2016 Leprechaun 319DS

scottydl

  • Admin assist
  • ---
  • *
  • Posts: 7654
  • Central IL
Re: Warning about Ransomware
« Reply #23 on: August 23, 2016, 11:30:08 AM »
Coincidence of all coincidences... after my post about 90 minutes ago, I just checked my e-mail and Walmart.com send me a message this morning that my account was possibly hacked and they changed my password as a preventative measure.  The Walmart e-mail gave me instructions to reset the password again myself, rather than providing any attachments or direct links.  I posted that example below.  Most companies will operate in this way now, if they have any information to share with you about an order, account problems, etc.

This reminds me of an incident a few years ago when my Credit Card number was used to purchase about $3,000.00 in merchandise and the police would not even take a report because they said that the credit card companies would not prosecute and it was a waste of their time even though the perpetrator was on camera at Sears.

This does seem odd, as I know agencies in my area will gladly arrest/charge people caught in the act of committing credit card fraud or theft... even if the charges are refunded.  But I suppose it depends on your local agency resources and how many violent crimes that are also trying to solve (which will generally rank higher on the priority list than property/financial crimes).  Don't worry, I hate crooks too.  And so do police officers and investigators, who unfortunately now have volumes of limitations and restrictions on their enforcement activities in modern society.

Hope you recover your files, send the the crook to jail.

Sadly, this likely will not happen... but it's a nice thought!
Scott, wife, 3 boys... and the dog
- 2008 Forest River Wildwood 32BHDS
- 1995 Chevrolet Suburban C2500 tow vehicle
- 1994 Thor Residency motorhome... owned 2007-2012

Corky

  • ---
  • Posts: 260
Re: Warning about Ransomware
« Reply #24 on: August 23, 2016, 12:03:19 PM »
Back in the early '80's someone stole a van from my driveway. As soon as I discovered that it was missing I went on a discovery mission throughout my neighborhood, just for the fun of it. I found the van about 8 blocks away in the back lot of a supermarket. So I went back home (pre cell phone era) and called the coppers. They showed up, and not very stealthy either, as I communicated to dispatch that I was camouflaged and ready to spring into action as soon as backup arrived  ::). Two patrol car, one detective, and not one of them interested in any prints that may have been left behind by the thieving bas---ds. Man was I bummed. I was already to observe all of the sleuthing techniques in action that I had seen for so many years watching Colombo.   

I guess the point is --- nobody cares :-[

Corky
'05 Itasca Meridian 36G
15 Jeep Wrangler Orange toad
'86 Suzuki Samurai Camo dirt toad

SargeW

  • Forum Staff
  • ---
  • *
  • Posts: 6301
  • Life is better on the road!
Re: Warning about Ransomware
« Reply #25 on: August 23, 2016, 09:19:26 PM »
I guess the point is --- nobody cares :-[

They care, it is just a matter of prioritization.  With auto thefts, unless you can prove an intent to permanently deprive, like stealing parts or changing the VIN#, it will be handled like a "Joyriding" case.  You get the car back, they close the case. 

With Credit cards, they do build in a certain amount for expected losses. What they have gotten better at is catching unusual activity on credit card accounts. I have been called numerous times  as we have traveled around the country if they see a charge that seems unusual.  A common one for thieves is to steal a CC number, then run a small charge on it to see if it goes through.  Then if it does they hit it with a big charge.  That is when I get called.  Sometimes they stop a legitimate charge though. Like filling the RV at a truck stop. That can be a bit frustrating.
Marty--
2017 Tiffin Allegro Bus 40SP
Cummins ISL 450 HP/Powerglide chassis
Visit our new travel blog! http://www.mytripjournal.com/rvnchickTNG
Support your local Police Officer, Fire Fighter and Military!

John From Detroit

  • ---
  • Posts: 19633
  • ^My New Home^
    • Diabetics Forum
Re: Warning about Ransomware
« Reply #26 on: August 24, 2016, 09:39:54 AM »
I am expecting a call later today if Ryan ever gets here with my new A/C.

Have had one bank call twice, E-mail once and text twice on a tank of gas... I confirmed every time  (NOTE: all contacts were via known paths so I was sure they were legit) The first call I was still standing at the register!!!!!!!

Have also had 'em call when it was not legit.   For example someone tried to use my Credit Union account to buy olike $500 worth of stuff (Charge denied even before they called to confirm)  I run "Zero balance checking" so that account (A debit card) only had money in it for a couple of days... There was only about 5.00 in the account when the scammers tried to empty it... They goofed.


True story: Co-worker got the call from her Credit card company.. So when UPS delivered,  The "helper" took the packages to the door.
The suspect signed for the goods and the UPS Trainee explained that she had a real job, She was just playing UPS trainee.. her real job was Michigan State Police Trooper and you have the right (Of course his signature was the evidence that convicted him so it was a bit late for him to do anything other than name his accompliace (Brother) who copied her credit card info when she rented a car)

More credit card theft stories should end that way.
Nothing adds excitement like something that is none of your business
My Home is where I park it.

SargeW

  • Forum Staff
  • ---
  • *
  • Posts: 6301
  • Life is better on the road!
Re: Warning about Ransomware
« Reply #27 on: August 24, 2016, 10:48:00 AM »
I love stories with a happy ending!
Marty--
2017 Tiffin Allegro Bus 40SP
Cummins ISL 450 HP/Powerglide chassis
Visit our new travel blog! http://www.mytripjournal.com/rvnchickTNG
Support your local Police Officer, Fire Fighter and Military!

8Muddypaws

  • ---
  • Posts: 2240
Re: Warning about Ransomware
« Reply #28 on: August 24, 2016, 11:25:29 AM »
This would be a good time to plug the habit of making a full disk backup to an external disk once a month, or even more often.

If you had made a full disk backup you would not have lost much.  Restoring from a backup would have overwritten the cryptolocker or whatever and had you back in business in less time than it took to buy a new computer.

External disks can be found in a varitey of sizes and styles for not a lot of money and the software that does the backup is free in most cases.  I use a disk dock I bought for $19 and standard SATA disk drives that mount into the dock.

I use two most of the time.  ToDo Backup and Clonezilla.  Both are free at www.majorgeeks.com.  ToDo is more user friendly while Clonezilla is faster but requires a little knowledge of Linux and PC file systems and commands.  I use Clonezilla to install a pre-licensed images on dozens of computers a month at my volunteer job.  It's very reliable.
Retired computer professional
Musician, songwriter and music director
2006 Bounder 34H, 2008 CR-V Toad

HueyPilotVN

  • ---
  • Posts: 1169
Re: Warning about Ransomware
« Reply #29 on: August 24, 2016, 11:31:39 AM »
I agree.  That was the main reason I posted about the ransomware incident.

Wish I had a redo button.  I do have several external hard drives.  Sometimes we just get lazy and complacent.

I am getting most of the old files back by doing a selective copy of files from other computers and external hard drives.
Bill Waugh
40' Country Coach DP
34' Stacker Trailer, Trailer Toad
Jeep Commander
Mustang Bracket Race Car
35 years on the road

 

Hosted by Over The Network