[AusNOG] Ransomware...

Robert Hudson hudrob at gmail.com
Fri Sep 23 07:12:21 EST 2016


Some of the kits used by the perpetrators have had their decryption keys
recovered.

Some of the early ones (they still float around) also actually delivered
the decryption key with the payload, if you know where to find it (Google
is your friend).

Kaspersky has a tool for attempting decryption with known keys. Other
anti-malware vendors may have similar tools.

If you do recover the files, keep only what you need and can confirm are
clean, and nuke the system. It is entirely possible that along with
encypting your files, a secondary payload has been delivered onto your
system, and you just can't trust it any more.

Then invest in an appropriate backup and recovery solution, develop
procedures to meet your organisation's RPO and RTO requirements, and stop
worrying about ransomware.

On 22 Sep 2016 10:46 PM, "Michael Bullut" <main at kipsang.com> wrote:

> Greetings Team,
>
> Anyone that has succeeded in eradication without sending a ransom?
>
> Warm regards,
>
> Michael Bullut.
>
> ---
>
> *Cell:*
> *+254 723 393 114.**Skype Name:* *Michael Bullut.*
> *Twitter:*
> * @Kipsang <http://twitter.com/Kipsang/>*
> *Blog: http://www.kipsang.com/ <http://www.kipsang.com/>*
> *E-mail:* *main at kipsang.com <main at kipsang.com>*
>
> *---*
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20160923/57e9bec8/attachment.html>


More information about the AusNOG mailing list