cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Mandiant USA Cyber Security Ransomware

Jump to solution

My son got this on his PC last night with active and updated McAfee.  I see no mention of this ransomware anywhere in these forums or on the McAfee site.  I'm curious as to how this is been overlooked. 

1 Solution

Accepted Solutions

Re: Mandiant USA Cyber Security Ransomware

Jump to solution

Not familar with same old same old, but this is pretty nasty.  Safeboot, it shuts down the PC before you can do anything so not sure you have seen this before.  Already removed using the bleeping computer HitmanPro.  That is some good stuff. 

PS.  I am a senior IT guy of over 25 years.  Nothing is a mystery.  I still think McAfee should have a signature and caught it.  Moving on to something else.

6 Replies
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 2 of 7

Re: Mandiant USA Cyber Security Ransomware

Jump to solution

There are literally 100's of variants on the ransomware theme and new ones appear almost daily.   They aren't detectable by most antivirus applications because they aren't really a virus but require human interraction to take hold.

The best defence is NOT to touch anything, mouse or keyboard and immediately power off.  OK you'll lose whatever you haven't saved but better that than the alternative.

Then power back on into Safe Mode by tapping F8 repeatedly while booting up and initiate System Restore to before it all started (hopefully).

If successful temporarily disable System Restore to delete the infection.

If that is now not possible there is an excellent removal guide here that we recommend:  http://www.bleepingcomputer.com/virus-removal/remove-mandiant-usa-cyber-security-ransomware

Good luck 😉

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 3 of 7

Re: Mandiant USA Cyber Security Ransomware

Jump to solution

Mandiant? Same old same old. It's Reveton wearing a new mask. Unless they've introduced some novel feature, the usual removal process should work for this one too. Go with the BleepingComputer article and advice.

http://www.crn.com/news/security/240158233/malware-using-mandiant-name-in-scareware-scam-company-say...

Re: Mandiant USA Cyber Security Ransomware

Jump to solution

Not familar with same old same old, but this is pretty nasty.  Safeboot, it shuts down the PC before you can do anything so not sure you have seen this before.  Already removed using the bleeping computer HitmanPro.  That is some good stuff. 

PS.  I am a senior IT guy of over 25 years.  Nothing is a mystery.  I still think McAfee should have a signature and caught it.  Moving on to something else.

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 5 of 7

Re: Mandiant USA Cyber Security Ransomware

Jump to solution

Some of the older ransomware pests are now caught I believe, but none of the A/V's are good at these judging from what I've read elsewhere online.  Most of them have extra tools which catch some, as does McAfee in the form of Stinger and RootkitRemover, linked in that last link of my signature or HERE.

I agree it would be nice if McAfee would catch all of these things.   It would certainly reduce a lot of anxious moments for customers and headaches for everyone concerned.

Anyway, glad things are OK now.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 6 of 7

Re: Mandiant USA Cyber Security Ransomware

Jump to solution

Whatever's on the blocking screen is irrelevant except as a means of identifying which version of the basic ransomware program you're dealing with. It's whatever is going on behind the scenes that's important. and if the code changes so does the signature that McAfee uses to identify the malware  strain. It is, though, basically the same program that's been doing the rounds for a couple of years now (with modifications).

If this is disabling Safe Mode booting that's an interesting development, and one which the mods were discussing privately a few weeks ago ("Disabling Safe Mode", Peter - go check). The NoSafeMode program modifies the MBR to disable F8. It's usually relatively easily undone (although that statement is a hostage to fortune).

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 7 of 7

Re: Mandiant USA Cyber Security Ransomware

Jump to solution

Yes indeed, I do recall.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community