cancel
Showing results for 
Search instead for 
Did you mean: 
Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 41 of 124

Re: West Yorkshire Police Virus

Jump to solution

is there a fix to eliminate the locked files automatically, or am I being greedy?

I saw this in a discussion somewhere else - the Dr.Web fix creates decrypted copies of the infected files. You have to delete those files yourself.

Highlighted
glitton
Level 7
Report Inappropriate Content
Message 42 of 124

Re: West Yorkshire Police Virus

Jump to solution

Hayton wrote:

is there a fix to eliminate the locked files automatically, or am I being greedy?

I saw this in a discussion somewhere else - the Dr.Web fix creates decrypted copies of the infected files. You have to delete those files yourself.

Yup - that's how it should be, IMO.

If the decryption goes wrong, or doesn't work for whatever reason, you still have the encrypted ones to have another go at.

Re: West Yorkshire Police Virus

Jump to solution

Found this site last night (while in safe mode). I got this nasty virus last night. Managed to do a system restore and then ran Rkill followed by the program from Dr web all in safe mode. Luckily my son put a couple of pics on yesterday and still had the unencrypted files on his camera.  I am so pleased it worked.

Regarding the locked files, what I did was :  Search for " locked" then view more results. Select all and then delete. There was a couple of files at the bottom that I had to de-select. Worked for me . 6660 files deleted  in less than five minutes

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 44 of 124

Re: West Yorkshire Police Virus

Jump to solution

The malware authors have milked this one for all it's worth, and moved on to a US/Canadian variant. I'm waiting for the new one to start appearing in posts, but it hasn't shown up yet. They might still decide to modify this version to try and get extra mileage from it, but at least for now the existing fix is still working.

Message was edited by: Hayton - added the one word "malware", to make it clear what I'm talking about - on 19/05/12 05:40:32 IST
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 45 of 124

Re: West Yorkshire Police Virus

Jump to solution

Why do I feel that my holiday weekend has just been ruined....?

Let's hope their efforts fizzle.  Meanwhile, where are the much-vaunted KGB or their 'peacetime' equivalent, when we need them?

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 46 of 124

Re: West Yorkshire Police Virus

Jump to solution

Ex_Brit wrote:

.. where are the KGB when we need them?

A post-Cold-War gem 

They've all been privatised. Or even privatized. And rebranded. These days they're "KGB Global Security Solutions Inc", and charge a fortune.

Some of them branched out into information services and other areas ....

http://kgb.com/about

http://www.kgb-music.co.uk/

http://www.kgbremovals.co.uk/

Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 47 of 124

Re: West Yorkshire Police Virus

Jump to solution

Yes, yes, yes....and they also ran an old folks home next door to me plus they had a majority shareholding in the Red Cross - I mean that's obvious, otherwise it would be the Green Cross...just kidding.     What I really meant was, obviously the Russian Government is extremely lax at policing this sort of thing because it should be pretty easy to trace accounts using Ukash.

I find it quite bizarre that the same country produced a really good antivirus in the shape of Kaspersky.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 48 of 124

Re: West Yorkshire Police Virus

Jump to solution

Joking aside, the FSB (successor to the KGB) could probably put an end to the Russian criminal operations that run so many of the Fake-AV and Ransomware rackets within a few months if there was the political will for them to do so. That would still leave the groups operating from the Ukraine, Moldova, Belarus, the Baltic states and elsewhere on the fringes of Russia, and they would be quite capable of moving in and taking over if the Russian operations were broken up.

Part of the reason why these groups have been allowed to operate with relative impunity is that until very recently they took care not to target platforms in Russian-speaking countries. Their operations were therefore technically an SEP (Someone Else's Problem). More recently that unwritten rule has started to be breached, and Russian users have joined the rest of the computing world in having their financial details stolen, and Russian banks have fallen victim to computer fraud. That has started to change the way the Russian government regards such activity, but the Russian legal framework does not yet allow for a complete crackdown on the operations of computer criminals. Not unless, that is, someone oversteps the mark and targets the wrong people or organisations in Russia.

The relationships between the State security apparatus, the political elite, public or private companies, and organised crime in Russia are murky, disputed, and complex. But many Russians believe that such relationships exist. The Chronopay saga (which I gave up trying to chronicle, it became so complex it needed a full-time blog all to itself) included allegations that the reaction to the DDOS which took down Aeroflot was so vigorous and effective because it directly impacted the interests of someone important - an oligarch, or a powerful politician. Tread on the toes of someone like that in Russia and you end up doing time in prison. The best person to ask about that particular peril is Pavel Vrublevsky, not long out of Moscow's not-very-pleasant Lefortovo after eight months inside.

Pavel Vrublevsky wrote:Lefortovo prison - http://en.wikipedia.org/wiki/Lefortovo_Prison is Russia's most strict prison for political criminals, spies, elite hitmen, top drug mafia and top mobsters, and of course beloved terrorists, in other words an excellent company to have Your morning breakfast with. :-)

He has a blog, now in English as well as Russian, which has some interesting insights into the murky and convoluted relationships I referred to. He is - shall we say - not always completely on-message about Putin's government, but gives away little about his former activities (understandably, since he may yet face further charges relating to Chronopay).

Aeroflot hacker attack case submitted to court - Russian Legal Information Agency (RAPSI)..png

There are plenty of hints in published articles that influential members of the Russian business/political elite have links to organised crime, and that the serious - as in menacing and ruthless - criminals are beginning to take over the less organised operations of the cybercriminals, many of whom appear to have been in it for profit and fun (girls, fast cars, nouveau-riche apartments, flash nightclubs, you get the picture). The RBN (Russian Business Network) is in it for profit, period.

There are plenty of stories and articles about this whole subject in the "Russian Cybercrime, Hacking and Information Warfare" subgroup of the Aurora Cyberconflict Research Group, on LinkedIn. One of the best places to start is probably Niels Groeneveld's digest of articles, part of which (relating only to some of those for 2010-2011) is shown below.

LinkedIn articles.PNG

And here's some more interesting reading on the subject of Russian cybercrime :

http://www.opendemocracy.net/od-russia/irina-borogan-andrei-soldatov/kremlin-and-hackers-partners-in...

PS. That blog ..... perhaps it might help you to gain an insight into the Russian psyche. Or perhaps not. Judge for yourself.

RNP-1.png

Message was edited by: Hayton on 19/05/12 06:29:48 IST
Reliable Contributor exbrit
Reliable Contributor
Report Inappropriate Content
Message 49 of 124

Re: West Yorkshire Police Virus

Jump to solution

Interesting. thanks.  I read the Aeroflot piece a while back and one or two of the ones mentioned too, but will take a gander at those others when I get a chance.

Reliable Contributor Hayton
Reliable Contributor
Report Inappropriate Content
Message 50 of 124

Re: West Yorkshire Police Virus

Jump to solution

Latest development in this ongoing saga : Kaspersky are providing a decryption tool for what they call "Trojan-Ransom.Win32.Rannoh". This is basically the same, I think, as the one that Dr Web provide. If there are no pre-infection unencrypted files available the tool will attempt to decrypt the files by "attempting to calculate" (making a shrewd guess at?) the encryption key.  It also has an option to delete the encrypted files, which I would have thought was risky if the attempted decryption doesn't restore the files properly.

See http://support.kaspersky.com/faq/?qid=208286527

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community