The F B I is currently investigating this as a Global act of terrorism. They urge anyone to call them.
Depending on the relative value of what one stands to lose in the worst case, it can be rational to pay a ransom. The scenario doesn't really map very cleanly onto the Prisoner's Dilemma, because the ransoming side has already made their move.
It's unlikely that the ransomware is slurping a lot of files - even on a fast connection (200Mbps) it takes weeks to xfer a terabyte. I have not heard that they are doing this, but they certainly could be targetting things like bitcoin wallets, password files (things like lastpass or pasword.txt, .doc, etc.) on an opportunistic basis. Slurp it and If one of a few hundred common passwords opens lastpass, then they have the keys to all your acccounts... if not, next victim. To protect yourself, you need to have a multiple tier AND TESTED backup strategy. It's not enough to just backup every few weeks or months. These programs take time to encrypt all your files, time during which the software pretends nothing has happened and silently decrypts files when you open them. Once everything is encrypted that is when you see the ransom request. So the routine backups can be backing up already encrypted files. This means you need enough backup storage to hold several weeks worth of copies to ensure you have the latest unencrypted files. Just writing over last nights backup each night isn't going to protect you. Ignore the low key sales pitch, this is a good description of how it works... https://www.backblaze.com/blog/cryptowall-ransomware-recovery/ and follow the link to the 3-2-1 strategy
The advice given about backups are all sound. Unfortunately it is too late to help you right now though. It is also a fact that even if you pay the ransom there is no guarantee you'll get a key or indeed ever hear from them. If I were you and I'll assume no proper backups are available, I'd have a proper think about what I was going to lose and decide if that loss was worth the ransom. Very likely I'd format the drive and restart and go spend the money saved from the ransom on a DECENT backup, remembering that backups can also be infected before the ransom ware is deployed. Personnally I use a USB drive for day to day backups, then back up data to bluray every month. It'd still hurt a bit, but I'd stand the hit.
At 200Mbps a terabyte will transfer in 12 hours. CoinVault ransomware has been broken and is defeatable. The machine in question ought to already be recovered by now; PaulM posted the relevant link yesterday morning.
If you look in the Kaspersky page and click on the How-to guide, the splash page doesn't match the OP. Did the OP ever report back? Kaspersky says there is also a Rannosh ransom .. and they give the decryptor for that also. For those who like to read code, this is an interesting detective story. https://securelist.com/blog/research/67699/a-nightmare-on-malware-street/
I hope so. I just down loaded the free version. It's a very limited time period. What did they want for the upgrade?
I'm far less paranoid about this stuff than I was ten or fifteen years ago. My images are backed up, I have a drive image ready to reload with all current programming, and I used to teach "Format C:" for a living. I don't even run antivirus any more. Who cares if I run into a malicious site? I can be back up 100% in half an hour. And I don't do stupid stuff on the Internet. You downloaded the wrong version, I think. There's a Free Version which is not proactive, but scans only. There is also a "free trial" of the Premium Version, which includes active ongoing protections, that's good for 2 weeks. I've been using the former since it first hit the streets.
Most of you know this site probably, but it is an excellent source and they check their files and source constantly. www.majorgeeks.com Kaspersky stuff: http://www.majorgeeks.com/content/p...g/sortname/anti_spyware.html&ss=2377j836689j9
IF you actually get 200Mbps between the end-points. In fact, while my connection tests out to be that fast, once you leave the blessed realm of the Cable Company network, it's a lot slower. End-to-end to my cloud provider I'm seeing more like 7Mbps. Unfortunately most of the other ransomeware programs have learned from the mistake and are using strong crypto. So if you aren't careful, the next time won't be so 'simple'. Like everything in life, it's a question of what you are willing & able to risk vs. what you are willing & able to spend. If it's really valuable and high risk, you reboot using a CD and make two full backups every night and send one off-site to IronMountain or the ilk. But then you have several dozen multi-terabyte drives to buy and a lot of work to perform. Or many other choices, on down to copying your data files to a USB stick a couple times a year when you remember to do it. Or do nothing and hope you are lucky - "Sliding down the razor blade of life" as I've heard it described.
One time I wasn't paying attention and there was a flash player update, that downloaded 3 Trojan at once . Malewarebytes removed all 3 in a matter of a couple hours of scanning the whole system ..
I literally shuddered when I read that. Gonna steal it for later use. Ransomware isn't about taking your data, anyway, at our level. It's about taking your money. Perhaps a compromised corporation would have data worth stealing, but you and I don't. I swear, computing resembles some beginners in numismatics, in one important way: Some just abandon any sense of due diligence and trust anything.
Or do nothing and hope you are lucky - "Sliding down the razor blade of life" as I've heard it described. Listen to this one:
Several years ago, I had a pop-up that claimed I had been down-loading child pornography and the FBI had taken control...yada, yada, yada... I immediately hit the on/off button on the computer and tried to start it up again...same story, I downloaded Malawarebites from another computer onto a thumbdrive and started my desktop in safe mode, loaded the Malawarebites and ran it and it worked. I just use the free one and as-a-matter-or-fact, just ran it day before yesterday.
