+- Post4VPS Forum | Free VPS Provider (https://post4vps.com)
+-- Forum: General Chat (https://post4vps.com/Forum-General-Chat)
+--- Forum: Offtopic (https://post4vps.com/Forum-Offtopic)
+--- Thread: lokf virus attacks ! (/Thread-lokf-virus-attacks)
Pages:
1
2
lokf virus attacks ! - chanalku91 - 11-14-2019
One of the Wanacry Virus attacked my home network and caused 5 computers in my home to be encrypted and caused my home security system to be totally paralyzed! The attacker asked for a ransom of 980 USD as a ransom to reopen all files on my PC! Because it is urgent, if anyone has a solution, please let me know as possible!
RE: lokf virus attacks ! - Mashiro - 11-14-2019
a) Why are you posting this in the VPS support and help forum when it IS ABSOLUTELY NOT related to issues with your VPS?
b) A solution to this problem? There is no solution to this problem, yet. You have no backups? Too bad. The latest iterations of WannaCry have not been taken down so far.... which means that there is no decryption key available to help out people who are affected.
If you can backup all encrypted files to a spare HDD and keep it stored somewhere. Meanwhile reinstall all affected systems. Hope for a tool or key to be released when WannaCry gets taken down and when that happens (maybe in some years) you might be able to decrypt your files.
RL fact: The company I work for has been hit by Emotet/Trickbot and the latest iteration of WannaCry. There is no real way out. Whole domain infrastructure that was built over several years was destroyed. We had to rebuild everything and lost a lot of files that were needed for people to work. Atleast the company now pays a bit more attention to what we say and has granted us funds for a proper offline tape backup infrastructure and a 10 GbE backup network infrastructure.
RE: lokf virus attacks ! - LightDestory - 11-14-2019
Well, you are asking for a miracle, as said by "Hidden Refuge" there is no way to revert the latest variants of WannaCry... yet.
Nowadays a lot of software of backup & restore have implemented a "ransomware protection", a example is Acronis True Image that keep a incremental backup of your data.
So, right now there is no help that I can provide you but only the suggestion to be careful next time and takes scheduled backup of your data.
BTW, no virus can just attack your network, someone from the inside downloaded an infected excutable and then it spread over your network.
RE: lokf virus attacks ! - chanalku91 - 11-14-2019
Oh ... oh my god!
I was very panicked, because one of these PCs was the core of my home's security!
And now I have to work 24 hours to replace the External Disk and reinstall all infected PCs!
At least if you have the same experience, please post here, I want to know!
RE: lokf virus attacks ! - fChk - 11-16-2019
(11-14-2019, 06:20 PM)chanalku91 Wrote: One of the Wanacry Virus attacked my home network and caused 5 computers in my home to be encrypted and caused my home security system to be totally paralyzed! The attacker asked for a ransom of 980 USD as a ransom to reopen all files on my PC! Because it is urgent, if anyone has a solution, please let me know as possible!
Is this ransomware still a threat?.. Thought Microsoft have released the patches years ago!!... Yet another reason to switch to Linux desktops Folks.
Unfortunately, a post-mortem recovery for such incidents is impossible without the adhoc keys.
The real question to ask in your case, as a sysadmin, is: how did that ransomware find its way into your Lan? you should find the breach.
Good Luck!
RE: lokf virus attacks ! - chanalku91 - 11-16-2019
Maybe it's because one of the SSID's wasn't given a password for guests!
Even Neighbors also use the SSID!
I don't know what they did!
When my PC was infected I did not find a way to restore it!
Except through Backup!
I want to ask @ "Hidden Refuge" is it true that Wanacry Virus can spread through WiFi Networks?
RE: lokf virus attacks ! - Mashiro - 11-16-2019
It is almost irrelevant what kind of network you are in (wired/wireless). WannaCry uses several methods to attack machines on the network. Windows machines are all generally full of security holes and WannaCry uses them to break into the machine and spread further. A wireless network is no different from a wired network other than how you physically connect to the network.
RE: lokf virus attacks ! - fChk - 11-17-2019
@chanalku91. Today I've got more time for a Google search on this; so here is what I've got, if it's of any help.
The specifics of this ransomware are too technical but I want to refer you to an article by Sophos (from 2 months ago): WannaCry – the worm that just won’t die that kind of lay out the big picture of the "wannacry" current situation. It also refers to a research article (in PDF) done by Peter Mackenzie of Sophos Group: WannaCry Aftershock for more in-depth information.
In that research article, there is a section called "Recommendations and advice" which states the following:
Quote:The most important advice we can share is patch your computers, all of them. Do it now!
You can use the instructions in the following article to check if your computer is patched against EternalBlue: How to Verify if a Machine is Vulnerable to EternalBlue - MS17-010.
If you are a Sophos customer and (....)
SophosLabs has published a list of Indicators of Compromise (IoCs) relating to this research on our Github page, at https://github.com/sophoslabs/IoCs
As I said in my previous post, the patch exists since 2017; which means that your windows PCs aren't still patched against EternalBlue vulnerability, which make them a target for this Wannacry ransomware.
RE: lokf virus attacks ! - humanpuff69 - 11-17-2019
wannacry is very old at this point . but some of ransomware still spread mainly from pup and application downloaded from unknown sources . for wannacry the server is probably inactive and it not spreading anymore
RE: lokf virus attacks ! - Khadeer143 - 11-24-2019
Thats really sad attackers are really smart they will find so many ways to hack the computer ,droning viruses on computer to smart even sometimes antivirus software can't detect them