Lets keep our personal attacks of IT Admins to a minimum... We all agree that backups are essential. With that said let em offer two pieces of info:
#1 in my situation i have only been on staff for less than 30 day's and although getting proper backups were at the top of our list of things to implement, there were other pressing issues that seem to have bumped themselves to the top of our to-do list.. Needless to day backups are now at the top of the list again (implementing on and off site backups as I type this).
#2 removal of this infection is very simple, BUT that still leaves all your files encrypted. As previously mentioned we DID pay the ransom, and now that e have almost a whole work day under our belt after doing so i have NO regrets.
Kenny Rogers said it best..... You got to know when to hole em, know when to fold em.... In this case folding was the smartest move i could have made.... especially after people are reporting that after the timer expires their files are still encrypted...
This isn't just a virus/malware.... this is encryption. This wasn't a threat to lock our files, the files were already locked.. It was a pure shot in the dark whether or not paying the ransom would work, but the fact is that it did. Honestly, if i was an evil genius like the author of this virus obviously is, i would have been more ruthless and either charged more, or just taken the cash and not decrypt the files.. The fact that payment actually unlocked the files was a shock, and honestly a welcomed wake-up call...
It was a $100 learning lesson...
Aside from trying to decrypt the files, i think there needs to be some SERIOUS attention brought to the fact that this infection seems to have affected systems running TrendMicro WFBS.. the ONLY client pc on our network still running TrendMicro WFBS is the one who got infected and thus encrypted all the shared network drives.
I spent 4 hour on the char support with TrendMicro, and finally i gave up on them and just paid the ransom... Now, i wish i would have just paid it sooner.
My advice:
If you have backups, then just format the infected PC and restore your files. No need to pay the ransom.
If you don't have backups but don't care about your data or have lots of time to POSSIBLY decrypt some of your files (highly unlikely if they are infact using the type of encryption they state they were) then backup your files, format your pc and work on the decrypting process..
and lastly,
If you don't have proper backups, pay the ransom, let it decrypt the files, Make a proper backup, then format the infected PC. Make sure you scan all the backed-up files for viruses (although still not sure what if any AV out there is detecting this.)
It's $100. what is your data and time worth?
I've NEVER paid ransomware before, but this being the first time, it's a wakeup call, and an eyeopener to a whole new kind of threat.
On a related note, since a lot of us are seeing that TrendMicro is a common thread in this, any recommendations on a different AV? Personally I am going with MS Security Essentials until a final decision is made.
Back to top
