Wonder if there are any statistics for how many cases where the hackers did not keep their side of the bargain? (i.e. ransom paid but decryption not completed)
Wonder if there are any statistics for how many cases where the hackers did not keep their side of the bargain? (i.e. ransom paid but decryption not completed)
Windows 10 is very much affected. It needs to be patched.
https://technet.microsoft.com/en-us/.../ms17-010.aspx
I am responsible for 600 machines in 9 offices. I believe we should be protected by Symantec endpoint protection and every machine should be up to date via SCCM. But I am worried if there are machines that for whatever reason do not have the SCCM agent or symantec installed. So what I have done is set up a GPO to block ports 445 and 139 which the ransomware uses to communicate. It may also impact netbios and smb but I'd prefer whatever side effects come from this rather than be hit with this ransonware.
I've also reconfigured our firewalls to block all web based email in the offices, so basically all staff will not be able to check their personal outlook, gmail, yahoo, etc in the office tomorrow using their office machines. Probably I am going to get complaints but better to be safe rather than sorry and hopefully just for a few days and then I can return things back to normal.
Very little reward so far ....
https://krebsonsecurity.com/2017/05/...-26000-so-far/
Doesn't seem so clear-cut actually. Seems that to encourage payment of future ransom the performance rate (ie keeping their side of the bargain) is quite high actually, although there have also been a small number of publicized cases where the files were not decrypted even after payment.
In the similar case I was involved in last year, the hacker did decrypt my files in the end but was slow to respond and then he upped the ransom and this resulted in almost a week of down time. The hacker called himself Diablo Diablo and I called myself Lion and every communication I had with him took about 24 hours to get a response and the reply was usually just one or two words. After I paid the initial 2 BTC ($1000), the tool they provided me generated 4 keys and I think they might have realised we are a company and then they replied "More money". I thought oh fuck these guys are scamming me and I dont even know they have the capability to decrypt even if they wanted to. But I was in a bad situation so I paid another 2 BTC (total 5) and then they decrypted my files.