Welcome To GraphicStyles
  • Guests visting GS (GraphicStyles.org) may download 5 files per day. If you wish to download more you must register. After registering, you may download 20 files per day. Registration is free and downloads are free. If you wish to send your work to us, feel free to register and send your work.
Sign in to follow this  
Followers 0
Taurus

How I plan to protect from ransomware

4 posts in this topic

Blackmail viruses like RedBoot have evoked a serious discussion in the IT security circles. These types of cyber-culprits cause much more damage than mainstream ransomware as their adverse effects go beyond personal data encryption alone. The above-mentioned infection, for instance, additionally corrupts the Master Boot Record and skews the partition table to render the machine inoperable. Some researchers argue that perpetrating programs with such a depth of impact make victims highly skeptical regarding their chances for recovery, hence the crooks earn less than they would if the pest simply enciphered files without blocking computers altogether. And yet, the makers of RedBoot don’t seem to care and keep spreading their Petya-ish baddie regardless.

Every data entry found during the scan gets encrypted. To blemish these files, the ransomware additionally concatenates the .locked extension to each one. This suffix may be iterated so that a sample file named Budget.xlsx assumes the shape of Budget.xlsx.locked.locked. Note that the original filename and extension are preserved, being simply appended with the extra string. After the data encryption phase has been completed, the Trojan issues a command to reboot the infected machine. When it starts back up, the user will see a ransom warning instead of their regular Windows interface. The text on the red screen goes, “This computer and all of its files have been locked! Send an email to redboot@memeware.net containing your ID key for instructions on how to unlock them. Your ID key is [random hexadecimal string].”

1 person likes this

Share this post


Link to post

In other words, the victim is instructed to contact the threat actors at redboot@memeware.net, and will then supposedly receive a walkthrough to unlock the PC and decrypt files with the .locked extension. A big caveat to recovery, though, is that there is no way to enter the unlock key, which suggests that RedBoot is either too crude at this point, or it’s a data wiper that shouldn’t provide any restoration options in the first place. One way or another, the fix should start with creating and using a bootable rescue CD or USB so that the system actually loads. Stick with the procedure below to do the rest of the fix.

http://myspybot.com/redboot-ransomware/

1 person likes this

Share this post


Link to post

Informative post and I think some visitors and members may find it useful. :) 

1 person likes this

Share this post


Link to post

Thank you :663:

1 person likes this

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0

Cookie Use Disclaimer

In order to provide you with a more personalized and responsive service we need to remember and store information about how you use this website. This is done using small text files called cookies. Cookies contain small amounts of information and are downloaded to your computer or other device by a server for this website. Your web browser then sends these cookies back to this website on each subsequent visit so that it can recognize you and remember things like your user preferences. If you do not agree with our terms of service, please do not visit our site. For more information about cookies, please click here