Ransomeware!

Discussion in 'Windows Security' started by holdum333, Jun 4, 2016.

  1. holdum333

    holdum333 Banned

    Joined:
    Mar 27, 2016
    Messages:
    1,244
    Likes Received:
    147
  2. RichM

    RichM Active Member

    Joined:
    May 9, 2016
    Messages:
    321
    Likes Received:
    49
  3. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,410
    Likes Received:
    363
    I'm very skeptical these will work. For one, lots of these ransomware malware generate the private key on a server, so you never see it on the wire. When I say "on the wire" I mean some ransomware will generate the private cert client side and transmit it and if your network has network monitoring you can extract the key to decrypt. The only case these descriptors would work is if the authorities had seized the bad guys servers and have access to the private keys.
     
  4. RichM

    RichM Active Member

    Joined:
    May 9, 2016
    Messages:
    321
    Likes Received:
    49
    Don't be. On a Linkedin Forum I'm on, an alert shop owner used a new Eset program aimed at
    Crypto Locker captured files and effortlessly removed the encryption.
     
  5. Neemobeer

    Neemobeer Windows Forum Team
    Staff Member

    Joined:
    Jul 4, 2015
    Messages:
    2,410
    Likes Received:
    363
    It probably doesn't remove the encryption then, it more likely has a file system filter driver that intercepts the encryption process and reverts the file back then. That would be do able.
     

Share This Page

Loading...