PDA

View Full Version : ransomware - anybody caught out- what news?



jack7158
03-07-2016, 12:28 PM
Share news about how to fight this one.

pigoo3
03-07-2016, 12:45 PM
I think that we have about two earlier Mac-Forums threads discussing this.:)

- Nick

Jonzjob
03-07-2016, 01:14 PM
I haven't been caught out and, as is, not likely to be because I have never used any type of bit-torrent and not likely to.

But!! As a matter of interest, I use CCC for my backups. If I, or anyone, was caught then would it not be possible to reboot from the CCC disk and format the system and reload from CCC? Or is that too easy?

I'm really not trying to be funny, it is a genuine question.

I just re-read the above post and if necessary then please move this to one or other of the other posts :Blushing::Blushing:

jack7158
03-07-2016, 04:42 PM
Nick Thx for answering - yes I only found the thread after I started this one. I heard about Keranger on a radio news broadcast about 4pm today, as if it had just been found out. The posts here are dated June or July 2015, so do not understand why today was so late is being announced. My apologies.
I ran adwaremedic ( already on my MBA ) and found some Genio etc, which are now history.
AdwareMedic now owned by another group Malwarebytes anti malware.

jack7158
03-07-2016, 04:50 PM
PS I'm curious what CCC means for you? Could it be French?

ankhseeker
03-07-2016, 04:51 PM
CCC is short for a cloning program called Carbon Copy Cloner. Great program.

pigoo3
03-07-2016, 04:52 PM
Carbon Copy Cloner

IWT
03-07-2016, 05:29 PM
If you keep away from Torrent and its offshoots, there is no problem.

Jonzjob
03-07-2016, 05:38 PM
Carbon Copy Cloner is correct folks. Sorry if I caused any confusion.

I did look at Torrent a good while back and decided that it wasn't worth the possible hassle. If something looks too good to be true an all that.

jack7158
03-07-2016, 06:05 PM
Thx for your prompt reply - I meant to ask Nick - in France - but will check it out

jack7158
03-07-2016, 06:07 PM
Thx for the advice

jack7158
03-07-2016, 06:10 PM
Good advice - and I'm so glad and impressed that Apple users club together like this forum and share info like this

Jonzjob
03-07-2016, 06:19 PM
Thx for your prompt reply - I meant to ask Nick - in France - but will check it out

Sorry Jock, the French version, as always, is different from the U.K. version and is called Cloner Copy Carbon and abbreviated to CCC not CCC. The 'Cs' are in a different order as you can see, ot should that be C?

It took us ages to realise what they were talking about on the news when they mentioned OTAN? It is NATO!!! An IRM is an MRI and liguid gas, LPG, is GPL :Confused::Confused::Confused:

My brain cell hurts!

pm-r
03-07-2016, 06:29 PM
I haven't been caught out and, as is, not likely to be because I have never used any type of bit-torrent and not likely to.

But!! As a matter of interest, I use CCC for my backups. If I, or anyone, was caught then would it not be possible to reboot from the CCC disk and format the system and reload from CCC? Or is that too easy?

I'm really not trying to be funny, it is a genuine question.

I just re-read the above post and if necessary then please move this to one or other of the other posts :Blushing::Blushing:


Just so it doesn't get missed and to quote a member from another forum loosely:
"…as there is a three day activation delay, a daily CCC clone would be useless…"…

Unless one keeps archived clone backups…

harryb2448
03-07-2016, 10:27 PM
Twenty five years ago Jack it was even better. Most major centres had MUGs "Macintosh Users Group" and they used to hold monthly meetings to discuss new machines, new technology, freeware, software etc etc. Mine, the Sydney Macintosh Users Group" or SMUG, published a thirty page monthly newsletter with new machine info, and more and more and more.

pm-r
03-07-2016, 11:35 PM
Still lot's of active "Macintosh Users Groups" around, even though I no longer belong to our Victoria BC group, and Apple supplies a place to search if anyone is interested at:
http://www.apple.com/usergroups/

jack7158
03-08-2016, 02:40 AM
D'acccord- et si, si,si - et si vous etes français, je vous complement parce que vous écrivez si bien en anglais.

jack7158
03-08-2016, 02:55 AM
Only one thing to say here, this thread has led to a torrent of witty and helpful guys forming a Collective with Computers in Common ,who are on the ball - follow this forum avidly, and seem to have laptops attached to their hip. On a different tack, Macs run and run and run, I'm reticent to get rid of the three old-timers in the loft - an LC11 - 24 years old - still working fine - like two bulbous iMacs from the 90s -graphite and blueberry ---- a Mac Genius when asked said they could be worth something as an "antique" in the not too distant future,( doubt it) but I think they would have to be pristine. And mine most definitely ain't.
And guys - I'm prepared to draw a line under this thread - I've got other fish to fry - like a lot of people out there - there are not enough hours in the day to do anything on my todo list which is getting longer by the minute. Cheers

harryb2448
03-08-2016, 02:57 AM
That must Gaelic Scots Jack! ABout half a dozen Down Under and nearest 350 miles away so don't think I will bother going tonight lol!

Jonzjob
03-08-2016, 03:38 AM
I'd be covered in that case PM, because I don't have any reason to back up more that every week, or so.

Harry, you would be a bunch of GUMS here mate :P:P Something for you to get yer teeth into at meetings me-thinks ;D

Nobody has answered my question as to if doing a reformat and CCC reload would clear it? After all the system doesn't get a look in when you do a boot and select the boot device from power on does it.

jack7158
03-08-2016, 06:30 AM
G'day harryb - bit cryptic that!!! Do you mean that the nearest Burns Club is in Canberra which is 174.84miles single journey away - return works out at 350miles ?- we were there three times over Christmas New Year ( got a years membership) - good place to eat all you like for one price - Star Buffet - my daughter lives Canberra, and has done for 15 years now. Anyway I digress - keep in touch with me if you want - Sydney was a vibrant place New Year's Eve 2013 -stayed in Uni halls two nights.
what do you mean by half a dozen Down Under??
Cheers

jack7158
03-08-2016, 06:35 AM
Sorry John( that your name?) Can't help with your question . I made a system reinstall flash drive at same time ( and tested it out ) as setting up a 256Gb SSD few weeks ago - cos my start up disk was filling up on a daily basis with the help of Jpegs and camcorder footage, ( followed the advice given in the March MacFormat - good mag

pigoo3
03-08-2016, 09:50 AM
Nobody has answered my question as to if doing a reformat and CCC reload would clear it? After all the system doesn't get a look in when you do a boot and select the boot device from power on does it.

As long as the CCC backup contained no malware associated with this problem…then sure…an infected computer would be returned to a "healthy state".:)

- Nick

Jonzjob
03-08-2016, 01:03 PM
Ta Nick, then that would make it worth doing 2 CCC backups and rotate them on a weekly basis. That would definitely work for me.

pigoo3
03-08-2016, 01:12 PM
Ta Nick, then that would make it worth doing 2 CCC backups and rotate them on a weekly basis. That would definitely work for me.

Remember:

- This is a very rare sort of thing happening on a Mac.
- If someone didn't "play" around with bit-torrent apps like this…there would be no infection.
- Apple acted very very quickly to sort things out.

What I'm saying is…always great to be prepared. But at the same time…the average user I don't think has a lot to fear.

Regarding your question. It all depends on:

- How quickly a problem is found & verified as a problem.
- How quickly we are officially informed there is problem.
- How well informed a user stays on top of the latest news.

* Nick

Dogbreath
03-14-2016, 12:25 AM
Last week, using my Mac, I did a Google search on how to remove Dell crapware (bloatware) on my Mother's Windows PC since a clean install would be performed in order fix her computer running Windows 7 after her hdd died and a new one installed. My intentions were to reload everything using her Dell OS/Applications/Drivers disks on her new hdd. I clicked on a legitimate looking link for an app that would remove Dell bloatware after the reinstall since I was using the Dell disks that came with her computer. Suddenly, my screen changed and a voice spoke up and said my computer was corrupt and for X amount of $$$, things could be restored to normal. Information I picked up from this forum gave me the know-how to stop and remove the threat to free my computer and get MY computer "fixed". Although I was able to stop the attack there, I must say I was NOT on any questionable site nor have I ever used/downloaded a bit torrent. Since I am still using OS 10.6.8, there is no Malwarebytes available for my OS. After disconnecting my ethernet cable, I rebooted and cloned OS 10.6.8 back from my CCC back up to my Mac hdd. It worked perfectly and system was restored to a time when everything was running fine and the ransomware was gone. A simple fix.

harryb2448
03-14-2016, 05:17 PM
No Jack. Being halfway between Sydney and Brisbane, that is each way!

Jonzjob
03-14-2016, 06:06 PM
:Oops:That's got to be fairly close to my sister in Lawrence :o:o:o

harryb2448
03-14-2016, 07:41 PM
Yes jonjob. Lawrence is just up the highway past Grafton - about 90 miles. When I was married fifty odd years ago the punt used to be at Lawrence.