Thread replies: 136
Thread images: 16
Thread images: 16
>>
>>56499712
Restore backup.
>>
>>56499719
There are no backups
>>
>>56499719
Server hacked
Nothing works
Wat do?
>>
>>56499712
>yandex
fucking russians man
>>
>>56499757
You got what you deserved.
>>
>>56499757
There are backups but they are inaccessible.
>>
contact for key, they got your balls m8
time to play their game
your company will probably have to shell out cash and youll probably get fired but hey....
oh well
>>
If they don't contain any irreplaceable data, just wipe 'em and reinstall. Don't finance the ransomware cancer.
>>
>>56499712
Fresh install, restore from backup.
>>
>>56499712
>he downloaded 141.exe
>>
>>56499712
Was it GNU/Linux?
>>
Post on 4chan about it, of course.
>>
Fake and gay. It's very easy to write a little program that boots up only to print string related onto the screen.
OP is bamboozling y'all.
>>
"i can't believe this is you on this picture"
>This E-Mail contains a file "Happening.jpeg.exe"
>>
>>56499781
Yeah, they're cunning
>>56499791
What's to stop them from doing it again in the future?
>>56499801
>>56499802
It's a hospital network. All the hospitals in our chain were affected. Losing hundreds of thousands a week on it.
There is a lot of irreplaceable data that can't be lost.
>>56499806
I didn't. I don't know how it happened. I'm a biomedical technician but for some reason my boss wants me to work with the IT fagets to get the issue resolved.
Even the FBI has investigators on it but they can't do shit.
>>56499847
http://www.insurancejournal.com/news/southeast/2016/08/31/424943.htm
>>
>>56499898
One of your employees fucked up. Your network administrator didn't lock things tight enough.
Feel free to let your admin know that people are going to die and that it is entirely his fault.
>>
>>56499847
I'm through the looking glass
>>
>>56499932
Ok, I'll tell him.
>>
>>56499847
MBR ransomware does exist, but I'm not aware of one that also spreads to other machines on the network, unless you had a ton of users click the infected EXE.
>>
Give the Russians money
>>
>>56499757
kill yourselves and terminate your business please
>>
>>56499898
>http://www.insurancejournal.com/news/southeast/2016/08/31/424943.htm
How the fuck did an entire chain of hospitals, with probably thousands of computers between them, get the same shitty virus?
>>
>>56500056
this
>>
>>56499757
:^))))))
>>
>>56499898
>It's a hospital network. All the hospitals in our chain were affected. Losing hundreds of thousands a week on it.
>There is a lot of irreplaceable data that can't be lost.
Damn. Sounds like you're probably SOL then. I mean, it's technically possible that the ransomware uses some outdated encryption method that can be broken, but I wouldn't count on it.
>>
>>56499712
CD-rom?
You don't have the hdd boot option 1?
Just format the whole hdd, if it doesn't work wipe the whole hdd.
>>
It's just like one of my Mr. Robot episodes!
>>
>>56500010
This. If you're a hospital that's all you can do. Sorry for that.
>>
>>56499787
so there are no backups
>>
>>56499898
Lemme guess, Windows XP everywhere right?
>>
Can't believe this hasn't been said yet but...
Install Gentoo.
>>
File: mpv-shot0005.jpg (123KB, 1280x720px) Image search:
[Google]
123KB, 1280x720px
>>56499757
>There are no backups
>There are no backups
>There are no backups
>There are no backups
>There are no backups
>There are no backups
>>
>>56500068
I don't know. I was hoping some computer geek on /g/ could give me more insight into stuff like this.
I just service equipment, like IV pumps, monitors, ECG machines, etc.
>>56500116
That's what I figured.
>>56500130
No HDD boot option 1.
They told us reformatting and wiping data isn't an option.
>>56500161
Windows 7.
>>56500183
That troll got you guys good.
>>
>>56499712
Hello,
Are there any experts out there?
Please reply if you can help me.
I just rm -rf'ed /home
I don't know how
But I need this feature now.
My users are pained
I need my server up again.
Relax.
The list needs a dmesg first.
Just the basic facts
Stop whining between your blurts.
There is no wifi, you are pleading.
Vendor firmware not on horizon.
Packets only coming through in waves.
Your lips move but broken audio mutes what you're saying.
Fork-bomb child. Crappy C coder.
Bad PF ruleset. Machines fall down, go boom.
Now we've got that feeling once again.
We can't explain, you would not understand.
This is just how you are.
Original poster, you ... have become comfortably dumb.
OK
Just a little firewall pin prick
There'll be lots of aaaaaaaah!
You're p0wn3d by a script kiddie dick.
Can you upgrade?
We do believe it's working, good.
That'll keep you going for a while.
Our patience is at null.
There is no wifi, you are pleading.
Vendor firmware not on horizon.
Packets only coming through in waves.
Your lips move but broken audio mutes what you're saying.
Fork-bomb child.
I can no longer handle reading misc.
I want to scrape out both my eyes.
I tried to reply but your address bounced.
I give you my middle finger now.
My inner child is crushed.
My dreams are gone.
You ... have become comfortably dumb.
>>
>>56499712
Contact that russian email adress.
>>
>>56500505
Maybe he accepts credit card.
>>
>>56500475
theo pls go
>>
>>56500475
at least macs have wifi
>>
File: coolcat23112331].jpg (87KB, 500x375px) Image search:
[Google]
![coolcat23112331].jpg](https://cdn.4archive.org/g/image/1473/368/1473368714235.jpg "coolcat23112331]")
87KB, 500x375px
>millions in damage
>could've just paid the russians 500 bucks and had it undone by now
>>
>>56500557
>pay russians money
>they spend it all on vodka, caviar, abibas tracksuits, and krokodil
>reactivate hack to get more money
>rinse & repeat
>>
email them a shitload of gay porn
like thousands of gb worth
>>
Lul just fixmbr
>>
>>56500623
Considering how much a hospital makes they can probably afford to keep russkies afloat until the krokodil kicks in for good.
>>
>>56500363
>They told us reformatting and wiping data isn't an option.
then restore from backup or pay the ransom you fucking retard
>>
>muh hackers
Tell the retards to stop browsing porn with work computers and don't run unsigned executables. Or even better use active directory and a competent sysadmin to lock your shit down to protect the employees from themselves.
You could go linux but your productivity would probably plummet like studies suggest.
>>
>>56500623
>>56500557
>>56500691
>implying that you will recover your data if you pay them.
>>
>>56499712
>HELLO ! Welcome to http://www.worm.com !
>Hacked By Chinese !
>>
>>56500691
ARH are superjews dude. I'm not OP but I worked for one in KY.
Most staff is underpaid as fuck. Even nurses are only hovering around $19/hr. Most workers in the hospitals make around $7.50-$8/hr.
I was a respiratory therapist and only made $12/hr. Anywhere else it's at least $25/hr starting.
The only people who make decent money are the head honchos. Even department supervisors are capped at $45k a year. That whole hospital chain is pathetic.
>>
>>56500756
Bullshit, what studies?
>>
>>56500766
yes you will, that's how any "business" works, it's more profitable to be "legit", kill yourself
>>
>>56500132
You should go and hack some more ram faggot.
>>
>>56499712
Why is there anything irreplaceable on your end points? Try and figure it out for half an hour, if you fail just reimage
>>
>>56499757
>There are no backups
>>
Look for a new job
>>
>>56500068
I remember reading a few years ago about some exploit that infected all unpatched computers on a LAN. Sounds like incompetent IT staff. Using Linux would probably not help since all boxes would be rooted by now.
>>
>>56500780
>anonymous Ransomware Russkis with vodka-stained mousepads squatting at their Voldastka-III Powerstation that hack hospitals for Krokodil money operate on muh honor system
O i am laffin
>>
>>56500836
this site is 18+
you're fucking retarded KILL YOURSELF
>>
File: snapshot_19.38_[2016.07.28_03.51.29].png (4MB, 1920x1080px) Image search:
[Google]
![snapshot_19.38_[2016.07.28_03.51.29].png](https://cdn.4archive.org/g/image/1473/369/1473369782913.png "snapshot 19.38 [2016.07.28 03.51.29]")
4MB, 1920x1080px
>>56499757
>>
>>56500836
This
as far as you know its some russka sckript kiddie that doesn't give a shit and laughs his ass off all the way to the bank
>>
>>56500777
Gurgle it. It was some bullshit about average retards' productivity dropping to 20% because of muh windows shortcuts and where is muh wangblows. The sad part is that I actually believe that study.
>>
Some inbred hick hospital gets hacked. You expect us to care?
>>
>>56500836
>>56500882
FUCKK OFF RETARDED SHIT KIDS
THERE ARE COUNTLESS NEWS ACCOUNTS OF PEOPLE PAYING THE RANSOM AND GETTING THEIR DATA BACK
IF THEY DIDN'T UNENCRYPT THE DATA THEN NO ONE WOULD PAY
FUCK OFF CANCEROUS UNDERAGE LITERAL 14 YEAR OLDS
>>
>>56500766
You are an idiot. It has been investigated by several companies and independant consultants and proven that in most if not all cases key was provided after paying the "ransom"
>>
>>56499757
>Not having backups
Are you retarded or are you retarded?
>>
>Large network of computers
>not running one giant server with virtual machine terminals
wew lad, it's like you wanted to get hacked
>>
>>56500930
>>56500915
found ur culprits OP
>>
File: 1470276931672.gif (3MB, 450x265px) Image search:
[Google]
3MB, 450x265px
>>56500988
>Large network of computers
>Not having file servers with the most basic of basic backup in place
wowzers
>>
restore from backup, something a good business always has
/thread
>>
>>56500894
Aye, that sounds familiar. I'd bet that productivity returns to normal if they just stick to it for a while, though. I mean, having to learn how to use a new OS out of the blue can be a bit disorienting, especially for non-techies, but surely you'd get used to it?
>>
>>56499898
>hospital workers can't cure a virus
>>
>>56499712
Jesus Christ I bet it isn't even actually encrypted, just boot from a live cd and fix it.
>>
>>56500989
very funny but i'm just pissed off at the arrogance of some of the kids on /g/ who just assume things and assert it as facts
>>
>>56501488
Wasn't there some ransomware that was disguised as an unpaid invoice that proceeded to encrypt all hard drives it had access too and even network disks?
>>
>>56500363
Send an e-mail here with a fresh photo and your email..
[email protected]
Get me flights and I will rescue you OP. Flying from UK.
>>
>>56501795
Maybe, I bet it's something ridiculously easy to fix like >>56501787 stated however.
>>
File: 6a00d8341c6d4753ef0120a59b89f5970c-400wi.jpg (12KB, 400x219px) Image search:
[Google]
12KB, 400x219px
>>56501768
>>
>>56499712
>inb4 they encrypted the C drive but all the information on the other drives is unscathed
>>
>>56501879
if they went through the effort to hack the pc they may as well encrypt the hdd for real
>>
>>56501921
>implying they make other drives
>>
>>56501660
I don't know. I've tried to get my 65 year old dad to use internet banking the past 10 years because it's more or less the only way to pay bills that doesn't involve ridiculous charges per invoice. The banking interface looks more or less the same as 10 years ago and I do a new try each month. He just can't wrap his head around how to use or where to enter things. He lacks that ability to quickly scan a computer screen and filter out the important stuff like text fields and so on. A lot of people are the same.
>>
>>56501931
I'd laugh my ass off though; I've seen it before.
>>
File: 1460233815835.jpg (25KB, 550x309px) Image search:
[Google]
25KB, 550x309px
>>56501768
>>
Just pay the Russians their ransom. There is really no other way around it.
>>
>Connecting your work computers to the internet
>>
>>56499757
/thread
>>
File: ginnutshell.jpg (314KB, 1795x709px) Image search:
[Google]
314KB, 1795x709px
>>56499757
>>
>>56501923
>they might as well take a week to encrypt a few terras of data with a surreptitious program that for some reason nobody will notice
Ransomware with actual encryption isn't even a thing for fucks sake.
>>
>>56499712
Just read this whole thread and its kinda funny how incompetent this whole "technology" board board is. Do none of you know anything about randomware? Is everyone here just a script kiddie?
>>
>>56501932
i simply do not get what hinders older people to not be able to do this.
It's like they are lacking a basic function.
>>
>>56502084
>Ransomware with actual encryption isn't even a thing
>>
>>56499712
Something happened.
Install gentoo.
>>
>>56499757
>There are no backups
Fire the admin.
Pay up.
Hire a competent fucking person to do the job.
>>
>>56502114
they come from a simpler time which didn't have nearly as much technology, they usually had a very limited education by modern standards, and their brain has basically "settled" so they have a hard time learning new things
>>
>>56502130
Have you every encrypted anything? It takes time and processing. Last time I encrypted a 1TB disk it took over 26 hours. In a server where data is being constantly and concurrently accessed there's absolutely no way such program could run for days without one of the users running into and already encrypted file and noticing what's going on. Also the admins would definitely notice the change in performance. I will say it again: ransomware with actual encryption doesn't exist at all and it probably never will.
>>
File: 1469289473309.gif (113KB, 434x325px) Image search:
[Google]
113KB, 434x325px
>>
>>56502114
I am 26 and grew up with win98 and later xp. Simple and consistant interfaces. Nowadays every single facebook page redesign is fucking annoying, I quit fb several times because of that. Twitter, instagram and all that I dont even bother because I find their interfaces simply unintuitive and confusing.
>>
Should have used systemd/Linux nothing would have happend
>>
>>56502032
If you don't plan on paying up, you should turn the tables for lulz. Pay a few dollars using a junk account and tell them to check if you sent it to the right account, then they'll get greedy and think they're getting rich, and will contact you demanding the rest, but then affirm that you have it programmed to be sent upon computer confirmation of the code. Nothing will probably happen but you can give any info gathered to the feds. Sometimes their reaction and responses can yield some insight into who you are dealing with.
>>
>>56502220
i'm so sick of this shit i swear this is my last post in this thread because you're not worth my time
it can run in the background and it can use a simplified encryption algorithm etc
if you actually tried looking at the real world you could find articles where people analyze it etc because obviously people would try to recover their files but fail due to the encryption
ARROGANT IDIOT ASSWIPE
>>
More importantly why isn't the hospital on a closed network? And better yet, how was it infected? My guess is the hospitals were targetted specifically.
Also now did it embed itself in the bios or eufi? If this is eufi then you're dealing with a government funded group. None of the computers in the network can be trusted. Wipe them all, flash bios.
>>
>>56502114
He lived his entire life never needing a computer. He can see that it can make life easier but he himself doesn't really need it. He's just so disinterested in using it. It's like forcing you to learn something you have zero interest in that is somewhat complicated for the uninvited.
>>
>>56502074
>(Linux distro)
That was /g/ once upon a time
>>
>>56499712
Pay the people, out of your own pocket for your ignorance, and get your company's data back
>>
>>56499898
>>56500068
>hospital
I really hope that a lot of billing data was lost.
>>
>>56502220
1. You encrypt in the background
2. Some ransomwares just encrypt the MBR, without it your drive is just a collection of disks
>>
File: 1439159428928.gif (216KB, 400x400px) Image search:
[Google]
216KB, 400x400px
>>56501768
>>
It's all a false flag by Linux supporters.
>>
>>56502159
yes
>>
>>56502451
people don't need to support linux, its there and not going anywhere whether others like it or not
>>
>>56500649
probably this lol
>>
>>56499898
>Russia jewing the jews
Awesome. Nothing of value was lost.
>>
>>56499712
install Gentoo
>>
>>56499757
>There are no backups
Even the shittiest of shit admins make backups. Whoever manages your network is an idiot and should be removed from the gene pool immediately.
>>
Unplug it from the interwebs
>>
>>56502306
>it can run in the background and it can use a simplified encryption algorithm etc
And it would still require time and processing. If it used less processing in order to remain hidden it would take more time, and the longer it takes the more likely it will be found as it encrypts more of the data; because all it takes is a user to run into a file that was already encrypted. Maybe when it is 1% encrypted the chances of the users hitting one of those files are slim, but when it is 50% 80% 95% encrypted somebody will notice what's going on. And you pretend to tell me that one morning they booted it and it was already 100% encrypted? Even though all of the aforementioned factors? Then you say stupid shit like:
>use a simplified encryption algorithm
And this is how I know that you don't know shit about computers or encryption. Most of the time consumed is due to physical read/write operations, the complexity of the algorithm isn't relevant unless you have a very low end processor, in which case the processing power starving would be much more noticeable.
>if you actually tried looking at the real world you could find articles where people analyze it etc because obviously people would try to recover their files but fail due to the encryption
The average household-targeting ransomware uses a wrapper, by no means it actually encrypts the information. How about you educate yourself before posting? Because clearly you think you know stuff but you actually don't.
>>56502430
>1. You encrypt in the background
Explained above.
>2. Some ransomwares just encrypt the MBR, without it your drive is just a collection of disks
You don't actually need the MBR/GPT to access the information inside the disk, or even to know the kind of filesystem, just to know details about the partitions. You can do several things like mounting the disk (not booting) in another computer or just erasing the boot flag and then boot from a live cd instead. Encrypting MBR doesn't do shit.
>>
>>56499712
This entire thread is so cancerous, my cancer got cancer.
>>
>>56502514
This.
Fucking this.
Delte this.
>>
>>56502516
spoiler: OP is admin
>>
>>56502544
this
>>
>>56499712
Magnet the hard drives. It will delete the new stored data, removing the ransomware in process.
>>
>>56502542
>You don't actually need the MBR/GPT to access the information inside the disk, or even to know the kind of filesystem
Nope, on NTFS if you encrypt the MBR + Partition Table + MFT, the whole drive is unaccessible.
https://blog.malwarebytes.com/threat-analysis/2016/04/petya-ransomware/
>>
maybe its a hard coded key, some old mbr ransomware used: 21545455
>>
>>56502542
There exists cases of ransom ware that actually encrypts all files that aren't required to boot your system. It won't notify the user that he is "hacked" until it has encrypted all that it's supposed to encrypt. It may provide faux security software warnings that you can't use the computer while it does a "system scan". A person falling for ransom ware is likely to obey the recommendation.
>>
>>56502606
>having electromagnets that can lift a car readily accessible
>>
File: jI1ZkLsKHK.png (224KB, 728x414px) Image search:
[Google]
224KB, 728x414px
Do you think the hackers deliberately use criminally bad grammar to infuriate the victim?
>>
>>56499712
>Computers at work got hacked
>Wat do?
Sack your sysop.
>>
>>56503034
No, Ivan and Petya are good hackers, not good English speakers ;^)
>>
>>56502642
>Nope, on NTFS if you encrypt the MBR + Partition Table + MFT, the whole drive is unaccessible.
Googling so desperate to pretend to know stuff that you didn't even read your own link? Look at the very link you posted and you will see that booting from a live cd is the solution. Therefore it is not unaccessible.
>What to do:
>1) From another computer download i.e. Kali >Linux ISO 64 bit (https://www.kali.org/downloads/) and record on a DVD
>2) Boot the computer that crashed from this DVD, choose forensic mode.
>>56502782
Yeah there are targeted attacks scenarios where hackers encrypt files of interest of special targets if that's what you mean. However automatized malware encrypting whole drives, though technically possible, isn't feasible in for practical reasons. Ransomware is more like a numbers game where you scare a lot of people with the least amount of work possible hoping that one of them pays the ransom. There's literally nothing more that a wrapper and a boot loader, no encryption at all.
>>
>>56500056
i would like to say this may sound extreme but it is a delightful piece of advice.
>>
>>56499712
not your personal tech support, go hire some I.T professionals
>>
>>56503211
Ofc they encrypt fucking documents/pictures/word/excel/database etc files
No one gives shit about system32 or nvidia driver folders.
>>
>>56499973
Im restoring a drs office after they got cryptod and it affected all network shared drives/folders
>>
>>56503211
>choose forensic mode.
That's not going to help you man.
>>
>>56503211
>However automatized malware encrypting whole drives, though technically possible, isn't feasible in for practical reasons
Well you are wrong. They don't encrypt empty space meaning the problem size is reduced a lot. They encrypt files and files in folders of interest like user folders. CryptoFortress for example even encrypt files on smb shares.
>>
>>56503331
>part of he confirmed fix in the guide page of teh first guy who cracked it
>armchair cryptologist on 4chinz knows more
You're all retarded, I'm outta here. Keep being ignorant retards.
Thread posts: 136
Thread images: 16
Thread images: 16