Lawrence Abrams, LEO, Ransom discussed on Security Now
Mellon University to deal with future security attacks. But the worms biggest legacy to date. Was it started away? After that. It started wave after wave of computer and internet attacks. He said if Robert Morris hadn't done it someone else would have. But regardless today, we live in a world where a day doesn't go by without a serious attack. So thirty years ago, Leo. Wow. Wow. And speaking of not a day going by. Lawrence Abrams at bleeping computer, brings news of a crazy. New ransomware that calls itself common. Ransom. And I would argue as does Lawrence that actually he says absolutely under no circumstances. Never ever. I'm thinking. You know, we'll take it as a challenge. So here's the deal that the ransom note for common. Ransom reads. Hello, dear friend. I love this notes. There's so funny. Exactly. Hello, dear. Fred, your files were encrypted point. Yeah. Yeah. You're a really a good friend. You have only twelve hours to decrypt it in case of no answer our team will delete your decryption password. That's right because we're your friend, your friend, and it says right back to our Email old at nuke dot Africa. And then it says in your message you have to write this ide-. And then it provides in the in the note the victim ide- for your machine. So you identify yourself to them by your victim ide-, then get this the IP address and port of the RDP service. That is the remote desktop protocol of the infected machine they want permission to remote into computer lease to fix. I'm not kidding Leo to Vic to to disinfect it number three, the username and password, having admin rights. I know this secures worse than the fix. And then that of course, he's was. Yes, that course was exactly Lawrence's point and the time of day when you have paid point one bit BTC point one bitcoin. So what's at around eight six hundred and fifty US at the moment because bitcoins Huck had been hovering around sixty five hundred dollars to the following bitcoin wallet. And then you give you the bitcoin address. They says after payment our team will decrease your files immediately. Meaning they will remote onto your machine and Lawrence points out that at that point your screen goes blank because windows workstations only allow one interactive log in at a time. So they acquire it you get logged out. They now have admin rights on your machine, and you can't see what's going on. So. Oh, Lord only knows what's going to happen. So okay. So first of all who the heck is going to give bad guys a remote desktop protocol connection to this machine. If you're to be infected by this nightmare. The best advice would be what Lawrence Abrams at bleeping, computer. Who I will argue is the industry's leading expert on ransomware. Joe don't don't even consider this. But okay, what if you absolutely absolutely absolutely had to have some files off of that machine? So obviously, the best advice would be not to get yourself infected in the first place. But if that ship has sailed, and you have no backups, and you absolutely have to. Okay. So as I said sort of as an exercise what we're not which we're not recommending, I would say take everything absolutely everything else off your network. Since so many things are these days WI fi connected, perhaps changed the WI fi password and reboot your router. So. What if you took the router out and direct connected, the computer Jedi internet, and then that way, you're on. I think that's probably a better idea. Leo, I like that better..