Posted by: oldbroad

Ransomeware - 10/25/17 04:00 PM

I guess that is what this is. This is part of an email from my brother a couple of weeks ago:

"I’m doing fairly well . I think I was hacked two weeks ago . David was on the computer at six in the morning when it froze on him and put up a message that he should call the phone number that popped up on the screen or he could lose everything on the computer . He called the number ( because he really didn’t know what else to do ) and he was told it would cost $ 500 to fix it and they would have to have access to it ( actually take it over ) , which would require the security password . That’s when he came and woke me up . I tried all the tricks to get this off the computer ( hit escape , alt. control delete , unplugging it ) none of these things worked . So , I gave them the information they asked for and they took it over .

They installed a few new security softwares and asked for a check ( for payment ) . I refused to give them a check and they argued A LOT about that , then finally took a credit card . When they finally got off the phone I uninstalled the software , answered the text message on my phone from the bank to stop payment on this charge and did a few security sweeps of my own to make sure there were no viruses on it . I also went to the bank and cancelled that credit card and got another one . They have since , called almost every day ( which comes up as an unknown number )and I do not answer because I know that if they get a voice recording of me saying yes or confirm ( or anything of that nature ) they could use that to open new accounts or confirm identity for a purchase ."

After I asked some questions he replied with this:

"Anyway , the computer has windows defender on it and I also bought MacAfee security . I used full scans with both of these . I could take it to Best Buy to have a techie go through it , but it seems to be fine ."

I don't know if he would like me posting this or not but I would like to hear your thoughts. I told him to keep a close eye on his finances and that I didn't know if he should have MacAfee with Windows Defender.
Posted by: Draclvr

Re: Ransomeware - 10/25/17 04:36 PM

No, he shouldn't have McAfee and Defender. To be honest, I'd trust Defender more than I would McAfee. Don't know for sure, but McAfee may have shut Defender off. They should definitely NOT be running at the same time. There are far better anti-virus programs out there. I'm not a big fan of Norton, but it is a good one, as is Webroot and several others.

I have dealt with a couple of these. His first problem was that he called the phone number and dealt with them at all. The two people who called me simply shut down their computers and the message was gone. But the absolute worst thing was allowing the hackers access to his computer. They may have installed back door software turning his computer into a bot or any number of other nasties. Most of these really nasty ransomware attacks direct you to a website to pay a ransom in Bitcoin currency.

I had one guy who made the same mistake and demanded they give control of his computer back to him and they refused. He finally just unplugged it and got rid of them. He then had to go through much of the same rigamorole your brother did.

I strongly recommend Malwarebytes Pro to run alongside whatever anti-virus he chooses to use. When my mom was 90 and living 600 miles away from me, she got something similar and called me. I have Malwarebytes Pro on her computer which had popped up a message that they had stopped something from getting on her computer. When I went up there a couple of months later, I looked in the quarantines on Malwarebytes Pro and saw that it was a ransomeware virus that had been stopped. Without it, her computer would have been trashed and I was 600 miles away and couldn't have fixed it. At the very least, he should download the free Malwarebytes and run two or three scans with it.

And keeping a VERY close eye on his finances is a very good idea. Who knows what information they harvested from his computer with this so-called "security software" they installed. Changing any important passwords would also be a good idea.
Posted by: oldbroad

Re: Ransomeware - 10/25/17 04:57 PM

I had the impression he bought the MacAfee AFTER this happened and only had Defender before (Windows 10).

He claims he UNPLUGGED the computer and it was still there.

I didn't think the MacAfee was good with the Defender but since I am not familiar at all with Windows 10 or Defender I didn't argue it with him, just mentioned it. I did tell him that I have Malwarebytes Pro but again, didn't press the point.

When I asked him WHAT password he gave them, he just told me there's a password for this and a password for that, etc. He didn't actually answer my question. I can only assume that he DID change passwords.

Thanks Draclvr for your input. It is pretty much what I was thinking. Maybe I'll email him a follow up email and see how things are going.
Posted by: oldbroad

Re: Ransomeware - 10/25/17 07:33 PM

I emailed him again today. He said this:

"MacAfee works just like Malwarebytes . Every time I go the computer it’s running a scan for any site I go to . It also runs a weekly scan ( a more extensive one ) . I have gotten more than a few “ notices “ from my “ bank “ that someone is trying to get onto my account . It leaves a go to address and tells me I have until such and such date to contact this address or my account will be frozen . The first time I got this notice , I thought it might be true , so I went to the address , what I got was this large red page telling me DO NOT GO ANY FURTHER . That was my MacAfee telling me this was not a safe site to go to . I contacted the bank and told them about this , they told me they would never send any message like that . WHEW !! . They were looking for my account number and pass word to remove me from my money ( the root of all evil ) ."

Yikes! He said he checks his bank and credit report constantly.
Posted by: Geo

Re: Ransomeware - 10/25/17 08:39 PM

Thats why its important to have files like documents,favorites,pictures,etc, backed up on a ext.HD.
When you do that you never have to worry about blackmail. I would NEVER give in to blackmail. I would throw the computer out first. Here is my experience with ransomware. I have had it 3 times, the first 2 times nothing worked until I used malwarebytes in safe mode. That worked great. The third time it seemed they learned things and nothing worked because they blocked any safety software from starting. I had to re-load windows which took 2 to 3 hours but I didn't pay anything to these crooks. Since I had important files backed up everything went fast and smooth.
Posted by: Draclvr

Re: Ransomeware - 10/25/17 09:12 PM

Good for you, Geo. Backup, backup, backup.

Oldbroad, McAfee does not work just like Malwarebytes Pro. They work in different ways. If he has already paid for the McAfee, he might as well continue to use it for anti-virus, but there are FAR better options out there. Malwarebytes Pro also has options to run from a flash drive which can sometimes bypass the efforts to block it.

Your brother REALLY needs to download and run the free version of Malwarebytes at least 2 or 3 times. It sound to me like he still has malware lurking.
Posted by: oldbroad

Re: Ransomeware - 10/25/17 11:27 PM

Yes. His response, which is what I posted here, was because I had again tried to sell him on the Malwarebytes. Apparently he doesn't feel the need for it.
Posted by: Draclvr

Re: Ransomeware - 10/26/17 01:10 AM

What do they say about leading a horse to water!!