Question Best way to trap Ransomware ?

Toggle sidebar Toggle sidebar
M

mmitsch

Distinguished
Sep 12, 2010
142
2
18,685
Our daughter's computer was struck with Ransomeware. It's a DELL System, running Windows 11, and this infection caused a message to pop-up saying an automatice reboot would occur due to an infection and to call a number to have it removed. Number was [spammer# removed] and said it was toll free (not very well written...). The machine was runnng a free version of McAfee but it missed this...

I tried everything I coud to remove it and finally, as had been advised in a previous post, reinstalled Windows from scratch. All seems to be running fine again and am getting the apps back on for our daughter / grandkids.

What I've done so far is...

a. Took McAfee off and entable Windows Antivirus. Is there a good took to get to previent this from occurring going foward?
b. I enabled restore points so that maybe I could recover in the future -- think this will work?
c. I can get a USB reovery made using Windows 11 if that's advised.
d. Should I use an external SSD or HDD to make backups of data each day?

Let me know your thoughts on getting this re-configured.

Thanks!

Mike
 
Last edited by a moderator:
Secret-Squirrel

Secret-Squirrel

Reputable
Sep 12, 2020
338
95
4,990
mmitsch said:
Our daughter's computer was struck with Ransomeware...................this infection caused a message to pop-up saying an automatice reboot would occur due to an infection and to call a number to have it removed.
Click to expand...
Were your daughter's files actually encrypted or was it just that pop-up that caused alarm?
 
USAFRet

USAFRet

Titan
Moderator
Mar 16, 2013
175,411
19,886
184,590
Backup
Backup
Backup

Frequently, there is no actual "infection". That scareware popup asking you to call is the problem. You call them, they connect to your system to "fix", and THEN you are actually infected/compromised.

Backup
Backup
Backup

And if you DO get an actual ransomware encryption, don't bother trying to eradicate it and magically decrypt your stuff. This is where the backup comes in.

Backup
Backup
Backup

"System Restore points" are only marginally useful. Living in the same drive and system, they are potentially subject to corruption by the bad actor as well.

You need a real backup situation.

Backup
Backup
Backup

The general concept is 3-2-1.
3 copies, on at least 2 different devices, at least 1 offsite or otherwise inaccessible. I use Macrium Reflect for this.
Frequency of the automated backups is all on you, as to what level of pain you want to endure.
My main system gets an Incremental backup of each drive individually, every night.
Other systems in the house, every other day, or once a week.
 
  • Like
Reactions: Phillip Corcoran and Grobe
Secret-Squirrel

Secret-Squirrel

Reputable
Sep 12, 2020
338
95
4,990
mmitsch said:
It was just the pop up that worried us - and then the system would restart after about 2 mintues...
Click to expand...
Thanks for that Mike.

If your daughter's laptop did indeed restart after two minutes then it almost certainly had a malware infection.

The reason I asked my question yesterday is that there are a lot of alarming pop-ups nowadays that occur bottom-right of the screen that are simply "browser notifications". They are always harmless and their purpose is to frighten the user into phoning a "support" number or to purchase something unnecessary.
 
faalin

faalin

Illustrious
Feb 22, 2012
6,269
487
41,240
Make an Admin account that only you know the password. Next make a second admin account with password and let your daughter know what it is. Third make a user account and have her us this account only, anytime something wants to be installed it will prompt for Admin credentials. This way nothing will be accidentally clicked or be installed in the background without her knowing about it.

I did this for a lady at work for her young daughter.
Admin account for me
Admin account for mom
User account for mom
User account for her daughter, she will not be able to install anything without the mothers permission.
 
  • Like
Reactions: beyondlogic
beyondlogic

beyondlogic

Distinguished
Jun 6, 2013
2,373
433
21,340
mmitsch said:
Our daughter's computer was struck with Ransomeware. It's a DELL System, running Windows 11, and this infection caused a message to pop-up saying an automatice reboot would occur due to an infection and to call a number to have it removed. Number was [spammer# removed] and said it was toll free (not very well written...). The machine was runnng a free version of McAfee but it missed this...

I tried everything I coud to remove it and finally, as had been advised in a previous post, reinstalled Windows from scratch. All seems to be running fine again and am getting the apps back on for our daughter / grandkids.

What I've done so far is...

a. Took McAfee off and entable Windows Antivirus. Is there a good took to get to previent this from occurring going foward?
b. I enabled restore points so that maybe I could recover in the future -- think this will work?
c. I can get a USB reovery made using Windows 11 if that's advised.
d. Should I use an external SSD or HDD to make backups of data each day?

Let me know your thoughts on getting this re-configured.

Thanks!

Mike
Click to expand...

personally while a reformat works on most viruses if you want full certainty replacing the infected drive is better.

next any data from the infected machine including any files that have been backed up while trying to salvage cant be used on the new drive everything has to be erased. DO not use the same email either.

new email
new drive
NON of any usbs should be used on the new drive if you dont know when the pc was infected you cant know what files where compromised.

dont use mcafee worst anti virus

ive used avast for years.


Avast also scans websites to verify you're visiting legitimate sites and not fake scam sites

faalin said:
Make an Admin account that only you know the password. Next make a second admin account with password and let your daughter know what it is. Third make a user account and have her us this account only, anytime something wants to be installed it will prompt for Admin credentials. This way nothing will be accidentally clicked or be installed in the background without her knowing about it.

I did this for a lady at work for her young daughter.
Admin account for me
Admin account for mom
User account for mom
User account for her daughter, she will not be able to install anything without the mothers permission.
Click to expand...
agree with this.
 
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom