Wednesday, March 29, 2017

C-t: Malware: bite-size learning No.4

If you have followed the Cyber-teaching (C-t) bite-size learning module hopefully you will have noticed several references on things that you can do to help yourself as single-person and small businesses  and other SME categories. Further proof that these types of business need to think on their feet and act quickly is making sure you have backed up your data (files, etc.). The obviousness of this will be  apparent quite shortly.

Initially, we need to look at attackers and tools of threat. Those who digitally attack your business look for the weakness in your security. They are looking at this:

The methods adopted for the attacker tools of threat can be in plain sight (email attachment, etc.,) or by stealth (unseen downloads when visiting webpages) are malware that can be inconvenient/ annoying/ threats to person's reputation; to ransomware (demanding monies with menaces to PC/laptop).

If your PC/laptop becomes infected then you will find there are some very helpful and talented companies out there that can provide free solutions to dealing with malware. The company I selected is Emsisoft ( ). When you visit their webpage have a look at all the malware decryption tools the company has created for malware file victims (MFV). In particular, note the number of downloads for malware tools, which give a clear indication which malware is more prevalent in the marketplace.

    Decrypter for LeChiffre
    Decrypter for KeyBTC
    Decrypter for Globe2
    Decrypter for NMoreira or XRatTeam or XPan
    Decrypter for OpenToYou or OpenToDecrypt
    GlobeImposter Decrypter
    Decrypter for MRCR
    Decrypter for Globe3
    Decrypter for Marlboro
    Decrypter for OpenToYou
    Decrypter for GlobeImposter.
    Decrypter for Stampado
    Decrypter for Fabiansomware
    Decrypter for Philadelphia
    Decrypter for FenixLocker
    Decrypter for Al-Namrood
    Decrypter for Globe ransomware
    Decrypter for OzozaLocker
    Decrypter for Nemucod
    Decrypter for DMALocker2
    Decrypter for HydraCrypt
    Decrypter for DMALocker
    Decrypter for CrypBoss
    Decrypter for Gomasom
    Decrypter for Harasom
    Decryptor for Xorist
    Decryptor for 777
    Decryptor for BadBlock
    Decryptor for Apocalypse
    Decrypter for ApocalypseVM
    Decrypter for Radamant
    Decrypter for CryptInfinite
    Decrypter for PClock
    Decrypter for CryptoDefense

Those who are familiar with using the PCs/laptop and the desktop facilities may not be so familiar with the technical operation and tend to be put off from investigating, instead hoping that the antivirus / malware detection cleaner will resolve the problem. In part they do, but they do not decrypt malware file victims (MFV). This is why I chose Emsisoft decryption tools because the function of decrypting is very easy to follow, such that as a user:

1) As you are familiar creating a folder on a desktop: you can create a folder on a USB stick;
2) You know how to download a program;
3) You know how to copy and paste;
4) You know how to move a file from location to another.

You may recall previously it was mentioned about "back-up your data"? And here is one reason for that. For the Emsisoft decryption tool to work it needs a) an original file b) the malware file victim (MFV) in order to conduct its decryption process.

Quite simply:

5) Create a folder on a USB stick (e.g. Malware Test);
6) Download a copy of the relevant decryption tool (determined by the file-extension of the infected file (MFV) and cross-referenced to the tool at Emsisoft website;
7) Copy and paste the original file into the folder;
8) Move the infected file (MFV) into the folder;
9) Highlight both the files (original and MFV);
10) Drag and drop both files on the decryption tool icon and the program runs itself.

Always read and follow the decryption tools instructions.

Remember to run your antivirus/malware detection cleaner programs on your PC/laptop and don't forget to do the same for the USB stick.

Lastly, there are no guarantees that decryption or release tools will work or it might be tools may not have been created for malware, so keep hunting and be patient.

Where fake programs are present holding a user to ransom that require input of release keys the professionals have noted a number of frequently common keys to unlock that have been used:

Master Boot Record Blocking Keys Unlock Codes:

- Pwn8
- 721A
- g81A
- wb8A
- oc8A
- Gd8A
- Wf8A
- lc5L
- Og8A
- 7j8A
- 7r9A
- gx9A
- xmnL
- XqnL
- prnL
- hsnL
- 8unL
- PvnL
- HwnL
- 0znL
- XapL
- pbpL

Frequent common keys unlock codes:


As a reminder using these keys wont clean your PC/laptop, you will still need to run antivirus/malware detection cleaner programs.

These C-t: bite-size learning modules are free of charge. They are based upon research and surveillance in the marketplace to help others. There is no connection with the companies or their products.

No comments: