Wednesday, May 4, 2016

Ransomware infection


Unfortunately, my Flight Simulation computer has been infected with Cerber Ransomware - which is basically a malware that sneaks into your system and encrypts all your data and then asks for a ransom to get a software to decrypt them. More information here:

http://www.bleepingcomputer.com/news/security/the-cerber-ransomware-not-only-encrypts-your-data-but-also-speaks-to-you/

After a full night getting documentation and trying any possibility I could read of, it is my understanding that, at the moment, there are no known solution for my case but paying the ransom - which right now I am not willing to do. I may change my mind when I'll be more calm.

Currently, after running several recovery softwares, it seems that all the critical files (mostly source 3D models, animations and textures) are compromised and I cannot access them anymore. The only exception being the files that were actually already installed in the simulator, which have not been touched - that basically means the F-35 update I have been working on.

Therefore, as of today, I have no choice but suspend ALL my projects indefinitely with possible exception of the F-35B update.

I am evaluating all the options I have - in the very worst case, all my current project may be canceled.

19 comments:

mario_papa@fastwebnet.it said...

mi spiace molto per quel che ti è successo,
è insopportabile vedere il proprio lavoro
rapinato e sottoposto a riscatto,mi auguro
che tu possa ricominciare, se lo fai backuppa
regolarmente i tuoi file di lavoro su una unità
esterna è l'unica difesa al momento contro questi
rapinatori.
Cordialità e Aguri
Grazie per quanto fatto fin'ora per flysim.
mario





























Jim F. said...

This is horrible Dino. Any idea how you became infected? Perhaps knowing this may help someone down the road.

Unknown said...

Wow Dino! ... So sorry to hear that. The same thing happened to me a year ago (CTB-LOCKER). It really made me mad so I know how you feel. I am an amateur photographer and lost all of the most recent pictures pictures, but most of my documents and pictures were backed up on external drives that are only on when I'm using them. So how do you trust someone who does that sort of thing to actually un-encript your files after you pay them? I didn't ... I wiped my hard drive clean and started over. It was a chore for sure, and now I back up anything important immediately (like if I shoot a wedding for a friend). I really love your models, and hope you get back up (I know you will). Make me a Dassault Rafale Marine for Acceleration and I will pay for it!
Arnie

Unknown said...

Dino,

what is the ransome???? maybe we can all pull together and help you here, you've given us so much free addons, let us help you.. start a go fund me or pay pal account...

Sincerely

Dwayne Drover

Unknown said...

Hi Dino, I had this experience too, for 2 months ago and I'm still installing everything from scrap! I lost everything windows, pictures and even word documents and the intaire Fsx, P3D and X-Plane files I have over 300 add-ons to install and its just frustrating! By the way in my case I was watching the walking dead on stream and during I'm was watching it installs the encrypted files and thing it was the play button that initiated this and I didn't noticed! Yes I,m still frustrating and they is no words that can make it better! But you actually need to be patient! Good luck with recover or a new fresh install! Best regards
Daniel

Unknown said...

Hi Dino, I had this experience too, for 2 months ago and I'm still installing everything from scrap! I lost everything windows, pictures and even word documents and the intaire Fsx, P3D and X-Plane files I have over 300 add-ons to install and its just frustrating! By the way in my case I was watching the walking dead on stream and during I'm was watching it installs the encrypted files and thing it was the play button that initiated this and I didn't noticed! Yes I,m still frustrating and they is no words that can make it better! But you actually need to be patient! Good luck with recover or a new fresh install! Best regards
Daniel

ScimmiaSpaziale said...

Thanks for your support.

As for the infection, it is not clear to me how it happened. It is true that I sometimes accessed to grey areas of the internet (adult sites, football matches streaming, movies etc.) and while I am always very careful, it is well possible that I clicked on a wrong spot :-S

Unknown said...

i'm sorry, but i just do not understand, why people use network on the pc with data, what coast money, time and nervouse cels?!
when i read something like "fbi" db was hacked or something like that i'm sure this is fake or intentional leak from "fbi"
same about banks or something like military servers
in any way usual people with unusual digital money can/must have their own network and repulse any data to unnetworked place immediately
even bit$ must reconvert to $ in real time by not web network, but this is not imposible today, so some time some banks.people could be hijacke/hijackes and lost their digital vechicles

but for name of god! for what keep data like own soft or source on the web connected hardware?!
iven in the mos stupid country ussr human could be prosecuted if in his/her car stick keys, they call it provocation to crime

when you in the web you are open just cause you in the web!

Jim F. said...

When watching movies or streaming....Firefox with Ad Block Plus and No Script are highly recommended.

Jim F. said...

@ Daniel

There is no way to know with absolute certainty that your infection was the result of watching 'Walking dead'. Once the infected script runs...that is it. No way to trace the actual root cause of the infection.

When watching any streaming movie of any kind be sure you are using Firefox with Ad Block Plus and No Script along with an AV such as Avast. No Script is without a doubt the one that locks down all scripts and gives you the option of choosing what/if any script runs.

Anonymous said...

So sorry Dino. You are a legend in the Simulation world and do not deserve this very disappointing setback. It would be an even greater tragedy if we lost your continued participation and influence in our community. Please keep us informed on what we can do to help you get through this dark period.

Anonymous said...

What's the problem of make a Ilyushin Il-114?

Anonymous said...

Dino,

I'm so sorry about what happened. It's unfortunate there are people out there that are so cowardly to do such a thing. Hope things get better.

Anonymous said...

Can this "sorry" also help you?

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/

100100101101101010111010 said...
This comment has been removed by the author.
100100101101101010111010 said...
This comment has been removed by the author.
Anonymous said...

Sorry for that Dino, i cann only give one suggest from my experience after more than 25 years "playng" with pcs.The best software for protection and bellibe y try all are: MALWAREBYTES AND AVG INTERNET SECURITY. This softw dont make your Pc slow never. GOOD LUCK AND THANK YOU SO MUCH FOR YOUR GREAT GREAT GREAT WORK DEDICATION TIEME AND PASSION FOR FLYNG. YOU MAKE MANY PERSONS LIKE ME VERY HAPPY WITH YOUR WORK .THANK YOU. GRAZZIE MILE. }-D

Anonymous said...

Offcourse BACKUP EVERY DAY IN EXTERNAL DRIVE,
IN YOUR CASE IS 100% NECESSARY. }-D
THANK YOU AGAIN.
TOP GUN YOU ARE DINO

GPSpector said...

This comment may be late but after reading the prior comments and not seeing one suggestion that could have undone what happened to you, I will post this suggest to all those that see this:

Make regular Backups of your registry.
When you get hit with Ransom Ware, just restore a prior Registry and all will be fine. If you want to search for all the "new" JPG files that were put on your PC by the Ransom Ware, you can delete them safely.

Best suggestion to preventing Ransom Ware from migrating through your PC, surf the Web with Firefox. When you see the Ransom Ware screen pop up, while surfing the web, just hit [Ctrl]+[Alt]+[Del] and close the web page.

That's it.