Got hit with the SamSam ransomeware

Discussion in 'Community Discussion' started by dukebound85, Feb 23, 2018.

  1. dukebound85 macrumors P6

    dukebound85

    Joined:
    Jul 17, 2005
    Location:
    5045 feet above sea level
    #1
    So my work windows machine got hit with samsam ransomware from work servers. It didn't seem to execute entirely (as it did on some of my collegues') as very little of my files were encrypted and I was still able to open all the key documents I need for work. My coworkers had all their stuff encrypted demanding bitcoin repayment which won't be happening.

    I was able to save the files I need on an external drive and will be wiping the computer. What malware/virus scanners can detect this? I want to throughly scrub the data on my mac via a windows virtualization before I reintroduce files on my work machine. Can ransomeware hide itself in word/pdf/xls files? or does it need to have a .exe?

    Thanks
     
  2. keysofanxiety macrumors G3

    keysofanxiety

    Joined:
    Nov 23, 2011
    #2
    A lot of ransomware is in Excel/Word files, mainly targeted for businesses which still run Office 2007 or earlier. Simply open the file and you’re buggered. This is because those older Office versions automatically run macros when opened and that’s how they deliver the payload. That said, those viruses still don’t affect Macs, even if you run the malicious script.

    That’s not to say Macs are impervious to viruses. However Apple have made some simple decisions that seem massively obvious to prevent fundamental infections, such as SIP which prevents editing of system files. Conversely, I couldn’t count the amount of times I’ve seen the explorer shell in the registry hijacked to run an additional malware/ransomware program as it loads, which only involves adding a space and the path of the malicious item put in quotation marks. We’re talking a line of plain text here, that anybody with local admin privileges can edit. It’s utterly ridiculous how MS don’t completely lock that down.

    Anyway, gripes aside about stupid Microsoft decisions — if you’re concerned, run MalwareBytes for Mac and try a scan through a free AV such as Sophos or Avast. However there isn’t anything close to Windows ransomware on Mac. Yes, you do get ransomware on macOS, but that either involves the user installing something or an application using a Java/Flash exploit. It’s not self-propagating like you see on Windows.
     
  3. dukebound85 thread starter macrumors P6

    dukebound85

    Joined:
    Jul 17, 2005
    Location:
    5045 feet above sea level
    #3
    Can they impact already created and known word/excel files or are they unique files that run macros?
     
  4. keysofanxiety macrumors G3

    keysofanxiety

    Joined:
    Nov 23, 2011
    #4
    Well in my example it’s normally from emails saying “see attached invoice”, so some unsuspecting toilet brush crunching cells in a dead-end job would open the file. It’s nothing sculptured for a specific business. If a domain is affected by ransomware then they’re chirpily encrypting your files and charging the moon on a stick to unlock them.

    So basically: although it’s technically possible that an infection could edit existing items, they wouldn’t need to do that as they’ve already injected the infection and buggered up your data anyway. People who write ransomware don’t play the long game. They’re just out for immediate extortion.

    TL;DR: I wouldn’t be too concerned. Honestly. Just run some AV for your peace of mind.
     
  5. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #5
    Run and A/V and be sure to have the latest Office security updates before proceeding. Not much after that. However, if you are still paranoid, copy your files into a "dummy" PC and run them to see which file might be infected.
     
  6. dukebound85 thread starter macrumors P6

    dukebound85

    Joined:
    Jul 17, 2005
    Location:
    5045 feet above sea level
    #6
    is bit defender form the App Store good?

    Any good, free recommendations that can scan a flash drive for viruses and malware?
     
  7. jav6454 macrumors P6

    jav6454

    Joined:
    Nov 14, 2007
    Location:
    1 Geostationary Tower Plaza
    #7
    I used to use ESET NOD32, but I stopped paying for AV solutions as they usually like to slow things down to a crawl in Windows based PCs.
     
  8. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #8
    I've been dealing with some crypto mining malware on one of my web servers I manage. I've engaged several teams at my organization to work on this, and up until recently, I was largely unsuccessful in fully purging it from the web server. Thanks to one team for giving me a tidbit of info, that I was able to use, to see that there was a specific vulnability, and so I patched the web servers and so far everything looks clean.
     

Share This Page

7 February 23, 2018