Does it need the user to be an administrator or it can execute when logged in as a regular user?

Regards,
Job Muriuki,

Skype: heviejob




On Wed, Oct 5, 2016 at 9:39 PM, Owen Sakawa via skunkworks <skunkworks@lists.my.co.ke> wrote:

Nice move ken

Warm Regards,

Owen Sakawa
Tel: +254723060160
Skype: owen.sakawa




On Wed, Oct 5, 2016 at 9:31 PM +0300, "Odhiambo Washington via skunkworks" <skunkworks@lists.my.co.ke> wrote:

My answer is NO!

Someone must have opened the ransomware app and run it! Funnily, they don't show you if they are running. For the ones in Office document macros you do get a warning (because of the macro) but I can tell you a gullible person will run the macro, because the subject of the e-mail/or body is normally so sweet/attractive/creates anxiety.

Just for the kicks, at some client's office, I wrote a rudimentary batch script to backup a server. The script maps a network drive, does the backup by creating a dated file (compressed), then disconnects the network drive. That way if a user get's the server encrypted, the backup drive will not be encrypted. Why did I do this? Because ransomware checks even shared drives and encrypts them as long as it gets the write permissions.


On 5 October 2016 at 21:17, Kennedy Aseda <samskid5@gmail.com> wrote:

Wash,

Is it possible an attacker can break into a server, escalate their privilege to root or admin, run the encryption tool on data directory then ask for ransom? Just a random thought.

Kennedy

On 5 Oct 2016 21:12, "Odhiambo Washington via skunkworks" <skunkworks@lists.my.co.ke> wrote:
Ransomware is NOT malware in the true sense of malware. Ransomware is more like you personally decide to run a program that encrypts your files, only this time it's not you :-)
AFAICT, no antivirus will ever detect ransomware. Again, ransomware requires the user to be gullible enough to run it. Sorry Kevin.

On 5 October 2016 at 19:19, alex watila via skunkworks <skunkworks@lists.my.co.ke> wrote:

anti malware did not prevent the attack?


On 5 Oct 2016 18:55, Kevin Ochieng via skunkworks <skunkworks@lists.my.co.ke> wrote:
Hi Pals,

woke up today moring only to realise that all my folders in the server were affected  and replaced by - SJAWv2LVfy.b674
                         - README  HTML Application

Anyone gotten this attack before?
  
Kevin Ochieng'


Skype : kevinjanabi
            +254727217330


_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke



--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

_______________________________________________
skunkworks mailing list
skunkworks@lists.my.co.ke
------------
List info, subscribe/unsubscribe
http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks
------------

Skunkworks Rules
http://my.co.ke/phpbb/viewtopic.php?f=24&t=94
------------
Other services @ http://my.co.ke