Re: [Skunkworks] Cerber Ransomware
*Avoid* Ammyy Admin website <http://ammyy.com> *The website is compromised to spread Cerber 3 Ransomware.* http://news.softpedia.com/news/ammyy-admin-website-compromised-to-spread-cer... There are some decryption softwares as quoted in some articles, feared to try any tho' Bravo On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com> wrote:
I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 ------------------------------ From: charles kungu via skunkworks <skunkworks@lists.my.co.ke> Sent: 9/21/2016 2:23 PM To: Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Cerber Ransomware
Yeap. My cleint was attacked by batman_good@aol.com.xtbl
They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up.
On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any victim?
Bravo
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, C . K
While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities. Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup. In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere. In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html On 21 September 2016 at 14:48, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
*Avoid* Ammyy Admin website <http://ammyy.com> *The website is compromised to spread Cerber 3 Ransomware.*
http://news.softpedia.com/news/ammyy-admin-website- compromised-to-spread-cerber-3-ransomware-508330.shtml
There are some decryption softwares as quoted in some articles, feared to try any tho'
Bravo
On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com> wrote:
I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 ------------------------------ From: charles kungu via skunkworks <skunkworks@lists.my.co.ke> Sent: 9/21/2016 2:23 PM To: Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Cerber Ransomware
Yeap. My cleint was attacked by batman_good@aol.com.xtbl
They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up.
On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any victim?
Bravo
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, C . K
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
+1 Wash On Wed, Sep 21, 2016 at 3:36 PM, Odhiambo Washington via skunkworks < skunkworks@lists.my.co.ke> wrote:
While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities.
Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup.
In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere.
In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html
On 21 September 2016 at 14:48, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
*Avoid* Ammyy Admin website <http://ammyy.com> *The website is compromised to spread Cerber 3 Ransomware.*
http://news.softpedia.com/news/ammyy-admin-website-compromis ed-to-spread-cerber-3-ransomware-508330.shtml
There are some decryption softwares as quoted in some articles, feared to try any tho'
Bravo
On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com> wrote:
I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 ------------------------------ From: charles kungu via skunkworks <skunkworks@lists.my.co.ke> Sent: 9/21/2016 2:23 PM To: Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Cerber Ransomware
Yeap. My cleint was attacked by batman_good@aol.com.xtbl
They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up.
On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any victim?
Bravo
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, C . K
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Kind regards, Brian
Always remember to plug the machine off network to avoid sync. -----Original Message----- From: "Odhiambo Washington" <odhiambo@gmail.com> Sent: 9/21/2016 3:37 PM To: "Maisiba Bravo" <riggson87@gmail.com>; "Skunkworks Mailing List" <skunkworks@lists.my.co.ke> Cc: "David K. Kandie" <kipkanists@gmail.com> Subject: Re: [Skunkworks] Cerber Ransomware While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities. Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup. In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere. In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html On 21 September 2016 at 14:48, Maisiba Bravo via skunkworks <skunkworks@lists.my.co.ke> wrote: Avoid Ammyy Admin website The website is compromised to spread Cerber 3 Ransomware. http://news.softpedia.com/news/ammyy-admin-website-compromised-to-spread-cer... There are some decryption softwares as quoted in some articles, feared to try any tho' Bravo On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com> wrote: I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 From: charles kungu via skunkworks Sent: 9/21/2016 2:23 PM To: Maisiba Bravo; Skunkworks Mailing List Subject: Re: [Skunkworks] Cerber Ransomware Yeap. My cleint was attacked by batman_good@aol.com.xtbl They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up. On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks <skunkworks@lists.my.co.ke> wrote: Any victim? Bravo _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke -- Regards, C . K _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Cheers Kandie I have done that for since 2009 ! Regards On Wed, Sep 21, 2016 at 4:08 PM, David K. Kandie via skunkworks < skunkworks@lists.my.co.ke> wrote:
Always remember to plug the machine off network to avoid sync. ------------------------------ From: Odhiambo Washington <odhiambo@gmail.com> Sent: 9/21/2016 3:37 PM To: Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> Cc: David K. Kandie <kipkanists@gmail.com> Subject: Re: [Skunkworks] Cerber Ransomware
While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities.
Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup.
In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere.
In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html
On 21 September 2016 at 14:48, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
*Avoid* Ammyy Admin website <http://ammyy.com> *The website is compromised to spread Cerber 3 Ransomware.*
http://news.softpedia.com/news/ammyy-admin-website-compromis ed-to-spread-cerber-3-ransomware-508330.shtml
There are some decryption softwares as quoted in some articles, feared to try any tho'
Bravo
On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com> wrote:
I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 ------------------------------ From: charles kungu via skunkworks <skunkworks@lists.my.co.ke> Sent: 9/21/2016 2:23 PM To: Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Cerber Ransomware
Yeap. My cleint was attacked by batman_good@aol.com.xtbl
They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up.
On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any victim?
Bravo
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards, C . K
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- ALVIN OCHOLA 0722-313923
You do know M$ Windows has had this ability built in since the days of XP? -------- Original Message -------- Subject: Re: [Skunkworks] Cerber Ransomware Local Time: 21 September 2016 3:36 PM UTC Time: 21 September 2016 12:36 From: skunkworks@lists.my.co.ke To: Maisiba Bravo <riggson87@gmail.com>, Skunkworks Mailing List <skunkworks@lists.my.co.ke> While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities. Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup. In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere. In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html
Cicero, which ability is that you mean? I know about the built-in backup util in Windows, but it really doesn't come closer to the app I shared. On 21 September 2016 at 18:12, Marcus Cicero via skunkworks < skunkworks@lists.my.co.ke> wrote:
You do know M$ Windows has had this ability built in since the days of XP?
-------- Original Message -------- Subject: Re: [Skunkworks] Cerber Ransomware Local Time: 21 September 2016 3:36 PM UTC Time: 21 September 2016 12:36 From: skunkworks@lists.my.co.ke To: Maisiba Bravo <riggson87@gmail.com>, Skunkworks Mailing List < skunkworks@lists.my.co.ke>
While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities.
Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup.
In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere.
In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
Wash, Please note that the backup can contain the ransomware since some work with a time bomb. So in addition to backup include other measures such as antimalware, patched systems, user education etc Regards, From: Odhiambo Washington via skunkworks [mailto:skunkworks@lists.my.co.ke] Sent: Wednesday, September 21, 2016 3:36 PM To: Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Cerber Ransomware While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities. Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup. In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere. In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html On 21 September 2016 at 14:48, Maisiba Bravo via skunkworks <skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke> > wrote: Avoid Ammyy Admin website <http://ammyy.com> The website is compromised to spread Cerber 3 Ransomware. http://news.softpedia.com/news/ammyy-admin-website-compromised-to-spread-cer... There are some decryption softwares as quoted in some articles, feared to try any tho' Bravo On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com <mailto:kipkanists@gmail.com> > wrote: I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 _____ From: charles kungu via skunkworks <mailto:skunkworks@lists.my.co.ke> Sent: 9/21/2016 2:23 PM To: Maisiba Bravo <mailto:riggson87@gmail.com> ; Skunkworks Mailing List <mailto:skunkworks@lists.my.co.ke> Subject: Re: [Skunkworks] Cerber Ransomware Yeap. My cleint was attacked by batman_good@aol.com.xtbl They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up. On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks <skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke> > wrote: Any victim? Bravo _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke> ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24 <http://my.co.ke/phpbb/viewtopic.php?f=24&t=94> &t=94 ------------ Other services @ http://my.co.ke -- Regards, C . K _______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke <mailto:skunkworks@lists.my.co.ke> ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------ Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24 <http://my.co.ke/phpbb/viewtopic.php?f=24&t=94> &t=94 ------------ Other services @ http://my.co.ke -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
I've always used Dropbox. Always set the root to my `~/ directory. Always worked for me even when hit or accidentally learnt sudo find / -delete -name *.txt. But then again, all my data never exceeded around 4GB On 21 September 2016 at 20:16, Alex Watila via skunkworks < skunkworks@lists.my.co.ke> wrote:
Wash,
Please note that the backup can contain the ransomware since some work with a time bomb.
So in addition to backup include other measures such as antimalware, patched systems, user education etc
Regards,
*From:* Odhiambo Washington via skunkworks [mailto:skunkworks@lists.my. co.ke] *Sent:* Wednesday, September 21, 2016 3:36 PM *To:* Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List < skunkworks@lists.my.co.ke>
*Subject:* Re: [Skunkworks] Cerber Ransomware
While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities.
Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup.
In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere.
In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html
On 21 September 2016 at 14:48, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
*Avoid* Ammyy Admin website <http://ammyy.com>
*The website is compromised to spread Cerber 3 Ransomware.*
http://news.softpedia.com/news/ammyy-admin-website- compromised-to-spread-cerber-3-ransomware-508330.shtml
There are some decryption softwares as quoted in some articles, feared to try any tho'
Bravo
On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com> wrote:
I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 ------------------------------
*From: *charles kungu via skunkworks <skunkworks@lists.my.co.ke> *Sent: *9/21/2016 2:23 PM *To: *Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> *Subject: *Re: [Skunkworks] Cerber Ransomware
Yeap. My cleint was attacked by batman_good@aol.com.xtbl
They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up.
On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any victim?
Bravo
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Regards, C . K
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
ᐧ
"user education"... any of you ever got this to work - as expected?... no, i'm not saying it's a waste of time/doesn't work, but educating users and making them understand what seems like common sense to us is probably the most difficult task i get to do...every other day... -- On Wed, Sep 21, 2016 at 7:16 PM, Alex Watila via skunkworks < skunkworks@lists.my.co.ke> wrote:
Wash,
Please note that the backup can contain the ransomware since some work with a time bomb.
So in addition to backup include other measures such as antimalware, patched systems, user education etc
Regards,
*From:* Odhiambo Washington via skunkworks [mailto:skunkworks@lists.my. co.ke] *Sent:* Wednesday, September 21, 2016 3:36 PM *To:* Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List < skunkworks@lists.my.co.ke>
*Subject:* Re: [Skunkworks] Cerber Ransomware
While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities.
Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup.
In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere.
In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html
On 21 September 2016 at 14:48, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
*Avoid* Ammyy Admin website <http://ammyy.com>
*The website is compromised to spread Cerber 3 Ransomware.*
http://news.softpedia.com/news/ammyy-admin-website- compromised-to-spread-cerber-3-ransomware-508330.shtml
There are some decryption softwares as quoted in some articles, feared to try any tho'
Bravo
On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com> wrote:
I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 ------------------------------
*From: *charles kungu via skunkworks <skunkworks@lists.my.co.ke> *Sent: *9/21/2016 2:23 PM *To: *Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> *Subject: *Re: [Skunkworks] Cerber Ransomware
Yeap. My cleint was attacked by batman_good@aol.com.xtbl
They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up.
On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any victim?
Bravo
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Regards, C . K
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
For authoritative Information on ransonware see the site that Dutch Police, Europol, Kaspersky and Intel Security have launched- http://www.nltimes.nl/2016/07/25/dutch-police-launch-anti-ransomware-site/ Kind Regards, MUTUA, Andrew Alternate Limited http://www.altn8.co.ke On Wed, Sep 21, 2016 at 7:43 PM, MotoBaridi via skunkworks < skunkworks@lists.my.co.ke> wrote:
"user education"...
any of you ever got this to work - as expected?... no, i'm not saying it's a waste of time/doesn't work, but educating users and making them understand what seems like common sense to us is probably the most difficult task i get to do...every other day...
--
On Wed, Sep 21, 2016 at 7:16 PM, Alex Watila via skunkworks < skunkworks@lists.my.co.ke> wrote:
Wash,
Please note that the backup can contain the ransomware since some work with a time bomb.
So in addition to backup include other measures such as antimalware, patched systems, user education etc
Regards,
*From:* Odhiambo Washington via skunkworks [mailto:skunkworks@lists.my.co .ke] *Sent:* Wednesday, September 21, 2016 3:36 PM *To:* Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List < skunkworks@lists.my.co.ke>
*Subject:* Re: [Skunkworks] Cerber Ransomware
While you guys are working on this, I have seen two situations where both Cerber and Zepto ransomware messed up two entities.
Since then, I have been thinking about how to always be ready to mitigate the effects. And the surest way is backup, backup, backup.
In situations where files are stored on shared drives on the network, the situation is even worse should the share not have a backup elsewhere.
In the meantime, this tool should help Windows users create backups -> http://www.2brightsparks.com/download-syncbackfree.html
On 21 September 2016 at 14:48, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
*Avoid* Ammyy Admin website <http://ammyy.com>
*The website is compromised to spread Cerber 3 Ransomware.*
http://news.softpedia.com/news/ammyy-admin-website-compromis ed-to-spread-cerber-3-ransomware-508330.shtml
There are some decryption softwares as quoted in some articles, feared to try any tho'
Bravo
On Wed, Sep 21, 2016 at 2:39 PM, David K. Kandie <kipkanists@gmail.com> wrote:
I am victim - still looking for help. All files are now .cerber and have also synced with Office 365 ------------------------------
*From: *charles kungu via skunkworks <skunkworks@lists.my.co.ke> *Sent: *9/21/2016 2:23 PM *To: *Maisiba Bravo <riggson87@gmail.com>; Skunkworks Mailing List <skunkworks@lists.my.co.ke> *Subject: *Re: [Skunkworks] Cerber Ransomware
Yeap. My cleint was attacked by batman_good@aol.com.xtbl
They encrypted some files, and changed them to .xtbl format, still figuring how to decry pt the files that were not backed up.
On Wed, Sep 21, 2016 at 1:34 PM, Maisiba Bravo via skunkworks < skunkworks@lists.my.co.ke> wrote:
Any victim?
Bravo
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Regards, C . K
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
--
Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft."
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (10)
-
Alex Watila -
Alvin Ochola -
Andrew Mutua -
Brian Echesa -
Chris Ochieng -
David K. Kandie -
Maisiba Bravo -
Marcus Cicero -
MotoBaridi -
Odhiambo Washington