New FBI randsomware solutions?

[TsVk!]

hey guys... anyone know how to remove the newest version of FBI ransomware?,
(I mean the fully locked version) without mounting the offending drive in another machine... I don't have this infection on any of my machines, just really curious to hear if anyone has finally figured it out.

 

[jamescv7]

It will be depend on the situation given solution by malware remover experts.

Hitman Pro Kick Starter has the ability to overrun any based ransomware locked system.

Rkill, Combofix and others can managed to remove through command line.

Sometimes using a rescue CD.

 

[Fiery]

Kaspersky rescue disk or any other rescue disk can work as long as the vendor has the ransomware signatures, which sometimes they don't.

Easiest, fastest and most efficient way for Vista and up is using Farbar Recovery Scan Tool. You don't need to wait hours for a complete system scan and you get all the rootkits, files, folders, registries. It's not based on signatures, it's based on the user's eyes

 

[TsVk!]

In the new versions I understood that the system was completely locked to restart on any boot mode except the randsom page... No command line or safe mode options at all.

Even Hitman Pro is often failing against this new version. Pretty crazy stuff, the bar is constantly being pushed higher and higher. :black_eye:

 

[Fiery]

Malware writers are always 2 steps ahead of security vendors unfortunately

 

[jamescv7]

Security companies doesn't have the abilities to prevent using any components like BB, HIPS, and sandbox as they will execute a brute force attack as locked system.

Signatures are the way to prevent since its came from deep analysis through their lab.

 

[Seany007]

Security companies doesn't have the abilities to prevent using any components like BB, HIPS, and sandbox as they will execute a brute force attack as locked system.

Signatures are the way to prevent since its came from deep analysis through their lab.

I'm yet to see which ransomware can bypass Comodo sandbox on untrusted.

HIPS can stop it as well it depends on the user and configuration. What you mean by "execute a brute force attack as locked system"?

Signatures are often behind new ransomware samples.

 

[jamescv7]

It means even HIPS/BB respond due changes for system, some ransomware has the ability to execute immediately and locked the system.

 

[Seany007]

It means even HIPS/BB respond due changes for system, some ransomware has the ability to execute immediately and locked the system.

Oh okay. I'm yet to see such samples.

But I see no way for it to bypass the sandbox like CIS provided the user knows what he is doing and the restriction level is high enough.

 

[TsVk!]

If users knew what they were doing it'd be much harder for malware authors. :to_become_senile:

 

[jamescv7]

Malware writers are just doing their part to make more tactical styles in order not to reveal easily.

And everyday thousands of users got infected always due common styles with lack of awareness.