- Nov 19, 2014
- 2,346
This is totally wrong info. Ransomware don't need to elevate to encrypt files and those that need elevation do it for other reasons. Take a look here if you are not convinced.
Undetected cerber3 in ammyy setup
- Thread starter Guillaume Durand
- Start date
- Aug 2, 2015
- 4,286
Sure, understood. And in the name of providing the best service you can to customers, have you considered moving away from the free solutions and maybe to a more secure Paid software.
TeamViewer is a good one and they offer custom paid plans for small businesses ?
Thats just one, there are quite a few that could suit your needs.
- Aug 2, 2015
- 4,286
Thanks for this, Shamu and I have had this discussion before, UAC is crap and can be bypassed, VoodooShield is my surrogate UAC
its far more reliable than UAC. While UAC does afford some level of protection, advanced users are smart to be weary of it and
bolster it, I do this with VS.
@_CyberGhosT_, do you completely disable UAC (everything is elevated -> risky) or just set it to "do not dim..." or you still have enableLUA = 1 with UAC at lowest level?
- Nov 19, 2014
- 2,346
UAC main point of protection is securing Program files and Windows folders. That's the only use i have for it and it's doing a pretty good job at it.
- Aug 2, 2015
- 4,286
I can run with it completely disabled with VS on guard and often do. If I am on a website I think looks a bit untrustworthy I will set it to "do not dim"
Thanks for asking.
Sumit Verma
Level 1
- Sep 14, 2016
- 8
paid them, the link opened, downloaded decryptor.exe
doesnt run, now the link is also not opening for the support
doesnt run, now the link is also not opening for the support
Bad situation...for the future the best protection, outside your security level, is prevention with a good data backup plan on external and offline support.
Our expert maybe can help you.
Malware Removal Assistance
- Jul 3, 2015
- 8,153
@SHvFl thanks for clarification.
cerber is in fact one of those nasty ransomwares that will encrypt even before connecting to C & C.
so according to what you saying, the UAC prompt will come after the encryption already took place?
cerber is in fact one of those nasty ransomwares that will encrypt even before connecting to C & C.
so according to what you saying, the UAC prompt will come after the encryption already took place?
Sumit Verma
Level 1
- Sep 14, 2016
- 8
- Nov 19, 2014
- 2,346
Don't know exactly how cerber works and if it's so bad coded that it needs uac to do anything but i doubt it. Encryption doesn't need elevation if you stay out of protected locations so a ransomware doesn't need to prompt uac. Now if cerber does and if you block it doesn't encrypt then it's bad design by the developer but don't hope all devs will do the same mistakes.
- Jul 3, 2015
- 8,153
- Jul 3, 2015
- 8,153
so what does ransomware need, in order to get to the stage of encrypting?
does it need powershell, or script interpreters?
UAC with administrator user doesn't stop the ransomware.
Something more you can get with UAC enabled and standard user but a lot of recoded variants around.
Something more you can get with UAC enabled and standard user but a lot of recoded variants around.
- Jul 3, 2015
- 8,153
okay, I think I get it now.
ransomware can be delivered in various ways. it can be delivered by powershell or script, but that is not the only way to deliver it.
Sumit Verma
Level 1
- Sep 14, 2016
- 8
- Jul 3, 2015
- 8,153
Sumit Verma
Level 1
- Sep 14, 2016
- 8
hell they know how to make money by hanging sword on someone's neck
- Jul 3, 2015
- 8,153
if you make good backups, their sword turns into a wet noodle.
- Nov 19, 2014
- 2,346
Correct. They can use what you mentioned to do various stuff but it doesn't mean they have to use them.
Similar threads
-
- Question
