Windows Laptop attacked by Ransomware

Status
Not open for further replies.

Sumit74

Discoverer
Hi everybody,
Recently my friend's laptop was not running properly he was not able to open most of the files.
Then he found Readme - asking for 3500$.
Name of ransomware is TUIS.
How can i help him?
Thanks.
 
From chrome extention store.

For now he got new windows installed and formatted everything and saying the laptop working fine now.
He now wants suggestion for any good antivirus.
So suggest some good antivirus.
Thanks.
So all his data gone?or did he manage to recover?
 
  • Like
Reactions: Sumit74
Did your friend tried to download any files via torrent , crack software or kms pico ?
I don't think ransomware ever comes from these. I used a lot of such stuff on Windows and Mac both and never had any problem. These days, bad stuff comes from fake software (not cracked software) such as, some link giving you a 100 MB version of photoshop which is impossible, some other link telling you that your pc is infected and you should install a new anti virus/ad blocker/anti xyz software. Lastly, ransomware mostly comes from phishing emails. For example, 99% of the hacked Youtube and facebook accounts are due to phishing emails or facebook message containing links and software.
 
All gone he said he was using it from 2012-13.
Damn. And the price of external hdd is cheap too. Could have bought a 4TB drive for around 7k and saved stuff for years on it. I see people cry only after something happens to their "important" data which doesn't have even one backup. ¯⁠\⁠_⁠ಠ⁠_⁠ಠ⁠_⁠/⁠¯
 
I'm not saying leave the drive connected to the laptop 24/7. Only use it for copying important data and then remove it. If it's connected when the ransom ware attacks, it will also get encrypted. But if it was not connected, then you won't lose data. You can then easily format the laptop and recover from the external drive.
 
  • Like
Reactions: Kaleen Bhaiya
I'm not saying leave the drive connected to the laptop 24/7. Only use it for copying important data and then remove it. If it's connected when the ransom ware attacks, it will also get encrypted. But if it was not connected, then you won't lose data. You can then easily format the laptop and recover from the external drive.
Ransomware reveals itself only after it has encrypted most of your files. From the time of infection till it exhibits the notice, it resides in the memory and transparently decrypts the encrypted files, so there is no way to know that you are infected. One possible way to know that the backed up data is not already encrypted is to check the same in another known-to-be-clean system. If the data is already encrypted it cannot be accessed in the clean system

Ransomware is a difficult problem to deal with, follow safe and secure computing guidelines to avoid infection
 
Maybe a naive question, sometimes if they get paid do they send the decryption key and can all data be recovered again?
 
Maybe a naive question, sometimes if they get paid do they send the decryption key and can all data be recovered again?
in theory yes, but its not guranteed.
also most malware just encrypts the files and dont keep the file structure, so you have to remember and put files back in their place.
 
Status
Not open for further replies.