On Wed, 16 Sep 2015, Robert Feldman wrote:
There is a ramsomware variant that encrypts the files
but silently
decrypts them when they are accessed. It does this for six months before
deactivating the on-demand decryption and displaying the ransom message,
the theory being that by that time all of the backups will be of the
encrypted files, and thus will be useless for restoring good versions.
Thereby rendering generations of backups ineffective. When you restore,
you still can not get back any of the file modifications (work) done in
the last 6 months. Thus, the only acceptable solution would be early
detection.
Neither AVG (resident), nor McAfee (manually run weekly) detected my
infection of Cryptowall. What WILL detect it?
As to how one can become infected, see
http://www.theregister.co.uk/2015/08/27/malvertising_feature/?page=1.
Major sites, such as The New York Times, Reuters, Yahoo!, and Bloomberg,
have been serving malware -- including ransomeware -- through hijacked
advertisements. No need to click on anything, the ad serves up the
malware.
But, those still require a gullibility error on the part of the user,
don't they? Do the ads actually load and run the ransomware, or just
present the fraudulent upgrade offer to bring it in?