Avid Pro Audio Community

Avid Pro Audio Community (https://duc.avid.com/index.php)
-   Windows (https://duc.avid.com/forumdisplay.php?f=93)
-   -   iHELPERPC Ransomware... (https://duc.avid.com/showthread.php?t=399497)

The Weed 05-31-2018 12:48 PM
iHELPERPC Ransomware...
 
I believe this is brand new ransomware. If you've heard of it and know how to defeat it, please let me know. Fortunately it's not my computers that have been affected.

Yesterday a friend's production computer became infected. Every file is encrypted with the extension .ihelperpc after the legitimate extension. Every folder has an html file with the Ransomware note. Even his images are now encrypted.

After copying off any files he hopes to eventually decrypt he will be formatting the drives and reinstalling Windows 7. (He's stuck there because he has a Delta 1010 soundcard and Adobe Audition 3.0) Not sure when the last time his Windows 7 was patched and he wasn't running any anti-virus protection.

Because of this I now have a new backup mantra: If it's not connected it can't be infected.

Nightly, I plan to check I'm not infected, then plug in external drive, image to it, turn the computer off and unplug the external drive. That drive won't be plugged in again until the next night or I need to restore an image from it.

Yes, I know that should have been my backup strategy from the get go, but it is what it is: A cautionary tale.

DonaldM 05-31-2018 01:42 PM
Re: iHELPERPC Ransomware...
 
Have you seen this from Avast on how to remove ransomware?

gnjlee 05-31-2018 02:33 PM
Re: iHELPERPC Ransomware...
 
Quote:
Originally Posted by The Weed (Post 2490038)
I believe this is brand new ransomware. If you've heard of it and know how to defeat it, please let me know. Fortunately it's not my computers that have been affected.

Yesterday a friend's production computer became infected. Every file is encrypted with the extension .ihelperpc after the legitimate extension. Every folder has an html file with the Ransomware note. Even his images are now encrypted.

After copying off any files he hopes to eventually decrypt he will be formatting the drives and reinstalling Windows 7. (He's stuck there because he has a Delta 1010 soundcard and Adobe Audition 3.0) Not sure when the last time his Windows 7 was patched and he wasn't running any anti-virus protection.

Because of this I now have a new backup mantra: If it's not connected it can't be infected.

Nightly, I plan to check I'm not infected, then plug in external drive, image to it, turn the computer off and unplug the external drive. That drive won't be plugged in again until the next night or I need to restore an image from it.

Yes, I know that should have been my backup strategy from the get go, but it is what it is: A cautionary tale.
Having a combination of offline and cloud backups are your safest bet. Some ransomware attacks cloud data as well, so you might want to check with your cloud provider to see if they do any backups of your cloud data.

Also do not surf the web or check email on your production machine, and never run with admin privileges. Make sure your surfing machine doesn't have R/W access to data shares.

You MAY want to put your production and storage machines on a separate network.

It is getting very very ugly even having an internet connection.

The Weed 05-31-2018 04:45 PM
Re: iHELPERPC Ransomware...
 
Checked online for the Avast and AVG decryption tools, but no one has anything listed for ihelperpc yet.

And yes, it's becoming a very nasty, interconnected world.

The Weed 06-03-2018 10:48 AM
Re: iHELPERPC Ransomware...
 
An FYI: I just found out that the paid version of Macrium Reflect has Macrium Image Guardian, which is supposed to protect an image from being encrypted by Ransomware. Even though I have the paid version on all 3 of my computers, I still plan to image to external drives and then unplug them.


All times are GMT -7. The time now is 03:40 AM.

Powered by: vBulletin, Copyright ©2000 - 2008, Jelsoft Enterprises Limited. Forum Hosted By: URLJet.com