Is there any possible way to get rid of Sage ransomware without losing all files?

it's not me it's my friend
he told me that he was trying to "mess around in the deep web"
fucking normies

Where do you even get ransomware?

Kek, that's admirable. Or I suppose they could be trying to avoid pissing off their domestic security services.

Let's say hypothetically they were white nationalists, I wonder what heuristic you could run on a persons machine to see if the target was white? There are some fairly white languages, like Norwegian, Danish etc, but that's no help for burgers. What other options are there? Analyze their music collection for a high propensity of hip hop and rap?

Teach to your friend what is VMs and make him use it next time.

Check if the webcam recognizes a face

Take this opportunity to teach your stupid friend two important lessons: make backups or have no files you care about, and don't double-click cp.jpg.exe even if some friendly stranger says it's totally safe to ignore all the warnings.

Don't shit where you eat. It's not like they lose much either, the average Russian is not worth extorting. And the ones worth it probably can cause the attacker trouble.

That's an interesting problem. Without using the camera, spelling could be a huge tell, and shouldn't be even hard. One could also check the names of their friends on faceberg or people they email. If they're all Jamal, etc, they're either a nigger or a wigger. Pics also could be analysed, anyone with nigger pics is probably a nigger.

why would you keep your files on a computer where anyone can access them? use an external hd at the very fucking least

WTF I HAD JAVASCRIPT DISABLED HOW DID THIS HAPPEN?

Yup, got hit with one of those a couple years back. At first I was freaking the fuck out thinking I lost all my files but then I remembered I made a backup just 2 months prior so I was able to sigh with relief and take minimal damage.

Lesson learned, always and I mean ALWAYS keep a backup of your shit. And for fucks sake keep vital shit like photos on a separate drive that you keep stored away and not always plugged in to your PC

how did you get infected?

I believe it was a Javascript-based exploit since I remember trying to find some download and being kind of reckless and clicking on some shady links that just sort of took me to a blank page, then a command window opened up for a split second and I thought nothing of it. I knew I could easily have gotten a virus but I didn't really care about using common sense because I knew I could handle a simple virus, I just would've booted into Linux, backed up my shit and did a re-install. This drive-encryption shit though, is something I can't fucking handle. Its pretty fucking scary shit man, stay safe out there.

Install Gentoo.

Sticky tier question here but If you had an encrypted partition mounted and this malware got on your computer would the encrypted partition get fucked or would it be left alone? Same question if it isn't mounted but on the same hdd as encrypted. I'm guessing in this case it's fine?

Depends on what the ransomware does. It could just as well just mount all detectable drives and partitions and encrypt them. It could install a bootloader kit then just encrypt the entire harddrive weather or not You mounted any other partition. It could, what seems to be in this case detect all folder directories and encrypt each folder like how you encypt your home folder on linux. This seems the likely case since they still need acess to the internet to comply with thier demands so they proably allowed a lot of ports to be open like 22. (ssh).

nomoreransom.org/decryption-tools.html

Should've backed up your files.

it's *almost* nice that they're giving out detailed tech support with it

Use a GeoIp lookup service, and check the best available demographics for that area. If the non-white population there is above a certain threshold, boom baby.

They also let you play games.
Nice guys, these Russians.

How did you catch that is the more interesting question.

...

Fuck off back to reddit, faggot.

Lurk more.

They should have included all slav keyboard layouts, damn traitors.

What exactly did he do? Download some executables and run them or something?
Does he use Windows btw?

Do you think ransomware would work on linux?

some does, just not the kind that you're likely to find by accident
not like linux is impossible to infect

Why wouldn't it?

Of course, there was that Gentoo guy recently. A few months back there was also an exploit that used some obscure audio lib for emulators to gain non-escalated control, which is enough for ransomware.
I'm just curious what is the required threshold of stupidity to get pozzed like that on GNU/Linux. That Gentoo guy was running his browser as root, which is retarded as fuck. I think the audio lib exploit required only javascript enabled but all versions were immediately patched the same day after proof of concept was published.
I mean, what kind of websites do you have to visit? There was once that popular wisdom that you don't even need an anti-virus on Windows if you're smart enough to avoid visiting shady websites. I personally visit such websites only in a VM but I'm still wondering if the threat is more widespread.

You first, redditfag

CP obviously

Yeah, most ransonware infections happen through online Javascript exploits rather than clicking on a file like totally_not_a_virus.exe. You don't even need to browse shady websites, all it takes is a legitimate business website with a compromised ad server (I've seen it happen).

Best protection is 1) always have offline backups of your shit and 2) Chromium or Opera + uBlock Origin + NoScript.
If browser extensions are not an option (in case you're trying to protect the office pc of some clueless normalfag for example), an alternate solution is to install Avast (some comparisons and white papers show it to be the best free av against ransomware) and Malwarebytes AntiRansomware.

I use ublockOrigin and umatrix
Am i safe?

Obviously there's no fully safe when it comes to shit like that, but I'd say you're mostly safe, especially if you're using the fanboy's ultimate and malware domains lists in ublock.
Don't forget to keep an up to date offline backup though in case shtf.

That same message was found on the screens of every Windows system at my work. It was installed through an email attachment sent by someone claiming to be from the US Postal Service. The worker who received the message tried to open the attachment. When nothing seemed to happen after opening it, the worker then forwarded the message to a bunch of co-workers and our boss.

The boss tried to open the attachment too, but he uses a GNU/Linux system (not as root), which was unaffected by the ransomware.

The next day, all the Windows users had the message on their screens, and I got an emergency call to go to the office immediately.

All 'User' directory files were deleted and replaced with "encrypted" files (I'm not totally convinced that they actually contain data from the deleted files). I explained to the workers and the boss that it's never a good idea to send money to ransomware people -- once they receive the money, there's no incentive for them stick around to continue exposing themselves to risk of being caught.

Fortunately, all the important files were stored on a locally hosted Nextcloud server. The default configuration for Nextcloud is to keep deleted files for a few weeks, with an option for the user who deleted the files to restore them through the web interface.

All the important files were restored. And there were a bunch of new "encrypted" files with names containing the string 'osiris', which we removed.

This event provided the excuse for me to convince the remaining Windows users in the office to switch to GNU/Linux.

It only takes one hack of a "popular" safe website to deploy that software to millions. In fact the attackers could even do it by stealth, by deleting their code a mere minutes after attack.

Honestly starting to wonder if I should do all my browsing in a VM, or similarly isolated context.

If you have a music collection you should be gassed on the spot. Go back to reddit faggot.

I know I wouldn't pay $15,000 to keep my Dark Souls saves. Fuck you if you have Linux installed and still use Windows AND give it access to your important stuff.

It's probably because those directories usually amount to a ton of GBs and they don't want to lose time encrypting game files. The quicker it finishes its job the more effective it is.

You'll never fit in no matter how hard you try, faggot.

Restore your important files from backup.

If you have no backups, then nothing important was lost.

I think this is all just a trick to get people to use Tor Browser. Honorable work.

we're Egyptians, the government here is not very strict about cyber crimes, once he went to Not Evil and searched for a stolen Visa cards, found some and ordered food and actually the food was delivered, since then he's obsessed about being rich by buying things online by stolen Visa cards and selling them again, he also think that he can get free Bitcoins by clicking on ads.
that explains everything, TOR is available for any dumb-ass who think that he'll be cool by browsing the hidden service.
he's 19yo btw.
his OS is Windows, and actually I don't think that he knows about other operating systems like Linux.

What the fuck is wrong with having a music collection faggot? To say this, you must either;
1) not listen to music (hillbilly)
2) use Youtube/Spotify (cuck)
3) use radio (normie)

Gas yourself.

Your friend seems like a clever chap. Tell him I have a pyramid to sell for real cheap. He can make some easy cash reselling it. The owner lost most of his fortune, had to move to a museum and can't afford to bring it with him. It has a few years of use, and not all traps work, but the curse is still pretty good.

Get a load of this nigger.
I bet you also don't have a FullHD 60FPS x265 porn stash and instead rely on watching shitty 360p 19FPS videos using flash player on some cuck website like redtube.

Redditors detected.

If ransomware criminals don't give people decryption keys, there's no incentive for people to give them money.

...

Sometimes you need to bend reality a bit to achieve a nice typology.
But user's typology still doesn't make sense conceptually, because normies strongly overlap with cucks. Which is seen in normies using YouTube.

Please get out of the basement for a few days.

nice meme. what would actually happen is:

granted, he was enough of a faggot to run firefox and flashplayer as root, but his /home was still fair game.

yet another reason javascript and web 2.0 is cancer.

This suggests you don't already user.

From a quick read about the ransomware it doesn't require internet connection to work, which is good news: this technically means all the necessary data to decrypt is held locally.
The bad news is an inverse black box (ie software you can run to decrypt) hasn't been made yet.

If you're not autistic enough to enjoy multicolored funiture - like rainbow tables, then...

back to 9gag

There is literally no way to screw my machine unless it's some sort of super exploit that somehow can escalate privileges like a god.

That's not secure. You have to design your own computer and write all the software, without using any 3rd party compilers or tools.

I'm guessing that it's so it doesn't waste time encrypting useless crap(steam+lol is all serverside, the client matters little)

...

Did the person go to worldstarhiphop or black tv or did it watch John Oliver on jewtube?
there you go ;)

Assumes target not using VPN. Unsafe assumption.

For normie browsing, I really don't. I absolutely should, but like most people I'm guilty of choosing convenience over security (and I should know better).

Security by obsurity isn't security though (not for long at least).

It's not meant against tech-savy users, it's meant against normies.