I’ll do the movie status first since it will be quick. I saw only one new movie in August. That was the film Seven Psychopaths (2012), which I reviewed as one of Steve’s
Selections. It’s also the only film
review I posted in August. I did
re-watch the first season of the TV show Archer, and I caught most of Erin
Brockovich on TV, which was also a re-watch for me.
Even before other events that I will get to I hadn’t really
been in much of a movie watching mood for weeks. It actually started in July. Most of the films I saw that month were from
the first half of it. I don’t know that
I watched much at all after that. I’ve
had three Netflix DVDs sitting on my coffee table, unwatched, for at least two
months. I had finished off a few lists
after completing the big TSPDT list earlier in the year. When I went to look at doing another smaller
list, or any list, I just couldn’t get motivated. It felt too much like a homework assignment
instead of enjoyment.
And this bled over into posting about movies. During this year I’ve gone from posting a few
times a week to once a week the last month or so that I was doing posts. These also felt more like homework
assignments rather than the fun of sharing info on a film that I liked.
I also had three middle of the night implementations for
work last week. That completely messed
up my inner clock. And the final thing
that made me less enthusiastic about using my computer to write and post
reviews (or watch movies), is that about a week and a half ago I was partially
hit by some ransomware.
For those of you not familiar with the term, it’s malicious
software that encrypts the files on your computer and will not release them to
you until you pay money.
Now I said that I was only partially hit by it. I was surfing the web, clicking links off
links off links. I got one of the not
uncommon screens that tries to say you’ve got a virus on your computer and it
wants the go ahead to run a scan. I
“X”ed out of it. It popped up an also
not uncommon window asking if I was sure I wanted to leave the page. I clicked “Yes”, but all that happened is the
popup window went away and the page stayed up.
At this point I decided to kill the page directly using the
Start Task Manager utility. I had
several tabs open, but I knew if I killed the browser as a whole I would lose
all of them. I didn’t want to do that so
I tried a surgical strike, killing individual IE instances. All this did was set in motion a series of
cancels and Windows automatic recoveries of the tabs I was killing. My guess is that this is what triggered the
page to start its work on my computer.
Not realizing this at the time, I finally did kill all
browser sessions, then relaunched and surfed some more. After a while it registered with me that my
hard drive had really been cranking non-stop.
I went to launch Start Task Manager again to see what was running, but
it wouldn’t come up. I then noticed a
couple of extra icons on my bottom task bar and knew something was attacking my
machine. I powered the PC off directly
by using the power button, hard drive be damned. When I booted up I had a text file and a web
page try to automatically launch. I
killed the web page before it connected and immediately unplugged the power
cord for my modem to prevent any web connection, and also knowing it should
reset my IP address once I eventually powered it back on.
I took a quick look at the text doc that was open and it
started to go into how a “powerful encryption device” had been used on my
computer and to go to a webpage to find out more. I didn’t bother since I knew what this
was. Had I gone there I would have
undoubtedly seen a timer and demands to pay hundreds, if not thousands, of
dollars to get my files back. And who
knows what else that web page might have tried to do to my computer?
I deleted all instances I could see of the .txt and .html
files and rebooted again. They came up
again, but the html couldn’t do anything since I still had the modem disconnected. That’s when I conducted a search for them and
discovered that they appeared to have been written to literally every Windows
file folder on my C drive. I found and
deleted over 40,000 copies of them. I
ran searches on my external drives, too, but found nothing there. It appeared to only target the C drive.
By the way, I did first try to restore my machine to the
prior day, but that didn’t do anything since this apparently didn’t attack the
system files.
After rebooting a few times, checking files, and
reconnecting to the internet I thought everything was okay. As it turns out, I hadn’t happened to check
the right files. When I had immediately
powered off my machine when I realized something was happening, and possibly
also because I disconnected my modem, I killed the process of file encryption
before it got too far.
It HAD encrypted some files on my PC, starting in the My
Documents folder. Here is where I also
got a little lucky. Over the years I
have saved thousands of photos off the internet to my computer. Some of them I thought I might use in a post,
some I found funny, some were movie memes, and some were beautiful models doing
what beautiful models do.
In this case, being a packrat helped prevent the encryption
from getting to anything irreplaceable like personal photos. It progressed alphabetically through the file
folders, then through the files within then.
It targeted .doc, .xls. and .jpg files.
I appeared to also target video files, but only ones below a certain
size. I lost no movies and only one
movie clip. It left .gif files alone,
too, for some reason.
It didn’t get to my personal photos because it was still
trying to get through my “Internet” folder before it moved on alphabetically to
the “Mine” folder. It left the encrypted
files with an “.abc” format, which my research showed was a music format, but
these weren’t music files. I didn’t even
attempt to decrypt them. I also had no
interest in paying money to get them back.
I ran searches and deleted every single “.abc” file on my PC. I’m the kind of person that would buy another
entire computer before I would pay ten cents to anyone in ransom. I wasn’t going to leave the files there,
though, just in case they contained some kind of way to restart the encryption.
In addition to non-personal photos it did encrypt all the
posts I’ve written for this site. Here’s
the thing, though – those were actually the backup files I’ve kept in case
anything ever happened to the website.
If I wanted I can rebuild them all from the website, so I really didn’t
lose anything there.
Finally, I lost all the excel movie lists that I’ve
built. But guess what – I have backups
of those. Yes the backup was a couple
months old, but it took me less than 30 minutes to bring them all back up to date
again. I also had backups of my personal
photos, even if it had gotten to them.
All in all, it was trying to be too precise with killing a
screen that probably opened my computer up to it, but it was a combination of
backups and awareness of my computer that allowed me to nip it before it did
any real harm.
So let this be a lesson for everyone: First, have backups of everything you care
about. Second, don’t try to be cute and
kill an instance of a browser screen. If
you encounter a screen that doesn’t want you to leave then kill your entire
browser. Third, keep an eye out for
unusual activity on your hard drive and/or PC after something like this. Fourth, unplug your modem periodically, both
for performance reasons and to reset your IP.
The entire episode did leave me a little leery of using the
computer extensively, though – emotional not logical reasons. I didn’t want to leave it up and connected to
the internet if I wasn’t on it. I’ve
gradually eased up on that again. My one
worry was if there was another shoe that was going to drop. I knew that ransomware had a timer where if
you didn’t pay by that time then the ransom would increase. Because I didn’t go to the webpage I didn’t
know when the time would be up. I didn’t
know if there would be a follow-up attack whenever that time ran out, maybe as
a way to “encourage” me to pay.
In theory, even if there was I would now have a different IP
address, so the only way to target me would be if something else had been
written to my computer to communicate out.
I had run a deep scan of every single file, even on external drives, and
did not find anything identified as a virus.
I also did targeted searches of files added or altered in the time
period the encryption was going on and did not find anything.
All in all, I’ve done everything I can think of to make my
computer safe from a follow-up attack, but there’s a small part of me that’s
watching and waiting. When I download a
large file my hard drive will crank for a little bit as it’s writing from the
temporary download storage to the hard drive location I want the download to go
to. I’ve checked afterwards a couple of
times just to make sure there are no .abc files or the .txt and .html files I
ran into.
So put all these things together and what does it mean for
the future of this site? The honest
answer is “I don’t know.” At a minimum I
will do the movie reviews for Steve’s Selections (second Monday of every month)
and I will do these Monthly Movie Status posts.
Because of the way I group reviews together under a common category,
though, making the decision to post reviews means committing to several of
them, not just one or two. A possibility
is to do away with the categories, but I do kind of like them and it makes this
site a little different from many of the movie review sites out there. It also seems like a waste to not make use of
the 100 – 150 categories I’ve brainstormed and never gotten to yet.
And in regards to movie watching I think I might be getting
close to starting that up again. Of
course, there are some TV season sets that will be coming out in September for
all the returning shows. There are at
least a few that I am thinking I will pick up and re-watch before the shows
return for their next seasons.
For what it’s worth, I have still been active on
Letterboxd. I created some lists on
there and I’ve commented on several reviews and lists from others. If you are also on there then look me
up. I link to my Letterboxd account on
the upper right of this site. If you haven’t
used Letterboxd yet you may want to check it out. While it’s not perfect, it’s a good site for
people who like movies.
Do what makes you happy is the best way to go, and if that means less movie watching, so be it. Look forward to what you have in store for us in the future.
ReplyDeleteI've never heard of ransomware, it sounds awful, but what a relief you had those backups. Do you have norton internet security(with firewall) and Malwarebytes Anti-Malware installed? Since I got those I've not had a problem.
I know you can restore laptops to its original factory condition, which deletes everything, which I'd suggest in your case. Obviously you'll need to save on an external device what you want to keep. Our family has had zero problems since we bought HP laptops 3-4 years ago. We had a virus every few months with PC's, so will never buy those again.
I'm a big fan of letterboxd, I agree it's a great place for movie lovers. Don't know if you are into 70s horror, there's a new poll(which I plan to do) that many are participating in: http://letterboxd.com/andrewbemis/list/best-horror-movies-of-the-70s-poll/
Yes, I have real firewalls and anti-virus software running. It's one of those kinds of attacks that requires the PC operator to say, in essence, "go ahead". I believe my attempts to kill just the tab, and then Windows' constant recovery of it, to have triggered that go ahead. It doesn't attack or write to any system files. I've encountered screens like this before and just killed my browser to get rid of them. It's was not doing that this time that I believe got me in trouble,
DeleteYes, I could have saved off everything and started over. I actually would have gone the route of formatting my hard drive and reloading the system software just to be extra careful. The reset you talk about is only for system files unless you set specific parameters for it to be able to recover everything. Most of the time those parameters are not set because of it slowing down the performance of the PC. I did try a restore of the system files, but it didn't do me any good because this didn't use them for its attack.
And copying off the files always opens up the possibility of copying off the very thing that is bad, so when you copy them back it's still there on the PC. That's why I went with identifying and removing all files written or changed by the attack.
A neighbor of mine got hit by this kind of attack and it locked his computer up entirely. I had helped him get rid of other viruses, but this locked the entire computer the moment he booted up. You couldn't even interrupt the boot. Thankfully I stopped the attack on me before it got that far. He took it to a technician who wiped the entire computer and reloaded the software. He lost everything.
On to better things - I have seen some people's Letterboxd lists for that. I'm actually not that big a fan of horror. I also probably wouldn't fit in with the norm since the 70s movie that horrified me the most was probably One Flew Over the Cuckoo's Nest - one that I doubt many people even think of as a horror film.
So sorry to hear mate. I had problem as well when using HP laptop which refresh the browser over and over wasting my bandwidth connection I had to disable meta refresh from internet tools from IE, clear my browser cache deactivate all plugins and disable SHIFT keys from easy to access shortcut keys on windows. Just so annoying when you read articles suddenly refreshing the browser.
ReplyDeleteThanks.
DeleteYes, sometime newer features intended to make life a little easier for people end up just being annoying instead.