Dino Cattaneo posted bad news on Facebook

***Navy Chief*** · May 3rd, 2016, 15:11

I hope Dino doesn't mind me sharing this info. He just posted on Facebook that his computer has been infected by a virus. Not good news. I believe I speak for all SOH members, and all flight simulation enthusiasts who have enjoyed his wonderful creations, that we are all SO sorry to hear of this horrible, viscious act, and hope he is somehow able to recover all of his hard work! NC

"Unfortunately, I have to report that my computer has been infected with a version of the infamous "Cerber" ransomware. This malware has infected ALL the source files of my projects, including backups. ALL. As of today, I have no more access to any of my source files, including the F-35 update and the Eurofighter Typhoon. I am extremely sad and upset - as this may well mean the end of IndiaFoxtEcho and my activity as flight simulation designer. Until a remedy is found access to the source file is considered lost, and all my projects are suspended indefinitely. I'll try to recover what I can, but it is not much. Again, there are things in life which are way more important than videogames, but still I cannot say I am happy."

**flaviossa** · May 3rd, 2016, 15:41

As i´m completely sorry for him too, i can´t understand why people don´t do a backup of their important files in secure places. You can have free cloud space, burn dvd medias or have a "offline" backup like a external HD witch is really cheap by today standards. Anyway, much more cheaper than lose all the work like that. The same situation for the guys that rely only on webshops for their addons installers.

As i´m a fan of his work, i wish that he can deal with this with little loss as possible. Best of luck for him!!

***WarHorse47*** · May 3rd, 2016, 15:45

Bummer. Wonder how it happened?

**bazzar** · May 3rd, 2016, 16:34

Originally Posted by WarHorse47

Bummer. Wonder how it happened?

Happens all the time. It's why if you have anything of commercial or personal value stored you should always have a backup off site, on-line and on another computer. Another way around is to keep your workstation OFF the 'net. We have learned this the hard way.It's a lesson you don't forget.

**Bjoern** · May 3rd, 2016, 16:43

http://www.bleepingcomputer.com/news...speaks-to-you/

https://blogs.technet.microsoft.com/...er-ransomware/

"Our strongest suggestion to prevent attacks from Cerber and other ransomware remains the same: use Windows Defender as your antimalware client, and ensure that MAPS has been enabled. Both ransomware and macro-based malware are on the rise, users can disable the loading of macros in Office programs, and administrators can disable macro loading using Group Policy settings."

As usual, my personal recommendation is Antivir because it has a much more efficient, yet better real-time protection than Defender.

***Sundog*** · May 3rd, 2016, 17:13

Originally Posted by Bjoern

http://www.bleepingcomputer.com/news...speaks-to-you/

https://blogs.technet.microsoft.com/...er-ransomware/

As usual, my personal recommendation is Antivir because it has a much more efficient, yet better real-time protection than Defender.

Which Antivir do you use? The free version or the pro version?

Also, that sucks that that happened to Dino. It's a shame the hackers responsible for this crap don't have worse happen to them.

**Bjoern** · May 3rd, 2016, 17:15

Originally Posted by Sundog

Which Antivir do you use? The free version or the pro version?

Been using the free version for a decade now. Never got an unprovoked virus infection.

**dvj** · May 3rd, 2016, 17:16

Very sorry to read. Dino's models are some of the best. Unfortunately, this is a hard lesson learned. Even if he pays the ransom, the baddies may not release his files. Some anti-virus software won't catch everything, so back up as best you can. HDD's are cheap in large capacity. Even a random HDD crash can cause a lot of pain. Look for a good ghosting software for the recovery.

***Sundog*** · May 3rd, 2016, 17:20

BTW, if Dino decides to continue on, I'm more than happy to donate to a fund to help him rebuild his system/acquire files and software he needs to continue. I would consider it a repayment for everything he has done for the community.

**StormILM** · May 3rd, 2016, 18:13

I saw the FB post earlier, very sad news. I hope he's somehow able to recover his files. I've been hit with ransomeware twice and was able to get the garbage out of my system but it did cost me files. Yes, the only way to be absolutely safe is to backup everything on external drives. All of my most valuable files are on 4tb worth of external drives that are only connected to my system during backups (which the net is disconnected during the process). From there I send some items to Cloud BU.

Insofar as good AV protection, I have been with Kaspersky since 2013 and have not had a single infection. I've participated in direct virus/malware & hack attack tests to validate the state of our business security suite and so far, it's been 100% on keeping our system clear.

***Jafo*** · May 3rd, 2016, 20:20

http://forums.wincustomize.com/477092/page/1/#3633541

Wincustomize.com ...the site I administer has had this thread posted - all about 'ransomware' and how to fight it ....even recover from it if hit.

Worth a look.

Dino ... first step is to research. Not all may be lost forever...

**roger-wilco-66** · May 3rd, 2016, 21:11

Don't ever rely on anti virus software. No matter which software you use, there is a very good chance that it won't find any threat that is new, especially ransomware. The classic concept of anti virus scanners - again, no matter which - is outdated and awfully weak. The only benefit is that you can detect older signatures, but these scanners can't even prevent pre-infections in today' multi staged attack scenarios.
I'm not suggesting not to use them, it is better than nothing, but you must be aware that they are pretty useless against any new threat.

Maybe I should add that I'm in the information security business.

Dino, if you read this, you can contact me, I have some strategies how to handle cases like this.

Cheers,
Mark

**roger-wilco-66** · May 3rd, 2016, 21:15

Originally Posted by Bjoern

Been using the free version for a decade now. Never got an unprovoked virus infection.

I don't think that anyone ever had a "unprovoked" virus infection :-)

**nigel richards** · May 3rd, 2016, 21:30

Originally Posted by bazzar

Happens all the time. It's why if you have anything of commercial or personal value stored you should always have a backup off site, on-line and on another computer. Another way around is to keep your workstation OFF the 'net. We have learned this the hard way.It's a lesson you don't forget.

Yup! That's my approach, too.

I never, ever go online with my work computer.

EVER!

**napamule** · May 3rd, 2016, 22:18

I hear '..be afraid...very afraid..'. Fear and stress grips you. But it SHOULDN'T...if you (and everyone else) backed up your HDrives. If 99% of net surfers backed up their files it would put them ALL out of business. Is that too simple? Be pro-active and back up your property. Cheap insurance. Bad habits will rob you of peace of mind, serenity, and eventually, happiness. So, you can surf the web...AND be happy...if you use common sense. Backup!
Chuck B
Napamule

**Dino Cattaneo** · May 3rd, 2016, 23:28

Hi there - unfortunately it is all true. As of today all files should be considered "lost".
As for making a backup - yes, it is all correct and true you should use the 3-2-1 rule. But I did not - I just had two copies of the important files in two different hard disks - but the malware was quick, and before I knew it all the four HDs were under its control.
Hopefully decyrption keys will pop up over time.
Right now, all the 3D model source files are lost, including the Eurofighter Typhoon.

So, for the time being, all my projects are canceled, with the possible exception of the F-35 update.

Thank you for you support.

**Dino Cattaneo** · May 3rd, 2016, 23:29

(and NO WAY I am paying the ransom - which also does not guarantee anything!)

**Dutcheeseblend** · May 3rd, 2016, 23:57

Originally Posted by Dino Cattaneo

Hi there - unfortunately it is all true. As of today all files should be considered "lost".
As for making a backup - yes, it is all correct and true you should use the 3-2-1 rule. But I did not - I just had two copies of the important files in two different hard disks - but the malware was quick, and before I knew it all the four HDs were under its control.
Hopefully decyrption keys will pop up over time.
Right now, all the 3D model source files are lost, including the Eurofighter Typhoon.

So, for the time being, all my projects are canceled, with the possible exception of the F-35 update.

Thank you for you support.

Sit back for a while, disconnect your workstation from the net and try to recover things when keys are available. In the meanwhile, focus on other things, RL for example.

Unbelievable that these people exist. Brutality!

**Dino Cattaneo** · May 4th, 2016, 00:11

For those who may be interested:

http://www.bleepingcomputer.com/news...speaks-to-you/

**wizzards** · May 4th, 2016, 00:36

sorry about your problems,my friend had a ransom wear virus
and was in a state,what saved him was a old ps2 keyboard and mouse,we simply unplugged all usb connections and plugged in the ps2 keyboard/mouse, this seems to have enabled us to bypass the usb circuits and then start in safe mode,we then restored the computer back 3/4 days,and all seemed well ,with nothing lost,he was building a TR7 and was keeping photos and progress records,but you do need a ps2 socket on your motherboard which seemed to removed from a lot of boards,don,t know if this will help but it saved his bacon
peter

**Dino Cattaneo** · May 4th, 2016, 00:39

Actually the virus is not that hard to remove - entering in safe mode with Win 8.1 is not a problem. Problem is that the malware had time to actually encrypt all my files.

**menef** · May 4th, 2016, 01:27

Originally Posted by Dino Cattaneo

Actually the virus is not that hard to remove - entering in safe mode with Win 8.1 is not a problem. Problem is that the malware had time to actually encrypt all my files.

Dino don't give up !!! The best answer to those virus-makers &
hackers is to continue better and STONGER than before

**ce_zeta** · May 4th, 2016, 01:31

Oh pal, sorry about that.

One question. This ransomware can be avoided if we use Windonw in a non-administrator account?

**klnowak** · May 4th, 2016, 01:46

Hi,

do you know this one ? Perhaps it can help ? But you shurly know this....

https://support.kaspersky.com/de/viruses/disinfection/8547#block3

Greetings
Klaus

***ftl818*** · May 4th, 2016, 01:52

Originally Posted by Sundog

BTW, if Dino decides to continue on, I'm more than happy to donate to a fund to help him rebuild his system/acquire files and software he needs to continue. I would consider it a repayment for everything he has done for the community.

Good idea, count me in!

Maybe SOH can set this up?

Paul
Netherlands