Windows 10: Bitlocker enabled on Windows 10 Home Edition for Ransomware attack

Hey, everyone, first time poster, haven't been able to locate a thread on this but it is important.

I am running Windows 10 Home Edition and while doing a regular system cleanup I discovered lots of files beginning to show up in my Windows/Temp folder with the name BRxxx.tmp. Just above those files were three bitlocker log files. I discovered that every one of those BR files was an encrypted file, they were all different and more just kept showing up after I deleted the ones that were there before. I was curious about what bitlocker is so I went to Windows Search and found that Search was disabled. I tried several things and was able to enable it but could not find bitlocker anywhere. Then I discovered that my McAfee security program had also been disabled. I contacted their tech support and they were able to remotely uninstall/reinstall the program and it was (and has continued since) working fine.

After a deep dive into bitlocker online I discovered that it is a Microsoft encryption tool and is NOT supposed to be available on Window 10 Home. I also discovered that it can be found at BDESVC in Task Manager/Services thereby proving that it is in fact installed on Home Edition. Double clicking it will open another window which will guide you to another window where you have options to turn it on or disable it (It was set to manual on my machine). I set the thing at Disable. I have since discovered it installed on every friend's computer that is running Home Edition. I removed almost all of my files from the machine at that time.

After I disabled bitlocker (or at least THOUGHT that I had disabled it) the BR files stopped showing up so I thought it was a glitch. Then about a week later the BR files and bitlocker log files started showing back up and again Search was disabled. This time there was no way to re-enable it and bitlocker was still set to disable. My McAfee program was still running fine but I contacted them again and they confirmed that I was under a ransomeware attack, told me that there wasn't anything they could do, that there was no hope for my computer, and recommended I contact a local tech to remove as many of my files as possible while I still could.

Apparently my good computer hygiene habit allowed me to stumble across the attack in its early stages. Apparently a ransomeware attack is a slow-motion attack that takes place over time and runs in the background until it finally has your machine encrypted and send you a ransom note. Although a part of my machine is encrypted not all of it is and I have not received a ransom note.

The big questions I have is, 1) doesn't Microsoft know about this HUGE SECURITY HOLE in their program, and 2) if they do know why haven't they fixed this HUMONGOUS THREAT? How many computers have been wiped out by criminals getting in and using bitlocker to enable their ransomeware attacks? I would appreciate any info from anyone so that in the future I won't need to be always under threat of this happening again (apparently even if one CAN find a way to uninstall bitlocker Microsoft just reinstalls it on the next update)? Many thanks.

:)

 

About Ransomware attack

Here is Microsoft's Customer Guidance on the Ransomware Attack:

• In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the
  security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

• For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt.
  As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.

• This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers
  should consider blocking legacy protocols on their networks).

For the full article,
Click HERE

 

Ransomware attack

Glad to hear that you found a backup of your important files! Good!

Here are some further articles you might want to read:

• Best Defensive Strategy against ransomware (crypto malware)
• How to Protect and Harden a Computer against Ransomware
• https://www.bleepingcomputer.com/forums/t/691026/can-antivirus-software-remove-ransomware-from-my-infected-system/?p=4692721
  
• https://blog.emsisoft.com/en/26164/how-to-remove-ransomware-the-right-way-a-step-by-step-guide/
  
• First steps when dealing with ransomware
  
• How crypto ransomware spreads... is it decryptable...should I pay the ransom
• https://www.howtogeek.com/434676/should-you-pay-up-if-you-get-hit-by-ransomware/
  

Best wishes,

.

 

Ransomware attack on Windows 10 PCs.... question

Here is Microsoft's Customer Guidance on the Ransomware Attack:

• In March, we released a security update which addresses the vulnerability that these attacks are exploiting. Those who have Windows Update enabled are protected against attacks on this vulnerability. For those organizations who have not yet applied the
  security update, we suggest you immediately deploy Microsoft Security Bulletin MS17-010.

• For customers using Windows Defender, we released an update earlier today which detects this threat as Ransom:Win32/WannaCrypt.
  As an additional “defense-in-depth” measure, keep up-to-date anti-malware software installed on your machines. Customers running anti-malware software from any number of security companies can confirm with their provider, that they are protected.

• This attack type may evolve over time, so any additional defense-in-depth strategies will provide additional protections. (For example, to further protect against SMBv1 attacks, customers
  should consider blocking legacy protocols on their networks).

For the full article, Click HERE