Topic: My computer have just been hacked for BITCOIN ransom! (Read 3149 times)

Finally found a method to decrypt my files and problem solved. No BTC was paid. Case closed

Good to hear that, unfortunately, many people are losing important data because of ransomware, companies are also loosing money because of this.
A good recommendation is to always have in the cloud or offline backups of important files. Common sense is one of the best anti-virus there is.

First of all, thanks to all of your reply.

Fortunately, we have lost only unimportant files thanks to backups, and those unimportant files can be re-made.

We have used Windows 7 on our computer, and have all Internet Explorer, Google Chrome and Firefox installed. I use Google Chrome as my main browser but my brother was using Internet Explorer...

I don't know what the ransomware was, my brother said that he have been doing a project, searching for sites and that's probably one of those sites having malicious codes (or hacked). They're all not porn-related.

They have only locked some common file format, like DOCX, PDF, JPG. They don't lock EXE programs, because doing this may locked any bitcoins we have (but we don't have Bitcoin Core). On my computer there's only few altcoins installed, naming Ambercoin, CAPTcoin and Yovicoin.

Yes they want BTC just because of the anonymity feature provided by it. They have stated the they wanted 500 USD, but in bitcoins (according to the price of $420/BTC). The price information of them is outdated because 1 bitcoin worth ~$460 now!

I can't name the ransomware, they say that they've encrypted the files via Internet. I can't upload a file here, as I'm not using my computer now. Also we're going to format all hard disks (thanks to backups) and not keeping all the lost unimportant files.

http://www.bleepingcomputer.com/ is one of several good sites to browse to stay up to date on malware threats and defense.

At http://www.bleepingcomputer.com/download/search/?keyword=malwarebytes they have downloads for two Malwarebytes products that you can layer with your existing security programs. They have a beta of Malwarebytes Anti-Ransomware (free) and also free Malwarebytes Anti-Exploit that are designed to work together. You are probably already familiar with Malwarebytes Anti-Malware.

I also like HitmanPro very much. It is a paid program but they give you a thirty day free trial. It was a big help when I had to help a friend scrub an infected computer.

Malware Tips also has a good guide to using advanced programs in safe mode.

This hasn't happened to myself but a friend of mine and yeah, it does really suck as much as it sounds like.

It will benefit the community if you can name that software and post the link here so we will know.Mnay people are using this kind of software they maybe that software now,anyway if there is a back up then there are no more reason to pay a ransom,you can also report this to the authority,they might trace who this guys are ..

I heard of this years ago actually but at the time it was targeting the police and business owners. Needless to say they used to pay up to get their files back/unecrypted.

Now they're moving on to average joe, that was always going to happen I guess.

That is not a bad image for BTC it is more a bad image for the guys who are downloading crap on their machines, usually porn lol

It also used to be done with other payment methods like UKASH.

You're "important files now belong to them so hope they're not that important because they will find something to do with it that you can be sure of.

 

  yep

haha ha newb fucker watched too many pron sites with barebacking  browsing...

other form of payment  LIKE? Do not name other e-currency....

Why is bitcoin to blame, you just said it was your brothers fault, if they hadnt used bitcoin as payment it would have been some other form of payment..... think before you spout stupid things....

I think ransomware is when your system's hard drive gets encrypted by a malicious program or script and next time upon boot you can't get access to any of your files. Then a window pops up that tells you that the whole computer is locked down and you need to send a predetermined amount of Bitcoins to the hackers' wallet address. Then they will release a decryption key so that you will be able to get back your stuff which is being held for ransom on your own machine thus the name ransomware. Honestly I don't know if any of your stuff is uploaded to the hackers before the encryption commences but it won't be a surprise if it is when they can simply double dip by doing this.

That's an excellent idea. In stead of paying hackers we should all work together and put these guys to an halt. Hackers are just a small group, we as an community can an should fight back.
Your idea is brilliant. I am sure some skilled people are willing to user their skill for doing some good...

In stead of extorting others.

This was blamed on another person so he probably does not know.

You can never be fully protected it is true, even with antivirus there are still penetrative viruses that can get into your system.
There are some reputable antivirus products but there are still security flaws, you can also not have more than one running at a time on a computer as there are confusions between the source code of different antivirus software as hey use exploritary measures which effects the usefullness of both antivirus software if installed at the same time.

I upgraded my windows 2 months ago and after using it 10 day I reinstalled lap top completely and return it to fabric settings. And I stayed there cause to much bed things with windows 10 happened to me.

I like you other advices, I also use firefox, have nice security, anti virus and anti malware . I don't have so much coins, but bigger part is in Trezor.. and I have several online wallets that I use for gambling and everyday transactions.

If something like this happened to me, I wouldn't pay ransom and that is my advice for OP. You have your files that is important, now start again but with better security. There is nothing else what you can do except to be more careful in the future and not let same thing happen again.
Of course paying ransom will give more power to this little criminals. They will try to do It again, so don't give them that feeling. Cut them in root`s.

I work in IT and we manage about 7000 computers. We have anywhere between 3 and 10 cases of ransomware a weak. To dispell some misinformation in this thread:
- Running just any antivrus will not protect you sufficiently. I have no experience with Kapersky but at least they actually produce some good stuff remedying ransomware / cryptolockers, so their product may help (not sure though)
- There are many attack vectors. They range from files as attachments or files being linked in emails (fake bills, fake invitations to social networks, fake pictures, etc), often java-scripts packed in zip-files, but sometimes links to executables. Also, they can enter via browsing even regular websites with any web browser (seen it happen with my own eyes), because sometimes advertisements are infected with attack vectors. Could be flash, could be java. My organisation is pretty well up to date with these things....

Then some tips:
- Use an adblocker
- Don't click on stuff that you are not certain about what it is
- Use an external drive for backup, but DON"T leave it connected 100% of the time!
- Avoid shady sites

So how did the ransomware get into the machine? Someone might learn something if you enlighten us.

A shared computer is only as secure as the least careful user.   That user might download a downloader exe or use flash because they require it on some random site as Administrator on Internet Explorer. 

sdp

Ransomware hackers don't care if their victim is a bitcoin user or not. They want to get their demands in the easiest and most untraceable way possible, so bitcoin. If they posted a PayPal acct number, wouldn't that be dumb for them to do so in the first place?

1. Improbable, but still possible. But why would they (someone he knows) would even do that in the first place?

2. Malware is the culprit here, of course. Maybe the user of the machine forgot to turn off javascript and carelessly accessed the deep web. Most of these ransomware exist in the deep. Also, flash-based malware (malware that can be injected if a user clicked a flash image/object) are around the web, too, so disabling flash could help you minimize the risks of being infected by a malware.

Since OP backed up all important files in his pc and recovered it, this should be a lesson to all. Always do a backup of your important files (especially your bitcoin wallet keys) on a piece of paper or in a hardware wallet.

so in the end, you have not any problem, just reinstall and problem solved.

but i got what you are trying to say, dont worry, problem dont come from bitcoin, problem come from people who demand it, you and your family members should distinguish it.

Most people use Windows; OSX and Linux are the minority, it would be helpful to list ways to secure Windows best as possible. I will start the discussion if you are using Windows. If you are using Windows 7 the best advice I can give you is not to update to Windows 10. Stick with Windows 7 for improved privacy.

1) Use Firefox, not Windows Explorer or Chrome. Go to Tools > Addons > Plugins and disable Shockwave Flash to prevent malware delivered by Flash banners. At the minimum use uBlock Origin extension to block all other ad banners.

2) Use a top rated security suite like Kaspersky Total Protection. Even with Kaspersky use good hygiene. Never click on links or banners in emails or heaven forbid open an attachment. Even friends can pass on a virus or trojan by forwarding a bad email. Most malware is delivered by email, not websites.

3) If you have more than a few bitcoin use a hardware wallet like Trezor.

4) Make a system restore disc and store safely in case you have to reformat your hard disk and restore from a backup. Get a 2-5 TH backup drive so you have plenty of space for multiple backups and backup weekly.