This scam is as old as dirt. Before bitcoin, they would tell people to visit their local convenience store and purchase a MoneyPak card or similar, in order to "unlock" their computers. Depends on how good the hackers are as to whether or not the info is actually encrypted / unaccessible. If the hackers are good, you have no real choice but to pay them to unlock your data. If they don't know what they're doing, you can probably just clean the computer and get rid of the virus yourself.
Then tell your brother to quit downloading crap, visiting porn sites, and/or opening e-mail attachments from people he doesn't know.
Topic: Ransom demanded from an attacker - page 2. (Read 4035 times)
Quote
btw changing access keys won't help ignorant ones who get themselves infected anyways
at the beginning, it's the SERVER (and the guy of the website) that it fully responsable to spread the virus ... don't loose the first problem.
well, if users open a corrupted mail (exploit old navigator flaw to inject randsom ware) ... it's not a server problem.
I believe 99% of the infected users picked up mallware from torrent files, variations of activators with binded trojans, and java drive by's,
and none of these infections can be prevented on any server side. And many of those people get infected because they trust their antivirus and firewall software too much,
which can't even detect crypted files (unless it has proactive defense that picks it up due to it's behaviour.)
Quote
btw changing access keys won't help ignorant ones who get themselves infected anyways
at the beginning, it's the SERVER (and the guy of the website) that it fully responsable to spread the virus ... don't loose the first problem.
well, if users open a corrupted mail (exploit old navigator flaw to inject randsom ware) ... it's not a server problem.
This type of ransomware is all over the place recently.
control your dumbass server ... and change access key every week ! not every 2 years ... Yeah, your gif really describes users that have these types of intrusions. btw changing access keys won't help ignorant ones who get themselves infected anyways,
i would rather suggest caution when dealing with unknown applications, and jdb's.
This type of ransomware is all over the place recently.
control your dumbass server ... and change access key every week ! not every 2 years ...
This type of ransomware is all over the place recently, there was an article even in my local news portal about it. People need to understand that the power of such malicious
tools is in the money they get out of the ransom, so to put it away for good, all people need to do is wipe the drives and accept loss of their data.
If everyone did that, noone would bother to spread it any more. btc who still runs untrusted executables ?!
tools is in the money they get out of the ransom, so to put it away for good, all people need to do is wipe the drives and accept loss of their data.
If everyone did that, noone would bother to spread it any more. btc who still runs untrusted executables ?!
my post is about crappy script kiddies who try to copycat the actual cryptolock encryption scam/blackmail.
a few script kiddies have tried to scam people.. not using encryption, although their demanding 'splashscreens' pretend its encrypted..
but instead just modifying file properties and file associations..
firstly they script some code to turn .exe, .doc, .xls, into a different .xxx file types.. eg. .encrypt
the data has not changed, but in laymans terms the file name changed
they then in the file associations change the link to .encrypt files to be associated with a basic splash screen warning,
thus the data is not touched. but if u try to open files it doesnt open the exe shell or the microsoft office programs. it opens the scam artists splashscreen.
attempts to rename the file back to .exe or .doc usually are tiresome unless you have disabled the scam artists script from running in the background first.
..
and by the way. BACK UP YOUR DATA if its sensitive or valuable.. coz the clear shot way of sorting out any blackmail of data, is to have copies saved so that you can just factory restore your computer and laugh at the blackmailers
again.. back up all data.. even if your computer is not going to ever get scammed using viruses:
it can be stolen in home invasions
family may delete files to make room for their 'selfies'
disgruntled employee's/co-workers may delete files
data corruption due to many unrelated issues
physical damage to the computer due to household/work place accidents
electric issues causing data loss
even blackouts means the data is stuck on a computer that you cant turn on..
backup-backup-backup
a few script kiddies have tried to scam people.. not using encryption, although their demanding 'splashscreens' pretend its encrypted..
but instead just modifying file properties and file associations..
firstly they script some code to turn .exe, .doc, .xls, into a different .xxx file types.. eg. .encrypt
the data has not changed, but in laymans terms the file name changed
they then in the file associations change the link to .encrypt files to be associated with a basic splash screen warning,
thus the data is not touched. but if u try to open files it doesnt open the exe shell or the microsoft office programs. it opens the scam artists splashscreen.
attempts to rename the file back to .exe or .doc usually are tiresome unless you have disabled the scam artists script from running in the background first.
..
and by the way. BACK UP YOUR DATA if its sensitive or valuable.. coz the clear shot way of sorting out any blackmail of data, is to have copies saved so that you can just factory restore your computer and laugh at the blackmailers
again.. back up all data.. even if your computer is not going to ever get scammed using viruses:
it can be stolen in home invasions
family may delete files to make room for their 'selfies'
disgruntled employee's/co-workers may delete files
data corruption due to many unrelated issues
physical damage to the computer due to household/work place accidents
electric issues causing data loss
even blackouts means the data is stuck on a computer that you cant turn on..
backup-backup-backup
The official stance should be: We do not negotiate with ransom attackers using Bitcoin!
I can predict that we'll start having tons of spam email by random Nigerians asking for Bitcoin soon. "Hi im the prince of Nigeria, please deposit BTC here: (address) People is getting really getting desperate for the new gold.
This is for my brother.. who has noting to do with Bitcoins... He had to pay to get his business data.
Bitstamp just confirmed that non of their users use this email address.... which most probably is for Multibit or something like that...
Multibit is not a service, its a wallet and as such does not require an email address.
IIRC the last time[1] someone was asked to pay a bounty it turned out the data was not proberly encrypted, but I dont remember if it was found out too late or not.
[1] as in the last time there was a thread here about it I noticed.
This is for my brother.. who has noting to do with Bitcoins... He had to pay to get his business data.
Bitstamp just confirmed that non of their users use this email address.... which most probably is for Multibit or something like that...
Quote
SA primarily if the subject I apologize if wrong place. Entered virus to someone with machines of the company I worked for my friend when it comes to the issue and $ 3,000 fine demanding he do this simple method or Brute-Force running programs transaxle via SFX to have become ex with all files SFX and provide an encrypted password that I appreciate if you can help it. e-mail address of the owner [email protected] Virus
Translated.https://www.cyber-warrior.org/forum/sfx-sifrelenmis-yardim-lazim-_561285,0.cwx
Edit: So you paid the ransom?
Has any one faced dealing with an attacker using: [email protected] ?
address:14LFQxeJwDWFAy4y9CvywauJ33idwDBDd6s for the attacker that demands ransom for encrypted data. His email:mushelps@gmail
http://justpaste.it/otzi
Jump to: