Topic: Ransomware and BTC (Read 2061 times)

hell, i doubt the devs are anywhere near these guys.  It came out, was most likely sold a few times and used many times by the devs and after a few sales, it hit the darkweb and other markets.  Once the virus hit the media, I am sure the devs never touched it again.  And that is if they ever used it for profit, some of these guys are just trying for proof of concept.

people that work behind that virus must be loyal to users, otherwise their clients (which are the victims) don't pay them because of the fear to lose the money for nothing.

never ever pay to the parasites who spread ransomware!
there is 99.9% chance you will not hear from them after you have sent them money
they do not care about the integrity of your files,all they care for is to get your money
I read stories of people who paid them and didn't get the unlocker or the "code" or whatever to unlock the files,I have yet to hear a single one where you pay and you get your files decrypted

Avoid any file for that matter.

If you are downloading something cryptographically signed, don't leave it for granted. Verify it.

Check if the website you are downloading files from is the real one

If someone sends you a link, hover your cursor into it. You will see where it will really lead you. If you don't recognise it, check on a redirection site to see if the url redirects you to a malicious site.

Unfortunately no one can help you to recover it just make this a learning and also remember, dont install untrusted software and definitely dont open weird emails download bad torrents or visit strange websites. Avoid PDF or doc files that could hold back doors.

i had one pc that i played around with get it, beyond that no.  it was a crypto only pc, windows based, used only to download and run wallets.  one of those alt coin wallets had it attached, no big deal, daily the wallet.dat files synced to the cloud, so i grabbed the backups from the day before the install and only lost a handful of coins.  fast ass virus, lightning quick, none of this one little window here you can't explain, a pop up here that shouldn't be, nope one blink on the windows security notification and then bam, straight to the new shell.  i spent maybe ten minutes tinkering before a restart, just went past the cover threat window to the file directory.  explorer.exe had been changed and replaced a minute before, there was no backup of the original file that i could see. 

most of the files are not actually encrypted, it is key files that make it work.  most files are intact, but robocopy, copy, move, shell, regedit, and a dozen more are renamed and encrypted, something like regedit.mdlck. i did not have a ftp program installed, but i did wonder if that would have been a key, you can definitely get to the file system, just can't move anything.  you can tell that most files are untouched by their properties.  i thought a neat thing to do might be to install something like cuteftp.  after that, rename all the ftp exe's and confs to something else, doesn't matter, just in case odin looks for them.  make a copy of ipconfig and others and put them somewhere renamed.  so, then life goes on, you get hit with odin, pop into the file system and use the ftp command line functions, with network configs if needed and move your important files elsewhere, just a thought

so has anyone been affected by this?

Are these ransomware makes caught in the past. If so, they might contribute a lot of money to the governments due to the seizure.

As far as I know, they even give good support after paying. It's their core business to make sure everybody knows paying gets you back your files, if they don't deliver, their business model fails.
I've even read about competing cyber criminals, it's big business!

Just a friendly reminder to everybody: make sure you have backups, and make sure your backups are not just on a disk that is connected to the computer.

If the OP wants to recover his files, formatting doesn't solve the problem.
Remember that certain computers have valuable files, and that files can cost more than 1.5 BTC, probably OP is in that situation.
I heard reports that some people pays and is successful, but I believe it's a risk anyway.

@OP: IMO, This is the best solution for you if the files cannot be recovered.

There is no guarantee that the hacker will help you gain access to your data after you have paid them.

Use the money to buy some good anti virus plans for you and your wife, get a license for hitman pro and install hitman pro alert as well and finally put your wife through cyber security training so this won't happen again.

Paying these people is not the solution, it will just keep happening to people around the world when people fall for their demands.

correct me if i am wrong but can't you just format the hard drive instead? it is not physically damaged. the files re just encrypted which you can format and start fresh with an empty HDD.

and to OP, i have seen some progress in breaking the encryption of some types of ransomeware on reddit. maybe you should check it out.

As I mentioned above this is something I do.  Once this gets behind you learn to make solid sector images of your computer disk.  Its easy and with modern USB speeds you can restore at least a 100 Gig per hour going sector by sector.  Next time (hopefully none) you would simply wipe the disk and then write back a perfectly clean image from backup.  Total restore is almost always under half a day and usually about 2 hours.  FREE too if you had those items at the ready!!

as a cheaper solution, you don't even have to replace the computer, just the hard drive, those can be pretty cheap.  you may even have another older computer sitting around that has a hard drive you can use.  but, with a new hard drive in place, do not get skippy and try adding the infected drive after the fact and get your files, within seconds of adding that hard drive you will likely be right back here at square one

I'll chime in with others.

1, don't even bother paying this "ransom" you are just tossing out good $
2, use that $ and buy yourself another computer and try to safeguard it better, not downloading things and sites you visit, anti-virus, different passwords, all sorts of things I don't have the time to list
3, learn to remove the virus yourself/with help from online, malewarebyets is a pretty good site that helps people, I haven't been there in years, but know it exists
4, your computer is already compromised and any files will just compromise a new system.........don't even bother accept the loss, documents and photos should of been printed anyways and not just stored on a pc 

Lastly, sorry this happened to you.  Most people are just assholes and we have to learn how to swim among them.

yeah, this goes right around normal practices of safety.  used to be that you simply set a restore point in the case of concern and backed to it when there was an issue.  this is a complete shell replace, root kit, you ain't getting in there issue that cannot be "restored" or "rolled back"

Yeah I tried to be loving in the article, giving a good 15+ tips on what kind of mindset you need and what to look out for while using the internet. Education on the matter may help save a few people!

without being insensitive, it is a hell of a concept and nearly impossible to get around.  when properly used it is a menace, apparently the biggest issue at the moment is that the people finding it around the internet are not really coders and do not have the experience to use it right in the first place, meaning that even the people that are breaking down and paying are not getting their PC's back

I'm literally in the process of writing an article explaining ransomware, what it is and how to avoid it - it is running rampant at the moment.