SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    How to deal with ransomware
Page 1 2 3 
Go
New
Find
Notify
Tools
Reply
  
How to deal with ransomware Login/Join 
I'd rather have luck
than skill any day
Picture of mjlennon
posted
I come home from the office tonight, my PC has rebooted to login screen. I figured it had installed an update. Logged on normally.

However, poking around I see all these tagged with file extension [payday@cryptmaster.info] It appears as though all files on this PC, including backup volumes have been encrypted also.

I sent email to the cocksuckers for instructions. Does anybody know clean, safe means for decrypting the files?

Damn, I feel violated. They've destroyed years worth of family pics, writings, scores, etc.
 
Posts: 1858 | Location: Fayetteville, Georgia | Registered: December 08, 2005Reply With QuoteReport This Post
Shaman
Picture of ScreamingCockatoo
posted Hide Post
We just hired a consulting company out of California to help us at my place of work.
It was about $45,000 in the criminal currency BitCoin.





He who fights with monsters might take care lest he thereby become a monster.
 
Posts: 39939 | Location: Atop the cockatoo tree | Registered: July 27, 2002Reply With QuoteReport This Post
always with a hat or sunscreen
Picture of bald1
posted Hide Post
I know those with knowledge will chime in.

But for me, when ever I hear about these low life cretins' activities, all I can thing of is judiciously used det-cord and plastique as payback!



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16610 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
I'd rather have luck
than skill any day
Picture of mjlennon
posted Hide Post
Yeah, nothing would give me more pleasure. But, who and where is the target?
 
Posts: 1858 | Location: Fayetteville, Georgia | Registered: December 08, 2005Reply With QuoteReport This Post
always with a hat or sunscreen
Picture of bald1
posted Hide Post
quote:
Originally posted by mjlennon:
Yeah, nothing would give me more pleasure. But, who and where is the target?


Definitely a problem but I've often wondered if some of the better reformed hackers who know their way around the Dark Web couldn't unmask these asshats' email addys.



Certifiable member of the gun toting, septuagenarian, bucket list workin', crazed retiree, bald is beautiful club!
USN (RET), COTEP #192
 
Posts: 16610 | Location: Black Hills of South Dakota | Registered: June 20, 2010Reply With QuoteReport This Post
Member
Picture of creslin
posted Hide Post
Personally if I came home and found my computer in that state.. I'd simply wipe and reload the OS.
Any files that I'm concerned about keeping I have staged on multiple machines and/or in the cloud.

It would merely be an annoyance of a couple hours while i re-install.





This is where my signature goes.
 
Posts: 1579 | Location: Kernersville, NC | Registered: June 04, 2015Reply With QuoteReport This Post
Semper Fi - 1775
Picture of Ronin1069
posted Hide Post
quote:
Originally posted by creslin:
Personally if I came home and found my computer in that state.. I'd simply wipe and reload the OS.
Any files that I'm concerned about keeping I have staged on multiple machines and/or in the cloud.

It would merely be an annoyance of a couple hours while i re-install.


This. 100% this.


___________________________
All it takes...is all you got.
____________________________
For those who have fought for it, Freedom has a flavor the protected will never know

ΜΟΛΩΝ ΛΑΒΕ
 
Posts: 12445 | Location: Belly of the Beast | Registered: January 02, 2009Reply With QuoteReport This Post
Member
posted Hide Post
Without the key used to encrypt the files you job will be close to impossible. There are a few companies out there that have free decryption tools for existing ransomware. Unfortunately there is new flavor of the shit coming out on an almost daily basis.

Trend Micro
Kapersky
Avast

A more complete list

I did a google search on the file extension that you mentioned in your post (payday@cryptmaster.info) and it didn't pull up muchFrown

FYI, paying the ransom is no guarantee that you will get your files back.
 
Posts: 7781 | Registered: October 31, 2008Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
quote:
How to deal with ransomware

Prevention and isolated backups are the only answers.
As an IT guy nothing scares the shit out me more than this.
No coming back from it and almost no chance even if you pay.
Hence, the only answer is to "air-gap" your backups.
Anti-Virus is usually too late but can help in some cases but don't rely on ANY AV program for security.
Online is helpful but isolated copies is the only true savior.
Unfortunately, many of my clients do not share the same fear.
I have had a couple clients get hit and one got hit twice even after I made unused recommendations.
Luckily, he had an online backup that was fairly current.
Oh, and up to these ransomware viruses I have never had one single computer that I could not fully clean of a virus/malware.
This is a new ball game.
It is some bad shit. Frown
 
Posts: 23408 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
Member
posted Hide Post
longshot, but one friend got this shit & all I had to do was change the file extension back to .jpeg/.mp3/etc to fix the file(s). It wasn't really encrypted, just the extension was changed. 90% of people wouldn't know the difference.

this was quite a while ago, before this shit was popular - but it's at least worth a shot.
 
Posts: 3350 | Location: IN | Registered: January 12, 2007Reply With QuoteReport This Post
Semper Fi - 1775
Picture of Ronin1069
posted Hide Post
quote:
Originally posted by Bytes:
Without the key used to encrypt the files you job will be close to impossible. There are a few companies out there that have free decryption tools for existing ransomware. Unfortunately there is new flavor of the shit coming out on an almost daily basis.

Trend Micro
Kapersky
Avast

A more complete list

I did a google search on the file extension that you mentioned in your post (payday@cryptmaster.info) and it didn't pull up muchFrown

FYI, paying the ransom is no guarantee that you will get your files back.


A friend recommended adding this to the list.

https://www.nomoreransom.org/en/index.html


___________________________
All it takes...is all you got.
____________________________
For those who have fought for it, Freedom has a flavor the protected will never know

ΜΟΛΩΝ ΛΑΒΕ
 
Posts: 12445 | Location: Belly of the Beast | Registered: January 02, 2009Reply With QuoteReport This Post
Republican in training
Picture of DonDraper
posted Hide Post
quote:
Originally posted by mjlennon:
I come home from the office tonight, my PC has rebooted to login screen. I figured it had installed an update. Logged on normally.

However, poking around I see all these tagged with file extension [payday@cryptmaster.info] It appears as though all files on this PC, including backup volumes have been encrypted also.

I sent email to the cocksuckers for instructions. Does anybody know clean, safe means for decrypting the files?

Damn, I feel violated. They've destroyed years worth of family pics, writings, scores, etc.

If you don't have a backup of your files, you are f'ed without paying up.

You can search to see if by chance, the particular variant has been decrypted but chances are beyond slim. We get hit at work from time to time, but it's no big deal as everything on the file shares is backed up.


--------------------
I like Sigs and HK's, and maybe Glocks
 
Posts: 2289 | Location: SC | Registered: March 16, 2011Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by mjlennon:
It appears as though all files on this PC, including backup volumes have been encrypted also.

Your only backups were on-line, accessible from your PC at all times?

As you just found out: Not a good plan.

quote:
Originally posted by mjlennon:
I sent email to the cocksuckers for instructions. Does anybody know clean, safe means for decrypting the files?

Usually there is none that doesn't involve lots and lots off money. Sorry.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26031 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
member
Picture of henryaz
posted Hide Post
 
Hack/Ransom mine no problem. I have my data (and a bootable volume) offsite. I might lose a few days of my meager data, but otherwise no problem If your data is daily/hourly/minutely sensitive, then you need a more aggressive plan. But the same principles apply. Keep your data backed up, off-site at regular intervals, and you can tell these ransom hackers to F-off.
 
 
 
Posts: 10887 | Location: South Congress AZ | Registered: May 27, 2006Reply With QuoteReport This Post
Told cops where to go for over 29 years…
Picture of 911Boss
posted Hide Post
Ummm, yeah a “back up” physically in the computer, even on a different physical HD isn’t really a “back up” at all.

I back my Mac up, alternating between two different external drives. Never had a crash, but certainly makes upgrading and fresh install very easy thanks to Apple Time Machine.






What part of "...Shall not be infringed" don't you understand???


 
Posts: 11420 | Location: Western WA state for just a few more years... | Registered: February 17, 2006Reply With QuoteReport This Post
Member
posted Hide Post
quote:
https://www.nomoreransom.org/en/index.html


Ransomware is the new norm. Get use to it. Nothing beside a good backup strategy will save you. Paying the bastard is no guarantee of getting your files back but only encourage more of that illicit activities. Also all these site promising to unlock your files are full of shit. 256 encryption is next to impossible to decipher.
 
Posts: 1095 | Location: Fort Worth, Texas | Registered: August 11, 2010Reply With QuoteReport This Post
This Space for Rent
Picture of ugeesta
posted Hide Post
^^^^^. So what is a good backup strategy? We have an external storage device hooked up to our computers for backup. At one time that was enough.




We will never know world peace, until three people can simultaneously look each other straight in the eye

Liberals are like pussycats and Twitter is Trump's laser pointer to keep them busy while he takes care of business - Rey HRH.
 
Posts: 5820 | Location: Colorado | Registered: April 20, 2009Reply With QuoteReport This Post
I'd rather have luck
than skill any day
Picture of mjlennon
posted Hide Post
I rec'd the ransom via email. These are their demands:

decrypter <payday@cryptmaster.info>
To medic three Today at 12:15 AM
We can decrypt your data, here is price:
- 1 Bitcoins in 30 hours without any stupid questions and test decryption.
- 3 Bitcoins if you need more than 30 hours to pay us, but less than 72 hours.
- 5 Bitcoins if you need more than 72 hours to pay us. Pay us and send payment's screenshot in attachment.
In this way after you pay we will send you decryptor tool with instructions.
TIME = MONEY.
If you don't believe in our service and you want to see a proof, you can ask about test decryption.
About test decryption:You have to send us 3 crypted file.
Use dropfile . to and Win-Rar to send file for test decryptions.
File have to be less than 10 MB.
We will decrypt and send you your decrypted files back.
Answer us with your decision.
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software, it may cause permanent data loss.
Decryption of your files with the help of third parties may cause increased price
(they add their fee to our) or you can become a victim of a scam.
Time limit starts from this email.
Here is our bitcoin wallet:
REDACTED
Places to buy Bitcoins and beginners guide here:
http://www.coindesk.com/inform...w-can-i-buy-bitcoins
can recommend easy bitcoin exchange service - localbitcoins.com (HOW TO BUY BITCOINS: https://localbitcoins.com/guides/how-to-buy-bitcoins)
or you can google any service you want.
Please write your answer right away!
 
Posts: 1858 | Location: Fayetteville, Georgia | Registered: December 08, 2005Reply With QuoteReport This Post
I'd rather have luck
than skill any day
Picture of mjlennon
posted Hide Post
The exchange rate this morning:

1 bitcoin = $4246.01
 
Posts: 1858 | Location: Fayetteville, Georgia | Registered: December 08, 2005Reply With QuoteReport This Post
Member
posted Hide Post
Fuck that. I back up HD because my wife would kill me if we lost our pictures. I can see buying a second HD for more backup. They aren't very expensive. Certainly nothing is worth 5000 dollars on my computer.
 
Posts: 7540 | Location: Florida | Registered: June 18, 2005Reply With QuoteReport This Post
  Powered by Social Strata Page 1 2 3  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    How to deal with ransomware

© SIGforum 2024