Little buggers!

Lost User

Let the kids play games on my Works Laptop today, to give me a little peace. Got my laptop back to find all my files are encrypted and the following message pops up every time I boot it up.

__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!

NOT YOUR LANGUAGE? USE https://translate.google.com

What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found here: http://en.wikipedia.org/wiki/RSA\_(cryptosystem)

How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BTC NOW, and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:

1. http://aynfksddnnfwkd.jockmias.com/2287ACCCFD7C78C6
2. http://krfdnhfnsai3d.abeleros.com/2287ACCCFD7C78C6
3. http://aynfksddnnfwkd.jockmias.com/2287ACCCFD7C78C6
4. https://4nauizsaaopuj3qj.onion.to/2287ACCCFD7C78C6
5. https://4nauizsaaopuj3qj.tor2web.org/2287ACCCFD7C78C6
6. https://4nauizsaaopuj3qj.onion.cab/2287ACCCFD7C78C6

If for some reasons the addresses are not available, follow these steps:

1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the address bar: 4nauizsaaopuj3qj.onion/2287ACCCFD7C78C6
4. Follow the instructions on the site.

!!! IMPORTANT INFORMATION:
!!! Your personal pages:
http://aynfksddnnfwkd.jockmias.com/2287ACCCFD7C78C6
http://krfdnhfnsai3d.abeleros.com/2287ACCCFD7C78C6
http://aynfksddnnfwkd.jockmias.com/2287ACCCFD7C78C6
https://4nauizsaaopuj3qj.onion.to/2287ACCCFD7C78C6
!!! Your personal page in TOR Browser: 4nauizsaaopuj3qj.onion/2287ACCCFD7C78C6
!!! Your personal identification ID: 2287ACCCFD7C78C6
00000000000000000000000000000

As we have strict rules not al

Lost User

I do hope you are not in a position where have no option, but to pay these scumbags! :sigh:

How do we preserve the wisdom men will need, when their violent passions are spent? - The Lost Horizon

Mycroft Holmes

If it is a work computer all relevant stuff should be backed up so only the weekend work will be at risk. Hopefully. I wonder where the grommets downloaded the malware from!

Never underestimate the power of human stupidity RAH

Lost User

Looks like the only way to get the files back is to pay (not that paying would guarantee this, they're criminals afterall). Luckily I don't have files that are not recoverable from other places, it's just a major PITA. So no they won't be getting any money.

raddevus

I'm very sorry that happened to you. I do appreciate it that you posted the text content that you saw. I've always wondered about that. Also, it is a bit scary to see how sophisticated the data-hostage system is. Hope you can work this out somehow without paying the terrible people behind it.

Lost User

They tell me Kizi. Which to me looks like a normal games site, I'm just wondering if it has the pop-ups like 'are you sure want to leave this game' which then downloads something when you click yes. Although my knowledge of malware is limited.

Steve Wellens

PompeyThree wrote:

I'll get my revenge tomorrow when they're at school by logging into their Minecraft and destroying all their villages.

Yes, revenge is very good.

Jorgen Andersson

Damn parasites! :mad:

Wrong is evil and must be defeated. - Jeff Ello

R Giskard Reventlov

If all the important stuff is backed up at work, maybe you'd be better 'accidently' dropping the laptop into a large and very muddy puddle... like the channel. :-)

Steve Wellens

If UK laws are like US laws, a felony has been committed. You should report it to the UK equivalent of the FBI.

Chris Maunder

You had it all backed-up, though, right? And the backups weren't on a connected drive? (Yeah - we've been through that too!)

cheers Chris Maunder

OriginalGriff

PompeyThree wrote:

So no they won't be getting any money

Good! We had one victim here last year in QA - he had paid them, but the decryption key they sold him didn't work... Even if it did, would you trust them not to leave enough on your system to repeat the process next month? After all, they know you will pay, so you are a repeat customer after all! :laugh: Scumbags. Shooting is too good for 'em.

Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...

GuyThiebaut

I would just give the straight story. After all it was your kids and not some friend in a competing company who you leant your laptop to for a weekend. Spinning a story probably won't feel comfortable and 'white lies' have a tendency of developing a life of their own which then needs to be kept alive. Saying what happened won't be comfortable either but I think most people would understand that letting kids play on a computer is fairly normal and you will get to keep your sense of integrity. Good luck :thumbsup:

“That which can be asserted without evidence, can be dismissed without evidence.”

― Christopher Hitchens

HobbyProggy

F*ck, those dumb ransom Viruses are bad, really bad, i once tried decrypting a 2048 RSA, took ages and got aborted before i nearly reached the key. The police in germany says better pay as long as it's cheap, maybe you'll get the data back otherwise they also can't do anything about it. BTW: Hope you didn't plug it in at work, otherwise this B**tard might spread across the company, we had such an issue here, had to disconect 10 machines and reinstall them by hand after cleaning everything off. Thank god it didn't hit a server.

Rules for the FOSW ![^]

if(this.signature != "")
{
MessageBox.Show("This is my signature: " + Environment.NewLine + signature);
}
else
{
MessageBox.Show("404-Signature not found");
}

Pete OHanlon

What no one has addressed is how poor the SecOps team have been in leaving your laptop open to vulnerabilities like this. A half decent SecOps team will ensure that devices are secured to a point where attack vectors like this cannot happen. Let this be a salutary lesson for them that they need to protect devices - it's too easy for someone to get something nefarious into a system if they leave gaping holes like this.

This space for rent

Jorgen Andersson

Yet another reason to keep using Tape backups.

Wrong is evil and must be defeated. - Jeff Ello

Rob Philpott

Do you know what they did that led to this outcome?

Regards, Rob Philpott.

Johnny J

Why? You wanna try it out? :confused:

Anything that is unrelated to elephants is irrelephant
Anonymous
-----
The problem with quotes on the internet is that you can never tell if they're genuine
Winston Churchill, 1944
-----
I'd just like a chance to prove that money can't make me happy.
Me, all the time

Rob Philpott

Not really, although I have backups of backups. And all my data is garbage anyway. No, I just want to know how you get a laptop to do this. Don't open dodgy attachments, don't run anything which looks like an executable from the net. Make sure things are signed. I would think that would be enough. I'm curious about rumours that all you have to do is a hit a 'bad' webpage with your browser in order to get infected. How does that work? Presumably the days of buffer overrun etc. are over, and the browser vets its feed.

Regards, Rob Philpott.

chriselst

HobbyProggy wrote:

BTW: Hope you didn't plug it in at work, otherwise this B**tard might spread across the company, we had such an issue here, had to disconect 10 machines and reinstall them by hand after cleaning everything off. Thank god it didn't hit a server.

Many, many years ago the company I worked for had their servers down for 3 days after a virus swarmed through the network. Fortunately I was away on my honeymoon at the time. Turned out it was the CEO who had let his kids on his laptop then brought it into the office and plugged it in to the network.

Some men are born mediocre, some men achieve mediocrity, and some men have mediocrity thrust upon them.