• I want to thank all the members that have upgraded your accounts. I truly appreciate your support of the site monetarily. Supporting the site keeps this site up and running as a lot of work daily goes on behind the scenes. Click to Support Signs101 ...

Anyone else been extorted?

visual800

Active Member
I was brought a laptop from a friend that had a lock on his computer that would pop up and say " this computer has been linked to child porn" call and pay and we will release....really?

it was a nasty virus to remove. I started in safe mode ran MBAM, CCLEANER AND HIJACK THIS. I got it off but it was a couple of hours. it amazes me how some people are this damn smart and use it to deceive and steal. And im more than certain they could find out who is doing this kind of crap but noone cares
 

Drip Dry

New Member
A customer got hit with this 2 months ago.
His IT guy couldn't fix it. I know the computer guy and he seems very knowledgeable.

Anyway, they followed the instructions. I think they had to use bitcoin or something to pay. Paid 650.00

They did get unlocked... I'm not sure how



Now, just because they got unlocked, doesn't mean you will get unlocked
 

LeLuni

New Member
All you need to do is google the text of the 'this is encrypted' popups. Malwarebytes is good, but bleepingcomputer.com will often have step-by-step removal instructions.
If you find your problem in the bleepingcomputer.com forum (and you probably will), then follow the instructions very, very specifically.
That should get your system functional... enough to get important files before a clean wipe and reinstall of the OS.
My wife does this once a year while searching for free images, powerpoints, or this-or-that for teaching in her classroom... she's a bit gullible with popup windows.
You don't need to pay anyone to get this sorted.
 

DravidDavid

New Member
This particular attack is more sinister and harder to remove than simply using good ol' Malware bytes to tackle it inside of Windows.

The software has genuinely encrypted your files. It's not a bluff to scare you in to giving them your money, nor is removing their ransomware completely an easy task. If you've got a data centre and 100,000 years, you might be able to break the encryption, otherwise you either pay them the money or simply take your losses.

There is one single, VERY small ray of light you may have at your disposal. But it may not work right away. After complaints are generated, the servers the criminals use are found and seized. Encryption keys are sometimes released in to a data base to help those affected.

How it works, is you upload an affected file and the server goes through the list of seized keys and finds the one that decrypts your file. You can then use that to decrypt the rest. The problem is, if it is an active operation you may need to wait a while.

What I'm saying is, your local IT won't be able to help you, but some of the data may not be a total write-off just yet.

By the way, if you pay them you are quite likely to get your key and the ability to decrypt your files. These ransomware criminals rely on their honest (if you can even call it that) reputation. If they had a reputation for non-compliance after payment, they would never make any money as nobody would ever pay them to start with.

It's a moral issue, do you pay the crook and take lose some money? Or start from scratch, take your losses and flip them the middle finger? Your choice. :)

EDIT: This ransomware usually infects your computer via attachments opened from email. Specifically, email stating you had an invoice payable or a resume to review and encourages you to open it. It's important office staff know to check addresses are from safe, verified sources before opening attachments and that all computer have an anti-virus and firewall. A central dedicated firewall is most effective.

attachment.php
 

Attachments

  • image.png
    image.png
    13.6 KB · Views: 345

AF

New Member
Which ransomware was it? Many can be prevented through policy modification for protection in the future. Kudos to MS for designing such easily exploited software. The annual cost to protect, debug and recover from these exploits has to be a million times the cost to simply design the OS properly in the first place. Which makes me think that maybe there are backdoor deals going on between MS and the crooks...
 

DravidDavid

New Member
Which ransomware was it? Many can be prevented through policy modification for protection in the future. Kudos to MS for designing such easily exploited software. The annual cost to protect, debug and recover from these exploits has to be a million times the cost to simply design the OS properly in the first place. Which makes me think that maybe there are backdoor deals going on between MS and the crooks...

There are no backdoor deals.

There are wholesale ransomware applications available on the black market. Some made to order or with a certain theme or branding, which could be something to do with Techman's TOR reference. A lot of these criminals become quite wealthy via this ransomeware method. Individuals that know how to properly distribute the application have been said to make in excess of $30,000 dollars per day.
 
We use Carbonite to back our files up. We also use an external hard drive to do a manual backup of all vital files at least once a month on Friday before closing. Then we unplug it from the computer when we're done backing files up on Monday morning. If your business relies on computers and data, this is something that everyone should do. To me, it's not an option, but rather a necessary precaution. The best part is if I want to work on a project with a tight deadline from my home office, I can access my Carbonite files from anywhere. It's super convenient.

I would honestly hate to be in your shoes. Best of luck.
 

S'N'S

New Member
They put out alerts on the news and in news papers about these Ransomwares months ago over here. I never open pop ups or open suspicious emails and run either No Script or adblock Pro.
 

DravidDavid

New Member
They put out alerts on the news and in news papers about these Ransomwares months ago over here. I never open pop ups or open suspicious emails and run either No Script or adblock Pro.

NoScript and AdBlock are certainly lifesavers. They make browsing the internet dummy proof to a certain extent.
 

Techman

New Member
We use Carbonite to back our files up.

sorry to say,, Ransome ware will get into any and all drives on a network including offsite backups.
People are hosed no matter what .. Opening strange emails, or attachments or strange invoices are dangerous.
 

Chad

New Member
This happened to an older couple in Toronto area a couple of months ago. Paid $2,000 for a life time of pictures and the scums never returned the files just took the money.
 

Desert_Signs

New Member
sorry to say,, Ransome ware will get into any and all drives on a network including offsite backups.
People are hosed no matter what .. Opening strange emails, or attachments or strange invoices are dangerous.

The ransomware thing happened at a shop I used to work for. They had no backups. Had to pay the ransom, and did get the key.

I use Dropbox Business for my backups (along with a NAS). I spoke to them specifically about this issue. They said if you keep your files synced to their servers, it's no big deal for them to fix it. They can roll back to old versions of your files, no problem. So, I have my NAS, dropbox, and I once monthly back up to a hard drive that I keep off site.

I feel fairly protected.
 

dypinc

New Member
Which ransomware was it? Many can be prevented through policy modification for protection in the future. Kudos to MS for designing such easily exploited software. The annual cost to protect, debug and recover from these exploits has to be a million times the cost to simply design the OS properly in the first place. Which makes me think that maybe there are backdoor deals going on between MS and the crooks...

You mean MS and the Government.
 

TimToad

Active Member
I would have but apparently no we don't have any backup. On site or off site.

Well, then your employers are idiots. Aside from our equipment, the next most valuable thing we own is our files.

Our IT company charges us $75 per month for offsite (Carbonite) daily backup, 24/7 remote network and system security/malware/virus protection and monitoring.

That's one small banner job per month for peace of mind.
 

brycesteiner

New Member
Do you happen to have access to your files from another computer system - aka Chrome, OS X, Ubuntu, etc? Try and see if you can seem them. You may very well be able to filter the files by copying them through the network to a computer that won't be susceptible to the virus.

Our system backs itself up every hour with the computers having access. I really like Apple's time machine being built into our server.

I know others have said don't use Windows and that would be one option in this case, but people should not think they are automatically safe from losing data just because they aren't using MS. From Power failure's or You could have a PO'd employee who could delete the data in just a few minutes and have the same issue - no matter the OS. Bad things happen. Just be prepared.

Hope it all works well for you.
 
Top