[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y ] [Search | Extra juicy! | Home]

Anyone had this shit before A customer came in with this shit,

This is a blue board which means that it's for everybody (Safe For Work content only). If you see any adult content, please report it.

Thread replies: 42
Thread images: 5

File: ransom.jpg (173KB, 970x546px) Image search: [iqdb] [SauceNao] [Google]
ransom.jpg
173KB, 970x546px
Anyone had this shit before
A customer came in with this shit, it installed itself onto the customers server and encrypted all of his files. Worst part he's a dentist or something those files are patients of his with sensitive info. Only way to decrypt the file is to pay the attackers $500 in bitcoins, if not paid within the time frame it increases to $1000.

Apparently no tool can break this code. Transactions are via Tor. Did this motherfucker make a badass virus or what, anyone here with stories with run ins with this, why isn't this fucker caught
>>
>>51415228
k keep me posted
>>
its a pretty standard attack and no you are not going to get it off without paying and the guy your paying might not even have the encryption key if he is bootlegging someone elses attack only option is to pay and pray or kiss the files goodbye
>>
He didn't have backups? He deserves it.
>>
>>51415273
That's some serious shit. I've heard about this but first time seeing it IRL.
So supposedly the key is stored on a attackers server. Why wouldn't someone hack into the attacker's server steal the key, and make bank on unlocking this for people affected by the virus for half the cost. Will this server be traceable assuming it's not hiding behind Tor or something
>>
>>51415321
He had backups... but they were connected via USB or over the network something like that. Sucks for him because it affected the backups also
>>
>>51415332
you are a little late mate. already done. the guys is on the run and the fbi is giving $3M for info about him.

anyway try your luck with https://noransom.kaspersky.com/
>>
>>51415358
>>51415374
wrong image
>>
>>51415228
looks like you need to bill this dentist $650. if he doesn't pay up, it's going to be $1200.
>>
>>51415374
>no ransom
>eastern euros
something isn't right
>>
>>51415228
>thinking that being a skiddie will crack babby's first passcode

Let the timeframe pass while you try to crack it
>>
>>51415228
>Get a bootable linux USB
>Boot from it
>Copy/paste files if its a scareware
>Burn USB
>Get another USB and DBAN the hard drive.
>>
>>51415453
Don't want to crack it, already told dentist guy he's screwed. I'm just pretty impressed on how it works, also I want to scam the scammer
>>51415460
Missing one thing How will that decrypt the data...
>>51415436
Kek so many keks
>>
https://noransom.kaspersky.com/
>>
>>51415622
If its scareware the data wont be encrypted.
>>
>>51415646
That data was encrypted though

.CCC was the file format. All the files had this

When changed back to its normal file extension like PDF for example it didn't open up.. which led me to believe that it was actually encrypted
>>
http://blogs.cisco.com/security/talos/teslacrypt

ccc is the teslacrypt virus encrypter
>>
>>51415695
>free decryption
>Its not free

How you doin OP.
>>
>>51415228
Radiolab did a podcast about this. Seems payment is the only option
>>
https://bitbucket.org/jadacyrus/ransomwareremovalkit/overview
>>
try shadow explorer OP
>>
What OS? Also what's the computing power needed nowadays if you want to brute force the keys yourself?
>>
File: image.jpg (68KB, 470x747px) Image search: [iqdb] [SauceNao] [Google]
image.jpg
68KB, 470x747px
>>51415228
Looks like he won't be shooting any lions this week
>>
>>51416415
Wouldn't ya think that a guy smart enough to pull this off would be smart enough to use at least a 128-bit key? Good luck brute-forcing that, m80.
>>
>>51416949
Say that to my 80 18-cores Xeon cluster
>>
try bitdefender they had found it and cracked it's key whick is public key crypto .
good luck
>>
>>51415228
This is old as fuck. Symantec actually worked with some ruskies to capture one of the versions servers and provide a decryption tool https://www.decryptcryptolocker.com/ but last I heard they had to shut it down due to all the permutations. Best advice is always protect your stuff and keep backups.
>>
lel my brother had this on his laptop. shit really was encrypted, affected some files on desktop, games, his photoshop but nothing too important. i just deleted all the encrypted files ayy.
>>
>>51415228
>pay $500 in bitcoins
>get decryption key
>decrypt files
>charge 900$
>???
>>
>>51415332
>I've heard about this but first time seeing it IRL.

WTF?

I've literally seen a cryptolocker outbreak for at least one customer a week for the last 18 months.

Pay the fucking ransom and if he doesn't like it, maybe he should have got a decent backup solution.
>>
People seriously pay 500 dollars for the shit on their hard drives?
>>
>>51418001
Not everyone is a NEET who only has his loli collection to lose, you know.
>>
>>51415382
That's kinda amazing. This virus will continue to spread and force people to pay money, but now that there's no one on the receiving end to send the decrypt keys ti will endlessly take in bitcoins without anywhere for them to send or be sent by.
>>
>>51418001

Nearly every outbreak is a business with ten years worth of data at risk.
>>
It's ransomware. Cryptolocker was the first big one.

Generally it's the biggest, nastiest virus running around at the moment.

How you get your data back is paying the money.

Then you learn how to make proper backups.
>>
I had one of these before, I just reinstalled my windows partition and continued with my day 30 min later
>>
>>51418128
It sure helps keeping Bitcoin in demand - and prevents inflation by removing them from the market.
>>
is linux vulnerable too?
>>
how do people even get proper malware like this? adware is easy to find, this isn't
>>
>>51418285
Literally opening emails with .exe attachments.
>>
File: afterburner.webm (688KB, 1280x720px) Image search: [iqdb] [SauceNao] [Google]
afterburner.webm
688KB, 1280x720px
>>51418307
Not necessarily. Can link to a site that has angler exploit.
>>
>>51415228
all this is normal. If you are responsible for system security it's your fault for not keeping the server up to date.
Thread posts: 42
Thread images: 5


[Boards: 3 / a / aco / adv / an / asp / b / bant / biz / c / can / cgl / ck / cm / co / cock / d / diy / e / fa / fap / fit / fitlit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mlpol / mo / mtv / mu / n / news / o / out / outsoc / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / spa / t / tg / toy / trash / trv / tv / u / v / vg / vint / vip / vp / vr / w / wg / wsg / wsr / x / y] [Search | Top | Home]
Please support this website by donating Bitcoins to 16mKtbZiwW52BLkibtCr8jUg2KVUMTxVQ5
If a post contains copyrighted or illegal content, please click on that post's [Report] button and fill out a post removal request
All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the content originated from that site. This means that 4Archive shows an archive of their content. If you need information for a Poster - contact them.