Thread replies: 59
Thread images: 7
Thread images: 7
File: c35bef5a9675aa4789695ff5f2d5a65b.png (154KB, 1733x680px) Image search:
[Google]
154KB, 1733x680px
All of my pictures and tons of albums all look like this. Is it too late? :(
>>
File: bb17d62904a507b91d15dc88dfb71a2c.png (26KB, 966x266px) Image search:
[Google]
26KB, 966x266px
Also got this spooky message.
>>
>>57533309
Looks like you were dumb enough to infect your computer with ransomware.
>>
>>57533343
Yeah I am completely aware of that. I know I am dumb. Is there any way of recovering though. It is on a separate hard drive that I keep music and pictures on so it is no big deal.
>>
>>57533361
>It is on a separate hard drive
It was until it started encrypting your other drives too. It's probably still doing it right now.
>>
>>57533361
>recovering
Nope. Reformat.
>>
>>57533341
Nope you're fucked.
>>
>windows
>ransomware
nothing new here, carry on.
>>
>>57533309
Hang on to those drives until someone discovers the NSA's backdoor to AES-256. Until then you're fucked.
>>
You poor bastard
>>
https://success.trendmicro.com/solution/1114221-downloading-and-using-the-trend-micro-ransomware-file-decryptor
>>
Alright OP here. It infected the one hard drive and I removed everything. What can I do before it spreads. It has been a while. I am prepared to reformat but just wondering if I can do anything to prevent this from taking over.
>>
>>57533478
install gentoo
>>
>>57533478
install gentoo
>>
>>57533478
Your system cannot be trusted. Wipe everything, including all external drives that have touched this system since (or shortly before) the infection. Restore from backups made well before the infection.
>>
>>57533478
Reboot into safe-mode immediately and start cleaning out startup folders, suspicious services (via msconfig perhaps) and remove suspicious reg keys from the following:HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
Then do a virus scan with Malwarebytes or w/e.
>>
>>57533579
malwarebites is currently showing nothing.
Should I still go into safe mode.
>>
File: 1459400967972.jpg (163KB, 872x950px)
163KB, 872x950px
>>57533309
What's the file extension
>>
>>57533611
No clue I wiped that out
>>
>>57533611
.opisafaggot
>>
>>57533599
Yeah, it'll stop most shit from running at startup. Then you should check those reg keys
>>
File: 1476666551923.gif (591KB, 480x270px) Image search:
[Google]
591KB, 480x270px
>>57533622
what
>>
go here
https://id-ransomware.malwarehunterteam.com/
figure out what it is, if it's listed. download the executable if there's a way to decrypt.
had a friend who had this - the type of virus was "nemucod". the files had a .crypted extension. downloaded an executable and needed an original version of a file and an encrypted one. it generated a key and suggested you try a few different files (which i did, and the key was the same for each). it ran through the hard drive with the key and decrypted everything. i had to also uncheck a field in one of the tabs so that it would get rid of the encrypted files after it decrypted them.
hope this helps.
>>
>>57533682
>https://id-ransomware.malwarehunterteam.com/
jesus I just wiped everything I had on the one hard drive. Pictures that I will never get back, I wish I knew this sooner, but thank you for your help.
>>
>>57533732
Quick, recover everything with Recuva before you start writing to the drive again.
>>
>>57533732
>have multiple drives
>not making backups of pictures
l
o
l
>>
>>57533772
Well the other drive was basically the backup. I had moved them all to that drive to keep them safe , but the thing I installed to get me the virus went to that drive.
>>
>>57533786
what did you install?
i have my shit backed up but ransom-ware is terrifying.
>>
>>57533770
I can recover the files, but they are encrypted. Is it possible that if I recover the files then I also recover the virus.
>>
>>57533813
I was downloading an emulator and clicked on a link in a youtube description. The video had well over 200,000 views so I thought it would be trusty, lo and behold it was not.
>>
>>57533817
Just don't recover anything that has an .exe extension and you'll be fine. All of the files to recover will have filename like in your OP image.
>>
File: 1474437458038.png (2MB, 1214x1109px) Image search:
[Google]
2MB, 1214x1109px
>>57533825
Once again proving that video games are wrong and bad.
>>
>>57533858
Yeah I know I was good for so long, didn't play for a long time. Friend told me to play a League match with him one day and I've been non stop on my computer playing games (not League)
>>
Try to dox him, find out who he is and kill him or hire a killer on tor.
Any person who does this should be killed.
Or you know, be a submissive beta cuck and pay him.
Or maybe file a police report, I dunno.
>>
OP you're being stupid.
Get all the encrypted files onto an external drive. Use recuva if need be. Wipe the internal drive. Do fresh Windows install. Try the decrypters in this thread. Only recover pictures, documents, etc. STAY AWAY from recovering programs and such. Once you have all the pictures and shit decrypted, put them on a different drive and wipe the drive of encrypted shit, and then start keeping backups.
>>
>>57533361
i'd;
- reinstall windows (disconnect all non-OS disks until an AV is installed/active)
- scan all of your disks with a good AV
- restore lost data from backups
in that order
>>
>>57533786
>moved
>backup
m8, it's not a backup if it's you're /only copy/
a backup, by definition, is a second copy
>>
>>57533825
are you new to youtube? a video of a dog farting could probably get more hits than that, it's meaningless
>>
>>57533732
>>57533682
hopefully you can recover. that website saved my friend's ass so lemme know how it plays out (provided you haven't given up).
>>
>>57533341
I wonder why gmail didn't block the attacker assuming he was smart enough to use Tor.
Why was the instruction for BC payment not included in the first note.
If the process is easy enough the (normie) victim will not even bother to lookup whether the encryption key can be retrieved for free.
>OP use your search engine btw
>>
>>57534052
He downloaded an exe file listed in a YT video.
>>
>>57533560
The probability that this actually uses a rootkit/autostarts and will not be detected by a freeware AVscanner is slim. Its feasible that the rware is so crappy the data is lost even when he pays up.
>>
File: images(34).jpg (12KB, 500x547px) Image search:
[Google]
12KB, 500x547px
>>57533772
Not using Google Photos for that extra backup
Inb4 but le googolz is evil wiff my pics
>>
>>57533361
>Yeah I am completely aware of that. I know I am dumb. Is there any way of recovering though.
Reinstall OS and restore from backup?
>>
Shadow Copies
>>
>>57533732
>Pictures that I will never get back
Wait, don't you have backups?
>>
>>57534094
>Not using encrypted lossy flif on Google cold storage
>being a pleb
>>
>>57533478
Replace windows with Linux, you will be able to access your remaining files and the encryption program won't be able to run.
>>
>>57533786
>Well the other drive was basically the backup.
HAHAHAHAHAHAHAHAHA
okay kid you deserved losing your shit
i hope you learned something about backups
>>
>>57534087
Unlikely, yes, but why risk it? With a suitable backup procedure in place, very little effort is needed to nuke from orbit.
>>
>>57534094
thanks, you've motivated me to write ransomware that targets google cloud
>>
>>57534137
I doubt OP is smart enough for a good backupplan
>>
I need to set up a backup solution to run on my NAS that supports incremental backups, implements TM-style revisions, and doesn't trust the client completely (so that ransomware can't damage the backup).
>>
File: 1275022449391.jpg (30KB, 375x414px) Image search:
[Google]
30KB, 375x414px
>>57534117
Just grab Shadow Explorer, or mount the Shadow Copy location to a Visible Location, like C:/ and overwrite the encrypted files with their originals.
It's not that hard, but you've got a chance they exist in an un-encrypted form. You can google how to use Shadow Copies.
>>
>>57534166
also back up to permanent cold storage in case your NAS blows up
I recommend blu-ray or, for really important stuff, m-disc. The latter will basically last forever.
>>
Where do you find randomware?
>>
>>57533901
and ask the hitman to stream it pls
>>
>>57533825
>emulator and clicked on a link in a youtube description
weew was it a PS4 emulator or something retarded like that? All the best emulators are free software.
>>
>>57533341
>>57533309
My mothers workplace got ransomware'd very similar to this if not by the exact same group.
Talked with the IT guy about what he did to fix it, said he went around with a hard drive and manually decrypted every single (there were around 60) PCs drive and wiped them. Since the data backup company wasn't legally allowed to send him the backup files unless it was to the currently at the time infected network.
Thread posts: 59
Thread images: 7
Thread images: 7