Last night, I had looked up something on Wikipedia for my wife, and when finished, this screen popped up on my pc....all my files, documents, and pics are still intact, but they have been encrypted....it was attached to my Microsoft Office and Wordpad, and was called "Help Encrypt"....Anyone ever seen this sheeit???


What happened to your files ?

All of your files were protected by a strong encryption with RSA-2048 using CryptoWall 3.0.

More information about the encryption keys using RSA-2048 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

　

What does this mean ?

This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them,

it is the same thing as losing them forever, but with our help, you can restore them.

　

How did this happen ?

Especially for you, on our server was generated the secret key pair RSA-2048 - public and private.

All your files were encrypted with the public key, which has been transferred to your computer via the Internet.

Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our secret server.

　

What do I do ?

Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed.

If you really value your data, then we suggest you do not waste valuable time searching for other solutions because they do not exist.

　

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:

1.http://ayh2m57ruxjtwyd5.abctopayforwin.com/4dd113

2.http://ayh2m57ruxjtwyd5.bcdthepaywayall.com/4dd113

3.http://ayh2m57ruxjtwyd5.deballmoneypool.com/4dd113

4.http://ayh2m57ruxjtwyd5.armnsoptionpay.com/4dd113

If for some reasons the addresses are not available, follow these steps:

1.Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en

2.After a successful installation, run the browser and wait for initialization.

3.Type in the address bar: ayh2m57ruxjtwyd5.onion/4dd113

4.Follow the instructions on the site.

　

IMPORTANT INFORMATION:

Your personal page: http://ayh2m57ruxjtwyd5.abctopayforwin.com/4dd113

Your personal page (using TOR): ayh2m57ruxjtwyd5.onion/4dd113

Your personal identification number (if you open the site (or TOR 's) directly): 4dd113

No virus protection was running???

Is that some sort of hacker blackmail thing?

There IS a "Ransom Virus" going around.

Is that it?

It's a bitlocker or otherwise known as ransomware. You'll need to do some research on whether or not it's one of the types that actually DO encrypt your data and have the ability to make it inaccessble to you.

Len

If I was you, the actions I would take are following:

see if you can open your documents. If you can, you probably have not been encrypted.
Download superantispyware (free version) run it - http://download.cnet.com/SuperAntiSpyware-Free-Edition/3000-8022_4-10523889.html
Download Free AVG if you don't have AV running on your machine - http://download.cnet.com/AVG-AntiVirus-Free-2015/3000-2239_4-10320142.html - run the scan
Same with malwarebytes - http://download.cnet.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.html - run the scan

Keep AVG running at all time, you don't need the pay version.

Honestly, from how it reads it's just the "scare you in to giving us money" version. In order for the true ransomware to be installed you have to grant permissions for it to run on your machine. So unless you've been surfing the web completely unprotected, I doubt they got you. I could be wrong though. I haven't had to deal with this crap much since my Mom stopped using her computer :)

Len, as stated in my initial post, they have already infected my stuff.....its encrypted and I can not open anything ....internet stuff not affected; just files, documents, and pics.

And, yes Bucky, AVG runs all the time....evidently, they got thru it.

Gotcha. When this happens at every company I've worked for the machine is pulled from the network and re-imaged. Meaning completely wiped, everything gone. I honestly don't know what a private citizens options are.

What exactly happens and what do you see when you open a word doc?

What exactly happens and what do you see when you open a word doc?

I see a screen with all that threatening sheeit, just as it is written in my initial post....I copied and pasted it above.

I agree. You're fucked.

bKB

Thank you....thank you very much. ;)

Just wipe your machine and restore your data from your backup drive. You're welcome.:hello

If Ed would stay away from those gay porn sites Kribbs sends him links to


Seriously How does one avoid ransom ware?

QA, malware like that can't be installed without you giving it permission to do so. Either following an email link, clicking yes to something innocent, any number of transactions that appear normal but are engineered to appear that way when what they're really doing is installing the software on your machine. Obviously it's not going to say "installing bad stuff now", it will be presented as something else. Most times, it's done weeks or months before and has a timer set to activate it so that you'll never really know when it happened.

I still think Ed may be better off than he thinks and maybe it's just a macro attached to his Word application. I'd take a file, copy it to your hard drive and go open it on another PC. If it opens, you're really not infected and you just need to delete MS word and reinstall it.

Seriously How does one avoid ransom ware?

QA, I gots no idea....I normally close out my screen, when I'm finished with it, but last night, for some reason, I didn't....wife called me to supper, just as I finished looking up the definition of a word for her on wikipedia....20 minutes later, when I returned, I was fubared for ransom....I'm sure it's prolly some sorry little piece of sheeit in Bummfokkegypt, doing this sheeit for a few bucks.

Does standard malware/antivirus pick it up or do you have to pay $39.99 a month?

I was wondering that too. Malwarebytes still work on those platforms?

BKB

QA, I gots no idea....I normally close out my screen, when I'm finished with it, but last night, for some reason, I didn't....wife called me to supper, just as I finished looking up the definition of a word for her on wikipedia....20 minutes later, when I returned, I was fubared for ransom....I'm sure it's prolly some sorry little piece of sheeit in Bummfokkegypt, doing this sheeit for a few bucks.

I guarantee you it happened way before last night. Weeks or months before. That's what makes them so hard to trace. It's installed way before and set to go off at a certain time.

No single app will catch everything. It's always hit or miss. But with something like that I would have expected malwarebytes to at least "see" it, even if it couldn't remove it.

Everything on your PC has a "registry entry" associated with it, meaning it has information on where it is, what it does, what it's allowed to do and any other operational parameters. Part of AV software's job is to detect anomalies in those registry entries and tell you about them, among other things.

We're very near the end of my knowledge on these things!

Shit, we may have just passed it :)

I'd just love to be alone in a sound-proof room for three minutes, with one of the little bastards who does this sorta sheeit.

Three minutes? You gonna have sex with them? It wouldn't take me three minutes to get him down and stomp on all his fingers, or they'd whip me one. Either way it'd be quick

Oh noo!!! Reminds me to do my backup tonight....

This is amazing, really.

Man, Ed. How awful. I hear 'backup' but totally backing up every single thing on your computer is not cheap, I don't think. Not many folks do it. And picking this and that to back up is so time consuming. I did put my pictures in the Amazon cloud........but so many files are important. Wow.

Backups are not really that hard and if you dont get too carried out you can set your system to do it automatically for under $100.00. You can go almost anywhere that sell computer stuff (including wally) and get those backing hard drives. they even come with software to do the backup. You set a schedule for the backup to happen on those days and times that you usually dont use the pc. If you do weekly incremental backups it just take a few minutes to get the backup done. Whatever you chose try to find a back up software that you can boot from when hooked to the usb, e-sata or whatever connection to the BK hd so you dont have to do a fresh install and then do the restoral. I use acronis.

I make 2 types of backups. I have a 1 TB backup hard drive for the incremental backups (my intentions is to do these backups monthly but I fail to do that) and a 500 gb hd to clone the working hd every 6 to 8 months. My TB backup unit has an acronis bootable partition loaded into it so I can boot on my backup hd with my pc even if my OS is fubar and do a restore. At worst case scenario, I can use my clone to boot and use the Acronis to restore the backup in the fubar hd OR if the drive is really dead then I can just order one and do the restore later....


The only bad thing about incremental backups is that the restore takes longer than if you have a total backup or differential backups. BUt any type of backup is better than reinstalling and starting again. I know I can bear doing that, reason # 2 why I am not moving from xp to any other windows version until I must.....

If Ed would stay away from those gay porn sites Kribbs sends him links to Seriously How does one avoid ransom ware?

Buy a iMac

There's no guarantee there............... but I defer to Nandy's knowledge.

https://blog.malwarebytes.org/fraud-scam/2013/07/fbi-ransomware-now-targeting-apples-mac-os-x-users/

http://www.digitaltrends.com/computing/watch-out-mac-users-ransomwares-coming-for-you-too/

Fish on!!!!!
Hooked ya.
You are SO easy to catch. :D

I'm a crappie.

You're a redfish.

Being the family techsupport I grew very tired of the teenagers back then downloading every crap in the world and visiting every other bad russian site to watch "free movies". I was fed up with the constant battle with viruses to salvage their data and settings. This seems to happen every other month... So...
I had an image of a fresh basic install of every pc in the house, then I gave everyone a backup drive and told them set it up and to stop going anywhere they were not supposed to be. when the first one came in with a virus I asked for the backup hd, he never set it up. I got my image and BAM! Back to basic install, he had to install all of his crap and lost all his pictures and other stuff.... Second time, same thing, where is your backup? No backup? "can you please fix it?" Nope, wham BANG! Back to basic again.... I dont even think he has a working pc nowadays (about 6 years later) but the girl, she came one day with the problem, gave me her backup, I put the basic image, booted, did a restore to a few weeks before, booted and she was fine... some learn, some dont....

Once there is enough Apple users to be noted they will end up having the same virus/hacking issues as MS users. It comes down to the user itself, being prepared and not so trusty. However, no antivirus will catch them all and every know and them, even the tech support guy gets one.... That is why I have backups...