Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie

What is this and how does one get rid of it?

  • 21-07-2016 11:21am
    #1
    Registered Users Posts: 719 ✭✭✭


    the following message appeared on a friends pc:

    All of your files are encrypted with RSA-2048 and AES-128 CIPHERS......and it goes on and on saying that you have to pay a fee to get it removed!!!!

    What is it and how does one get rid of it as it makes all files un openable?

    Thanks for any assistance.


Comments

  • Closed Accounts Posts: 1,324 ✭✭✭RGDATA!


    sounds like ransomware - i.e. malware which encrypts your files until you pay the scammers to unlock them.

    Hopefully your friend has been taking regular backups of important files -
    if they don't have any files on the PC that are vital, the best thing would be wipe it and reinstall the OS

    I don't have any experience in removing this kind of malware, and it looks like it may not be easy to do so. If there was vital data on the PC, I would take it to someone who specialises in virus removal.

    Personally, I wouldn't consider paying, but I keep my critical files backed up so I'd have that to fall back on. I have read about cases where people pay the ransom and have had their files unlocked but obviously there's no guarantee; like I say, I wouldn't.


  • Registered Users Posts: 3,359 ✭✭✭pah


    http://www.techweekeurope.co.uk/workspace/ransomware-gangs-willing-to-bargain-195262

    I believe the unofficial advice is to pay up - unless a specialist can do something for you - even then it has to be a ransomware version that has been cracked such as petya


  • Registered Users Posts: 1,931 ✭✭✭ItHurtsWhenIP


    Some ransomware have been cracked and it may be possible to recover the files without paying the evil doers. If you can post a pic of the screen showing up the message, we might be able to determine if this version of ransomware has been cracked or not.

    If it hasn't and If your friend has no backups and there is important data on his disk that he absolutely cannot live without, then pay the fcukers, hope they release the data.

    If they do THEN - get him to buy a friggin external disk drive and back his sh1t up to that. Disconnect it. Wipe his PC and re-install OS and programs. Otherwise they'll be back.

    Once the machine is back clean, he should (depending on how often things change on his PC) connect the disk drive, backup his data and then disconnect the drive again.

    Also suggest that he doesn't open attachments on e-mails from people he doesn't know - AT ALL no matter what they say.

    I could go on ... but my blood pressure is already on it's way up.

    I HATE RANSOMWARE!!! :mad::mad::mad:


  • Registered Users Posts: 719 ✭✭✭ethical


    thanks for your assistance.neither my friend or me are very techy but the following is the lovely message she found on her desktop:

    All of your files are encrypted with RSA-2048 AND AES-128 CIPHERS
    More information can be found about RSA and AES here:
    //en.wikipedia.org/wiki/RSA_(cryptosystem)
    //en:wikipedia.org/wiki/Advanced_Encryption_standard

    Decrypting of your files is only possible with the private key and decrypt program
    to receive your key follow one of the links:
    1 http://mphtadhci5mrdlju.tor2web.org/E3BB11B64338BA39*
    2.http://mphtadhci5mrdlju.onion.to/E3BB11B6433BA39*

    iF ALL OF THIS ADDRESSES IS NOT AVAILABLE FOLLOW THESE STEPS
    1.Download and install TOR BOWSER:http//www.torproject.org/download/download easy
    2 After a successful installation run the browser and wait for initialization
    3tpype in the addressbar:mphtadhci5mrdlju.onion.to/E3BB11B6433BA39*
    4 follow instructions on site

    !!! your personal identification ID:E3BB11B6433BA39* !!!

    (THE BSTARD PUT IN THE EXCLAMATIONS) I just inserted a star where the last digit/letter was)


  • Registered Users Posts: 1,931 ✭✭✭ItHurtsWhenIP


    ethical wrote: »
    thanks for your assistance.neither my friend or me are very techy but the following is the lovely message she found on her desktop:

    All of your files are encrypted with RSA-2048 AND AES-128 CIPHERS
    More information can be found about RSA and AES here:
    //en.wikipedia.org/wiki/RSA_(cryptosystem)
    //en:wikipedia.org/wiki/Advanced_Encryption_standard

    Decrypting of your files is only possible with the private key and decrypt program
    to receive your key follow one of the links:
    1 http://mphtadhci5mrdlju.tor2web.org/E3BB11B64338BA39*
    2.http://mphtadhci5mrdlju.onion.to/E3BB11B6433BA39*

    iF ALL OF THIS ADDRESSES IS NOT AVAILABLE FOLLOW THESE STEPS
    1.Download and install TOR BOWSER:http//www.torproject.org/download/download easy
    2 After a successful installation run the browser and wait for initialization
    3tpype in the addressbar:mphtadhci5mrdlju.onion.to/E3BB11B6433BA39*
    4 follow instructions on site

    !!! your personal identification ID:E3BB11B6433BA39* !!!

    (THE BSTARD PUT IN THE EXCLAMATIONS) I just inserted a star where the last digit/letter was)

    Is there anything on the window title bar saying Cryptolocker or CryptXXX - e.g. (look at the top left of this window):
    cryptolocker-508p-100390630-orig.png

    Again I ask is the data on this machine anything that she can live without?

    Cheapest solution is to wipe and re-install.


  • Advertisement
  • Registered Users Posts: 719 ✭✭✭ethical


    i know there are a fair few photos on the computer.
    there does not seem to be anything like you mentioned on the window bar but when you try and open any folder it has a google chrome logo which has underneath it -H-E-L-P,FOLLOW INSTRUCTIONS SO AS TO GET YOUR FILES UN ENCRYPTED.i DIDNT CLICK ON IT BUT ASSUME ITS THE SAME MESSAGE AS POSTED EARLIER


  • Registered Users Posts: 1,931 ✭✭✭ItHurtsWhenIP


    ethical wrote: »
    i know there are a fair few photos on the computer.
    there does not seem to be anything like you mentioned on the window bar but when you try and open any folder it has a google chrome logo which has underneath it -H-E-L-P,FOLLOW INSTRUCTIONS SO AS TO GET YOUR FILES UN ENCRYPTED.i DIDNT CLICK ON IT BUT ASSUME ITS THE SAME MESSAGE AS POSTED EARLIER

    OK - I'm not sure - without a visual reference, I can't tell what type it is - maybe the more experienced cybersec guys can tell from the text description above.

    Grasping at straws time - Is there any chance that those photos are synched with Dropbox/Google Drive/Sky Drive/Any kind of cloud service? Perhaps even uploaded to Facebook/Instagram - maybe the most important ones, which she could then survive without the others.

    She's got to decide if it really is worth paying €300 and upwards to these cnuts to Maybe get them back.

    I think regardless, she's probably going to need a tech to help put her machine back right - so factor the costs of that in too.


Advertisement