1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ever Been Hit With Ransomware?

Discussion in 'BlackHat Lounge' started by SnoopyDrew, Apr 20, 2016.

  1. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,156
    Likes Received:
    633
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    Well it happened to me last night. I was a little drunk and not really thinking. I got an email that said I needed to appear in court. It seemed somewhat legit and it was not in my spam folder. It had an attatched file on it that seemed legit as well.

    Long story short I have ransomware that has a note that says.

    - If you do not pay in 3 days YOU LOOSE ALL YOUR FILES.
    - Nobody can help you except us.
    - It`s useless to reinstall Windows, update antivirus software, etc.
    - Your files can be decrypted only after you make payment.
    - You can find this manual on your desktop

    I thought it was a joke until I actually did some reading up on it and it seems as if its a very serious problem right now. Some of my files have already been crypted. Does anybody have any experience in this stuff? I have been trying malware forums and stuff like that but those forums take FOREVER to answer me back. I can't lose all my files and I am freaking out :(
     
  2. okta123

    okta123 Newbie

    Joined:
    Sep 12, 2015
    Messages:
    5
    Likes Received:
    2
    The fbi recommends that you pay up if hackers infect your computer with ransomware.
     
  3. SkyrocketSEO

    SkyrocketSEO Jr. VIP Jr. VIP Premium Member

    Joined:
    Nov 5, 2012
    Messages:
    4,514
    Likes Received:
    11,822
    Occupation:
    travəlɪŋ
    Location:
    Aibres
    Home Page:
    Dude, you are fucked!
     
  4. Conor

    Conor Elite Member

    Joined:
    Nov 7, 2012
    Messages:
    3,577
    Likes Received:
    5,955
    Gender:
    Male
    Location:
    South Africa
    Home Page:
    Just ignore it. It sounds like moronware.

    Formatting always works.
     
  5. jigsaw23

    jigsaw23 Registered Member

    Joined:
    Aug 27, 2015
    Messages:
    89
    Likes Received:
    38
    Gender:
    Male
    Occupation:
    R&D
    Location:
    Pluto
    can you provide a screenshot for the message you are receiving
    Just to be sure which ransomware has targeted you.

    These days teslacrypt and locky ransomware are doing the rounds.
    Are they demanding you to visit a tor link?
     
  6. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,156
    Likes Received:
    633
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    Well I have done some research and it seems like I have pinpointed the exact type of ransomware it is. I just have to decrypt all the infected files and its a huge fucking hassle.
     
  7. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,156
    Likes Received:
    633
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    Here is a screen print of it 745eb0a2-441a-4526-872c-fe77f7f0ebad.jpg
     
  8. Conor

    Conor Elite Member

    Joined:
    Nov 7, 2012
    Messages:
    3,577
    Likes Received:
    5,955
    Gender:
    Male
    Location:
    South Africa
    Home Page:
    http://www.bitdefender.com/tech-assist/self-help/removing-police-themed-ransomware-malware.html
     
    • Thanks Thanks x 3
  9. msoman

    msoman Jr. VIP Jr. VIP

    Joined:
    Aug 13, 2012
    Messages:
    690
    Likes Received:
    165
    Location:
    Down Under
    Maybe try reporting to the police?
     
  10. roguerabbit

    roguerabbit Regular Member

    Joined:
    May 11, 2015
    Messages:
    211
    Likes Received:
    61
    Occupation:
    Electrician by day, freelancer by night
    Location:
    Earth
    I can offer no help, only came here to say I'm holding thumbs you manage to sort this S out
     
  11. jigsaw23

    jigsaw23 Registered Member

    Joined:
    Aug 27, 2015
    Messages:
    89
    Likes Received:
    38
    Gender:
    Male
    Occupation:
    R&D
    Location:
    Pluto
    can you give me the name

    For example if it is teslacrypt
    then we can use this tool by CISCO
    http://www.talosintel.com/teslacrypt_tool/

    IT IS BETA BUT STILL A SHOT

    if its locky then it is harder
     
  12. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,156
    Likes Received:
    633
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    I think the malware forum people were saying its a nemucod or something like that. They are helpful in the forums but they answer back so slowly.
     
  13. jigsaw23

    jigsaw23 Registered Member

    Joined:
    Aug 27, 2015
    Messages:
    89
    Likes Received:
    38
    Gender:
    Male
    Occupation:
    R&D
    Location:
    Pluto
    no use at all...
     
  14. jigsaw23

    jigsaw23 Registered Member

    Joined:
    Aug 27, 2015
    Messages:
    89
    Likes Received:
    38
    Gender:
    Male
    Occupation:
    R&D
    Location:
    Pluto

    Awesome(that there is a decryptor not that you got infected.)
    the decryptor for nemucod is released already.

    I WILL GIVE THE LINK TO THE SOFTWARE

    but just to be sure about the type

    which forum was it
    How were you notified about the ransom

    Example: If your computer is infected with the Locky ransomware will display a red _Locky_recover_instructions.png wallpaper that covers the entire desktop, and all your documents will have a .Locky extension. A _Locky_recover_instructions.txt text file will be placed on your desktop. Both files contain instruction on how or recover the encrypted files.
     
    • Thanks Thanks x 1
  15. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,156
    Likes Received:
    633
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    Yes It was confirmed to be .crypted nemucod ransomware and its already crypted a lot of files on my pc.

    I wish I was a little bit more tech savvy but I have no idea what I am doing to be honest.
     
  16. tompots

    tompots Elite Member Premium Member

    Joined:
    Dec 11, 2011
    Messages:
    4,371
    Likes Received:
    3,964
    Gender:
    Male
    Occupation:
    Full Time Bot Developer
    Location:
    Automation Alternatives
    Home Page:
    That sucks that happened to you, I have heard about this, and it is becoming a big problem. I guess the encyption is so strong the US goverment can't decrypt it. There was a big hospital here whare I live that got it and had to pay a tone of money
     
    • Thanks Thanks x 1
  17. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,156
    Likes Received:
    633
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    Thank you so much for the help I really appreciate it.

    I got it from bleepingcomputer and this thread http://www.bleepingcomputer.com/for...ucod-decrypttxt-support-and-help-topic/page-6

    I think I already have the decrpter software downloaded if its a application called Decrypt_nemucod then yes I have that already I just have no idea how to use it.
     
  18. SnoopyDrew

    SnoopyDrew Senior Member

    Joined:
    Jun 25, 2014
    Messages:
    1,156
    Likes Received:
    633
    Gender:
    Male
    Occupation:
    Affiliate Marketing And SEO
    Location:
    Oregon
    Hopefully this thread can save some people the trouble. Do not click on an email if it tells you to appear in court.
     
  19. jigsaw23

    jigsaw23 Registered Member

    Joined:
    Aug 27, 2015
    Messages:
    89
    Likes Received:
    38
    Gender:
    Male
    Occupation:
    R&D
    Location:
    Pluto
    BRO cryptovirus are a different class

    it is not your usual malware. It took FBI, govts, security firms months to find a solution.

    Example: Cryptolocker in 2013(others are just clones and variants)
    Due to the nature of CryptoLocker's operation, some experts reluctantly suggested that paying the ransom was the only way to recover files from CryptoLocker in the absence of current backups (offline backups made before the infection that are inaccessible from infected computers cannot be attacked by CryptoLocker).Due to the length of the key employed by CryptoLocker, experts considered it practically impossible to use a brute-force attack to obtain the key needed to decrypt files without paying ransom
     
  20. shanna_doll

    shanna_doll Power Member

    Joined:
    Apr 10, 2012
    Messages:
    653
    Likes Received:
    323
    Location:
    Bosnia and Herzegovina
    I'd recommend to backup all of your important files on a USB or SD Card or something.