1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need help with ransomware virus.

Discussion in 'Black Hat SEO' started by MariosElGreco, Apr 1, 2016.

  1. MariosElGreco

    MariosElGreco Regular Member

    Joined:
    May 31, 2014
    Messages:
    261
    Likes Received:
    8
    Gender:
    Male
    Occupation:
    http://eas-seo.com
    Location:
    Greece
    Home Page:
    I got hit by this f** virus .
    1. I did not found any leftover keys so i can decrypt.
    2. All back up files are encrypted , inculde the delete ones from the past
    3. I restore all the system volume information but it can't rollback to any of those dates "probobly al files are corrupted"



    Any help / advice please ??

    PS. The virus must be new one edition i ddin't find any folder or file to places that it used to be.
     
  2. Justkulboi

    Justkulboi Regular Member

    Joined:
    Dec 30, 2015
    Messages:
    352
    Likes Received:
    70
    Occupation:
    Businessman 100%
    Location:
    Mars
    How did you get exposed to this kind of virus in the first place?
     
  3. MariosElGreco

    MariosElGreco Regular Member

    Joined:
    May 31, 2014
    Messages:
    261
    Likes Received:
    8
    Gender:
    Male
    Occupation:
    http://eas-seo.com
    Location:
    Greece
    Home Page:
    by email.
    i did open an resume.
     
  4. accelerator_dd

    accelerator_dd Jr. VIP Jr. VIP

    Joined:
    May 14, 2010
    Messages:
    2,448
    Likes Received:
    1,009
    Occupation:
    SEO
    Location:
    IM Wonderland
    Look up the ransomware version, maybe you get lucky. But most of the time it's pretty hard to reverse it without paying. I read somewhere at some point even some police dept in the US paid the ransom to get their files back.
     
  5. Hecate

    Hecate Registered Member

    Joined:
    Jul 22, 2013
    Messages:
    53
    Likes Received:
    16
    Yeah macro viruses are pretty popular all over again now. Be extremely careful opening any .doc files.

    OP your only real choice is to pay them off. They are usually pretty true to their word in decrypting and giving you your files back. And what many people don't know, is that they can sometimes be bargained with. Social Engineer them into letting you pay a lower rate. "I'm just a poor female college student, I already have no moneyz and have to work long hard hours doing manual labor, etc etc etc". Often times they will "cut you some slack" and let you pay less.

    Best of luck. Stay safe everyone.
     
  6. MariosElGreco

    MariosElGreco Regular Member

    Joined:
    May 31, 2014
    Messages:
    261
    Likes Received:
    8
    Gender:
    Male
    Occupation:
    http://eas-seo.com
    Location:
    Greece
    Home Page:
    i found some hex keys after many many many hours and many many many luck , any many many many "maybe good was with me" i dont know how i manage it but .
    Where the hell i am going to insert them to unlock my files ?? lol
    I got this

    Algorithm: 'PGP' Volume Master Key (AES-256)
    Key data (hex): 76f59a365d0ae8a6b7a53406622ad21dfb5ab1237d6e04d96b114b856438f8a78d676s8!*jkfjhjs&jhryAHHDYhryhjwj3899471

    I found some deleted volumes of shadow copies and hibernate files.
    I found around 40 keys .
    But now what ?? I mean where i must placed them ? I havwe already get rid the virus :/
     
  7. jamie3000

    jamie3000 Supreme Member

    Joined:
    Jun 30, 2014
    Messages:
    1,311
    Likes Received:
    587
    Occupation:
    Finance coder looking for semi-retirement
    Location:
    uk
    Nasty, my work had one of these we just rolled everything back 24 hours. Personally I wouldn't bargain with them you may become a future target because they know you pay up. Also don't click the links in the ransom they probably have tracking on them. God knows what they'll do once they're browsing around your machine. I'd just recover what you can and wipe the machine and all USB sticks etc that have gone anywhere near it.
     
  8. Costa12

    Costa12 Newbie

    Joined:
    Mar 9, 2017
    Messages:
    1
    Likes Received:
    0
    Gender:
    Male
    Ransomware attack my computer files.

    what program I need to use to encrypt my files. they are attacked and all files are with extension .WALLET.

    pleae advice :(