Thank you for log file. It's look you are lucky man :) Meybe they
Thank you for log file. It's look you are lucky man :) Maybe they changed encryption scheme day after.
Immediately uppon client call me (tuesday afternoon)and tell they cannot open files from server and name of files changes, i search internet and found this forum, where I see Hrenki post link to Kaspersky utility. And on Kaspersky description i see note about .oshit file and that the file may be...
@machura
Same on me, but "blablabla" file has size 522b, and there was a png file with random filename too. Virustotal.com write that .tmp file upon execution create and file in root of systém drive (C:\) with long random name. But file is gone on my system.
@hrenki
Firts I try to run Kaspersky tool on ZIP file (32kB filesize), then on .cer b64 encoded certificate file (1.5kB filesize). Both with no result.
Hi, I can confirm that alternate addresses are working and the people behind are able to decrypt encrypted files. I sent one file to test them, they decrypted it to it's original state. They add another one alternate email address to communication with them - filehelp@lycos.com. I try some...
Thank you for advice, but more bad things happen at same time - backup machine got broken few days before they got a virus :(
At the moment of virus attack (tuesday morning), no antivirus was able to dectect that file. I test it again at tuesday evening through virustotal.com and only two...
Yes, you right, but how can you know that it's real contact mail to real publishers of the virus ? (Nothing against MisterFister) These alternate addresses are published only in this forum at this moment. So I will try to send an sample of encrypted file to these addresses to decode to prove...
I can't believe that you suspend that mailbox. Now anyone who will get infected will lost their files without any chance to recovery :(((((( You cannot think it seriously !!!! You cannot stop spreading of this virus and you did such thing!!!! Please open that mailbox for couple of next days, so...
Hi Popowich - too bad news from you !!!!! - because Kaspersky utility does NOT WORK !!!!! and I need to contact the criminals, because company of my client lost all data on the network server and backup machine is broken, so we cannot recovery data from backup. Working mailbox...
Thanx for answer, Hrenki.
Hi, MisterFister, thanx for your info about testing "terrorists".
Begining yesterday I trying to bruteforce decrypting encrypted files via Kaspersky utility. On my i7 CPU it will take about 17hours to try all the password combinations. It will end at 4P.M. so i will...