I've Been Hit with a Rare Form of Ransomware. I Don't Want It to Be a Complete Waste, So Any Questions Anyone Wants to Ask?

Restarted my Windows Server the other day, to discover my files locked and a message on my desktop about how they want 1 Bitcoin (~ 590 AUD) to unlock it. I don't use Anti-Virus, because I'm very careful, and haven't had any viruses in my 3 years of doing it. That changes this year.

Lost about 2TB / 8TB of my data, as it only hit one drive, and the boot SSD.

Noticed my friends were asking a tonne of questions, so curious, anyone want to ask anything about it? Just shoot.

Comments

        •  

          @scubacoles: Na I didn't. Cause I'm stupid :P

          This time I definitely will.

          Just bought a NAS with 4TB of storage included.

          I'm ready for whatever they have to throw at me.

        •  

          @zapy:

          Bonus points if you run a different operating system inside the VM. If the ransomware wants to "escape" from the VM, it has to compromise TWO operating systems - the OS running inside the VM, and the parent OS.

        •  

          @scubacoles:

          Pretty sure this is bunk, cause he had the server running inside a VM!

          The main reason to have a VM is to put a "wall" between some programs and the rest of your system. Running a server inside a VM does not do this, because you have to "poke a hole" in the wall, because you WANT your server to have access to all of your system!

          As the ransomware came in from the internet, the solution is to put the "wall" around the programs that connect to the internet. Web browsers, email programs and torrent programs are the main dangers for most people.

          If all your internet-connected programs are inside a VM, then normally they can only access the virtual disk space inside the VM - not your entire filesystem. Same with any malware that comes in through your internet-connected programs. It will exist inside your VM, but can't get out unless you manually copy it out, and you should do any copying from OUTSIDE the VM. Never give access to your entire filesystem to the VM.

          Note that the VM thing has to be done on ALL of the computers connected to your network. If you decide to run a torrent program or web browser outside the VM, and it has access to your network, your files can still be compromised.

          Note also that ransomware and/or viruses can also be put inside media files, accessing flaws in your media player. This is where a good anti-virus scanning program is needed, you should scan all files that you copy from inside the VM to outside the VM.

        •  

          @zapy:

          Uh, I like the idea of running inside a VM. Sounds viable !

          I should have said that ALL of your internet-connected programs should be inside the VM, not just web browsers. In this case, the malware came in through a torrent program.

      • +2 votes

        The "problem" they have with Linux is that even if it's made to run on LINUX, it will be locked out easy. Linux will not install or execute files without proper admin permissions.

        Also, in Ubuntu (for example) you just type: "sudo apt-get install clamav" and that's it. You have a free antivirus, updated to date and no worries.

        EVEN if you get locked out in Linux, just put a new disk/usb in and run it from that, reinstall OS or copy everything you need and your done. No hassle.

  • +1 vote

    Looks like Crytolocker trojan. Do not copy any files from your hard drive or from USB drive to Computer. The best way is to if you have backed up your data format the hard drive and restor your last good known copy from USB drive.

    Do not try to backup your drive at this instance as the system is already infected.

    https://malwaretips.com/blogs/remove-cryptolocker-virus/

    The encrypted files cannot be decrypted so forget about recovering them anymore.

    KASPERSKY BOOT CD OR DVD SHOULD IS HELPFUL IN GETTING RID OF THE TROJAN PROCESS . Belive me its good to format the system and re-install OS. :-)

    • +1 vote

      It's already pointed out it's not cryptolocker, but rather a much newer generation that was created in the last months or so. And nobody is quite sure what it is or who created it — just some random Anon with a bitcoin account.

      Cryptolocker is already shut down… but many others are on the rise. If you are brave enough to delve into the deep web and into the TOR network, you might even be able to download a crypto trojan from the publisher and deploy to earn some money (of course, the publisher takes most of the profits). That's how prevalent the problem is — it's basically a criminal industry.

  • +1 vote

    antivirus wont help with what seems to be the most common vector for these attacks, drive-by infections from flash/java exploits run in ads.

    disable plugins and require authorisation to run in chrome or whatever you use. I use AV but it's been largely ineffective over the 20+ years I've been using pcs. Knowing when a source is dodgy and could potentially be infected is the best defence, but these drive-by infections use different attack vectors and get elevated permissions without you ever having to run anything.

  •  

    If its something like Cryptolocker then you are out of luck. Format the drive and start again. Your files will be gone. No way to recover unless you have a backup.

  • +3 votes

    Hi Guys I'm a first time poster here.

    Just before Christmas my company was hit with a crypto variant taking out approx 216GB of files on 2 network shares replicated between Syd and Mel.

    Even with cloud based email scanning, server + desktop scanning etc, etc, this thing comes down to user error and clicking on a Word document (or similar) that had a macro (the person enabled macro's, then executed the macro so in total a 3 step process to make the payload download from the web and execute) embedded. The macro is changed enough each time for the virus signature not to pick it up. Even when we submitted the infected file to the likes of Sophos, Symantec etc, etc it took them about 3-5 days to start blocking.

    We did a full network share restore that took almost 36 hours to complete to get our files back.

    For those at home run the free backup program from Veeam called "Veeam Endpoint Backup FREE" and buy yourself a portable USB hard drive. The only cost is a HDD. There is a Linux version coming into beta soon for those on that platform.
    https://www.veeam.com/endpoint-backup-free.html

  •  

    Ok today, I went out and bought a backup harddrive, and was scared to reset my computer. Thanks. lol

  •  

    OP, did you run your Windows as unprivileged user or as admin?

  •  

    Out of curiosity, if one gets infected, is there a reporting mechanism that can forward these infections to antivirus/malware companies so that they can be incorporated into their database?

  • +1 vote

    On the "Enterprise" realm, as mentioned by one of my colleague here (J03) one of the few solutions we've bet our livelihoods to is a security suite by Cylance called CylanceProtect. Pity its really only available to the "Enterprise" ie. 1000+ End Points. Its taken care of drive by flash,java,macro,etc ransomware exploits too. The solution is not based on conventional AV tech.

    To save some of the BOLD people here pinning their heads on the wall trying to start debugging/cracking the good ol' ransomware and its encryption methods… heres for your reading

    http://blog.cylance.com/cracking-ransomware

    I partially work in the Forensics & Data Recovery field and communicate with experts @Cylance in their progress to recover files from ransomware encryption. Its one of the few companies that had success in cracking "some" forms of ransomwares encryption. It will probably cost you more than an arm and a leg to seek for their services on this topic … even then its not guaranteed they will be successful in the recovery of your encrypted files.

    So remember.
    1. Proper Tested Backup (even if you had a cold backup snapshot weekly or monthly, at least you have something to fallback to).

    2 the rest… already have been mentioned.

  • -1 vote

    Do you know if the data is actually encrypted?
    Have you looked into a recovery software that will analyse the NTFS file system?
    Have you plugged this drive into another PC for testing (A PC you don't mind formatting should something go wrong)?

    You might be surprised what you find.

  •  

    Damn.
    Very technical comments going on.
    Same thing happened to me on a home office computer.
    I dont have anything technical set up.
    Just that we can use the same printer and access a shared folder.
    I dont even download anything on it but somehow i got some ransomware on it.
    I think i had to format or just delete the files as it was just my documents folder.
    Pretty annoyed i lost it at the time but eventually replaced them.
    I didnt have a backup of the folder (now i do) and i didnt run anti virus (now i do) hahaha.
    Lucky it wasnt on the main computer…

  • +1 vote

    Hi deanylev,

    I've attempted to summarise the main attributes of the new Ransonware as described in your posts (and also slix_88's post on 05/01/2016 - 10:23)
    https://www.ozbargain.com.au/node/228888?page=2#comment-3353...

    So far, the identifying features of this variant of Ransonware are:

    1. Hugeme45.exe executable.
    2. Adds .encrpyted extension to files.
    3. Adds .txt? file to desktop as a Ransom note (if still available, please publish exact text of ransom note).
    4. Adds Dotnetfix.exe to desktop (please confirm spelling: is it -fix or -fx? Note that Dotnetfx.exe is used to deploy Microsoft .NET Framework as per link below)
      https://msdn.microsoft.com/en-us/library/ttc29d4f%28v=vs.90%...
    5. Source of infection is suspected to be either via downloads (torrents), or a Java exploit.

    As you already noted, the Hugeme45.exe filename seems to be the unique identifying attribute for this Ransonware. So far, a google search returns only 4 hits (this thread and your reddit thread, and two hits on weibo)
    https://www.google.com.au/?gws_rd=ssl#q=Hugeme45.exe

    I suggest you add the above info (or similar) to the OP as it may be useful to others, particularly computer security companies and law enforcement departments.

    • +2 votes

      Message text:

      All your files encrypted with strong encryption.
      To unlock your files you must pay 1 bitcoin to address :
      1GvQ9GsMgwAUz91PKNpAJxrAwsztg1S7jy
      Search google for how to buy and send bitcoin.
      After you send the bitcoin email to :
      myqjs01@gmail.com
      olv100@mail.ru
      vegeta85@safe-mail.net
      use all email to communicate
      with the information of username and pcname and the time you send bitcoins.
      When we will confirme the transaction you will receive decryption key and decryption program.
      You have 5 days to make transaction after that your decryption key will be deleted.And your files gone forever.

    • +1 vote

      try googling any of the below.

      hugeme.exe instead of hugeme45.exe (its just a naming variant)
      myqjs01@gmail.com
      olv100@mail.ru
      vegeta85@safe-mail.net

      If you have a sample of the virus plonk it into virustotal.

  •  

    Happened to a friends business,

    they needed accesss to the computers (it was all of them), the whole business so they paid it.

    It was a fair amount of cashola

  •  

    If you don't have backup and really want the locked data, the only way is to pay the ransom.

    If you are in this situation, DO NOT INSTALL any anti virus software, if the anti virus removes the ransom malware, you will have no way to unlock those files, the files can be lost forever.

    had this happen at work once, we wanted to pay the ransom, but the malware has already been deleted.

    •  

      I'm past that. Can't justify the cost of ransom, just ordered a NAS with 4TB included storage to avoid situations like this. Mine is different, deleted the malware, but files are still there in encrypted form.

      •  

        Yes, if you delete the malware, the files will be encrypted forever, there's no way unlocking it

        backups are really important

  •  

    You know, I've tried many antivirus over the years; anti-malware; ad and cookie blockers… In fact after this thread appeared I tried a few again that I haven't for a while.

    • It's pointless blocking cookies, because the websites I frequent don't work without them turned on.
    • I've used AVG for a long time. Found it was worthless. I had to do manual scans to find anything. Then I installed Avast instead and it found virii AVG couldn't see. Later I went back to AVG again - and it found virii Avast missed!?
    • Used norton a couple of decades ago - pointless, system turned to a snail.
    • FFWD to today. I already had Bitdefender installed. Also CCleaner, until recently have had Adaware or Adware (I think it's called). Hitman Pro is running atm. Also tried superantispyware today. It found two infections Bitdefender and CCleaner and Hitman Pro all missed for who knows how long. (Because once those were removed, the computer HDD stopped a lot of its thrashing about that it's been doing for a LONG time.)
    • superantispyware asked to reboot the computer. I let it do so. Ran it again. Both exploits were back again. Did it a third time. Same thing. Haven't done it number 4 yet, because I'm currently running Bitdefender manually first, to see if it fixes anything.
    • Months ago, before Bitdender - I had Kaspersky installed until its free code expired. Cannot be certain, but the HDD was churning back then too. So it probably missed these two as well, even though they seem to be a couple of years old so should have been detected by now surely.

    Bitfender & Kaspersky are supposed to be two of the best. So I'm pretty much fed up the lot of them! What's the point when these exploits sit on your system for months without detecting it!?

    So is there an online guide of the best way and software (and combination of that software) to protect your computer?

    Including setting up an old computer as a Linux server if necessary??

    • +3 votes

      There are anti-exploit programs out there designed to protect you from zero day vulnerabilities. Malwarebytes Anti-Exploit is very user friendly and the free version protects browsers and Java. While the premium version includes Adobe, Microsoft Office etc. Microsoft's Enhanced Mitigation Experience Toolkit is also good and can protect any application, but it's designed for advanced users and can be difficult to understand.

      For ransomware there is CryptoPrevent that adds several hundred group policy objects, but I don't use it due to the issues it causes with my software. You'd probably already know about CryptoGuard as it's part of Hitman and their company got bought out by Sophos.

      I have different setups on my own workstations depending on their role. One is setup with ESET Endpoint Security for live protection, Emsisoft Anti-Malware for an extra level, Malwarebytes Anti-Exploit and EMET working together for exploits/zero day.

    •  

      From the research I did and after speaking with a friend of myne who is an IT security expert he thinks that Webroot and Sophos have the best detection rates for ransomeware and seem to be at the forefront for providing the 0 day defintions for the variants. Webroot especially has allot of predictive smarts in it for detection.

  •  

    Home Server? Otherwise it'd be a fairly pricey "home" server. Should be running a Linux server distro. It's free, it will do everything you need it to and unless you can't read and follow simple instructions it's very easy to configure. Sure it might take a while to figure things out but if you spent the time to understand the Windows arch then you're more than capable of learning how to use Linux. Point and click isn't exactly the highest server based priority. Even if it is … You can install an X desktop manager and VNC/mirror in for a GUI. Not saying Linux is and will be devoid of Ransomware and Virii but more so than Windozer.

  •  

    Consider working with /keeping your more important files in the cloud if feasible. Recently our CFO (who is not tech savvy), was the victim of ransomware, and because our policy dictates we keep the vast majority of files in the cloud, i simply reverted his files to the previous version of the file to what it was before it became encrypted.

  •  

    .encrypted extension
    From your other comments it's crypt0l0cker there are no unlockers out for that.

  •  

    After reading your problems i'm ATM uploading an image to the cloud, about 54hrs!! ..but figure its worth it , it takes days-weeks to get the pc back with all settings just how you like it ,even though I have another drive with the pc at differing points of time.
    Good luck with it Deany ,to others make sure hidden extensions are enabled—- ala pdf-could be pdf.exe & take tips from these 4 pages
    keep pics & docs on a usb & whatever else you can't afford to loose , the rest can be re-downloaded

  • +1 vote

    I don't know that bitlocker viruses are rare, they were all over the news when they first started showing up. My parent's got one on their computer via a link in a spam email. Microsoft Security Essentials didn't detect it, and it encrypted all their documents and photos. Years worth of irreplaceable files. Of course I had backups running but they were saving to a USB drive, which the virus encrypted as well. The real kicker was that we couldn't even pay to get the files back if we wanted to - the site they linked to had been taken down. I rate the people who created this virus right up there with child molesters. (profanity) them.

  •  

    Hey deanylev. Do you have Teamviewer installed? I just did some quick research and one post suggested a Teamviewer file transfer.

    If so, check your file transfer history to see if the virus came through that way - scary stuff.

    •  

      I do actually, didn't even think of that… Holy crap that's terrifying

      I'll check in a bit. I never use Teamviewer anyway, so if it's that I'm going to be so mad.

  • +2 votes

    Dunno if anyone has chimed in here…
    I work in IT.

    FYI this is the most common type of ransomware out there….
    Not rare, happens all the time.

    Only virus scanner i have seen that can stop "Some/Most/50%" variants is Webroot.
    Any brand new variant though most likely always goes through.
    It ALWAYS goes through ANY local drive, and ANY mapped drive, no where else.

    Cryptowall
    Cryptolocker
    CrytpoL0Cker

    They are all variants of the same thing, just different people make it.

    I can say it nearly 99% came in as a email, most likely a Aus Post/DHL/Fed/License type email
    I have dealt with these variants in over 50 cases now…
    80-90% of the cases it was a email.

    OLD variants can be decrypted, send some examples to these Russian guys if ur willing
    They will tell you if your variant can be decrypted, but going from what you have said its def a more recent one, my latest one i dealt is the same i believe.
    https://support.drweb.com/new/free_unlocker/for_decode/?lng=...

  •  

    Ok. So if you use an external drive for storage/backup and keep it disconnected from the online computer… What's the safe way of connecting it to transfer those files? Obviously I don't mean the physical connection. What I'm referring to is, virii etc. can hide on flashdrives, antivirus doesn't always get it until weeks/months later, etc. So you can't even keep a separate computer, copy files to a flashdrive, and take that to the disconnected computer - safely.

    I understand this stuff basically happens quickly, does it's job… but surely there's a better method than copying files - pulling that drive - waiting a few days to be sure your computer wasn't infected (only knowing because nothing nasty happened) - and only then transfering those files onto the real backup.

    •  

      I'd say offline backup is the best option. HDDs can fail, can get hit by some new variant of ransomware or malware. Of course it's a pain to constantly connect/disconnect but I think it's worth the effort. Also what I learnt over the years is that I don't care about everything on the HDD, I only backup photos and some important documents.

      Movies/music/tv shows are always available online and it's cheaper to get a Netflix UHD+DNS subscription than paying a hacker to unlock your movie or torrent collection if you're hit by ransomware. ☺

  • +3 votes

    Bad luck OP, thought I'd chip in with my exp on ransomware, I work in IT and have seen this happen in past few years. Apologies if the below is a lot of IT jargons, I'll try to keep it simple.

    • AV will stop this:Most AVs work based on signatures, which means it only blocks the viruses that it knows. Issue with this malware is dead easy to replicate. Hackers only need to change the one variable name and re-compile the code and AVs don't detect it until someone submits/notifies the company or the company's research team finds out about this file. These are known as zero day malware - i.e. there is no fix available as yet (until AV companies generate a signature for it)
    • Why the name ransomware : Typically they encrypt all MS office files, jpgs etc basically the ones that is important and for which they may be able to get some money off you.Hence the name ransomware.
    • How does it work: Usually via a compromised webpage or malicious link, a tiny executable is downloaded which then starts the process of encrypting the files on the background. Note that it does not need an internet connection to encrypt the files. Encryption of all the connected drives takes a long time and hence the process will run quietly in the background until you discover it.The encryption also happens from from c: all the way upto z: whatever is connected and accessible at the time.
    • How do I find the infected file/executable: Usually you won't be able to find the exact file. Some ransomware replicates itself and changes it's name, deletes the original file so you won't be able to detect it.
    • Do hackers steal the data : Usually no, in this type of attack they may take a couple of files or copy across the file properties as evidence. But no, they are not interested in your photos/documents. They are after your money (ransom). As the name indicates, they're holding the key to your files. Without the key you cannot access the files.
    • How many get hit by ransomware - some reports state that one group of hackers generated >$300mill in ransom. So yeah it's a very lucrative business.

    • How to get the decryption keys: The decryption keys for old variants were published online by FireEye after the FBI busted the ring, but not the newer ones. I haven't met/heard anyone decrypt it the newer ones themselves so far, but hey, I've seen some really smart people in my life so never know there may be a mad genius out there. AFAIK you pay the ransom and they've got the keys back. However there's no guarantee to it.

    • How to avoid getting infected : Couple of things - 1 : Backup all your important data onto a BD/DVD or a external HDD (and disconnect after backup). 2. Don't click on random emails, be very careful of the links on emails. If you have doubts, contact the person and verify. 3. Don't visit dodgy sites 4. Don't download random software on your PC without verifying the source. 5. There are other techy solutions as well - eg. sandboxie or AVAST sanboxing, running without admin rights, running different user profiles etc, but am sure that's enough IT dosage for the early morning read! :)

    • Re AV comments, it's definitely good to have a proper AV on your PC. I know it's an outdated concept, but it helps in keeping your PC off any old/known malwares.

    Hope this helps.

    •  

      Thanks a lot for the info! Quick stupid question, if I just click on an infected email, can that spread it? Or do I have to download/open an attachment?

      •  

        Depending on the type of malware actually. Some malware would mail itself into others on your address book,some would just be infecting the pc from where the email is accessed.

        Re attachments, yes since malware would be embedded within the attachment, so if the email body, language isn't right, stay away from the attachment and the email. Recently there were some reports on malicious MS word attachments (macro enabled)

        In case of ransomware it usually only infects that PC.

        •  

          Thanks a tonne for the info! If you've got any more IT walls of text you feel like posting, please do! I'm writing posts like yours into a little booklet for myself, for good security practices, the more advanced and detailed, the better! :)

        •  

          @deanylev:

          As requested: :)
          * Ensure you update the OS, browsers and apps to the latest version
          * List all the hardware you have incl (and mainly router)and check for the firmware upgrades regularly
          * Install a reputed ad blocker on the browser
          * Uninstall the bloatware and other software that you don't use frequently. You can always download the latest version if/when you need it again.
          * Install cc cleaner (or similar) and run it once in a while to clean up the PC and registry
          * Run a full PC scan once in a while
          * Since you dabble with FW, disable unwanted rules
          * Just subscribe netflix/stan/any other streaming platforms. Much cheaper than torrenting!

  • +3 votes

    Have to say first i feel your frustration however at the same time antivirus is a must and there is no excuse for not having it when you can purchase kaspersky for as little as $8. I work in an Enterprise level IT environment and have battled different versions of CryptoLocker over the last year with users who like to click on bad emails. Firstly you should see if there are any previous versions of the folders available on your server usually enabled on servers and this will save you if it is enabled. then wipe your drives and reinstall everything don't save any server configurations unless you know that you can completely trust it as there may be a secondary infection.

    1) disable the everyone group and use authenticated users and give your more critical files a higher security level as cryptolocker can effect shares
    2) Install Kaspersky…. there is a feature in kaspersky to block specific file extensions such as .encr and this will prevent Cryptolocker from completing the encryption at a later date and you can also protect specific file types such as photos and documents which is what these type of infections seem to target

    Good Luck and would be interested to hear how you go

    •  

      Agree with the above about protecting documents but I am not sure about kaspersky blocking files with specific extension..would it work if the hackers change the extension from .encr to .encr1? Although it is def worth trying for to block some known extensions such as .encr, .encrypted.

      From my research another software vendor claims to be able to reverse the changes i.e. by keeping the older version whenever a change is made. I haven't tested, heard or seen it work as yet, but conceptually it seems to work and the vendor claims it will. Not sure about how much it costs etc.

      •  

        yeah its a bit hit and miss with the extention blocking but the filetype protection is pretty good… have use kaspersky products for some time now and has saved the day many times, the one to stay away from is Norton it is the virus ROFL

  • +1 vote

    Cryptolocker and its variants are hardly new or rare.

    Reading through this travesty, you're free-balling your server on the internet and downloading random files. What did you expect? You would be the root cause of your entire network being infected, not everyone else… Why is it your fault? You're the admin!

    This is a perfect case on how not to operate a home torrenting set-up.

    • +1 vote

      I wish I could argue.. But yep. I'm an idiot. But no more, bought top AV, and a big NAS. Also going to practice better security practices.

      • +1 vote

        Unfortunately it's something certain people need to go through before they start taking security seriously. I'm glad you have invested in good AV and a have come up with a backup strategy. To be honest the backup strategy is more important than the AV for obvious reasons and it often takes AV companies a while before they provide definitions for the new variations of cryptolocker that seem to be coming out daily. Sophos and Webroot seem to be on the forefront in this space but everyone has their theories.

        I'm also hoping that your client machines which have access to your server also have AV?? There is a good potential that the server AV will not pickup the Cryptolocker variant if it's initiated from a client machine. Just something to think about.

        Goodluck and stay safe..

        •  

          Client machines always had AV, except mine. I've always been so against it, but my family were too cautious to not use it. Guess it was a good thing.

  •  

    Hope you get it sorted deany… umm any word on half life 3?.. sorry just trying to cheer you up

    •  

      Thanks mate, and that's just the type of cheering up I need :D

      But in all seriousness, I'd actually know about Half Life 3 faster than the general public, I've got some.. Connections ;)

  •  

    Hey Deanylev

    Happened to me only a month or so ago, it came up right after log in.

    I was lucky enough to have another account to the PC, and was able to access all files again before wiping windows and building my boot drive again.

    The the other account, I was able to recover all the desktop / docs and other files from the main admin account.

    Will be backing up like crazy in the future with off system hdd's for the critical non replaceable stuff.

    hope this helps

  •  

    Hi all.. Just a note that Edu.au email holders can usually get 1tb one drive and unlimited google drive for free now.

    I am using Google because the app seems more stable and also it allows long pathnames and bandwidth control.

    It's good to know that my data is clouded.. But it took ages for the initial uploading of 100gb.

    •  

      Crap thing about gdrive is it doesn't resume uploads. 4gb files over a slow connection are painful!

      I last checked this about 6 months ago but I don't believe the problem is fixed.

      •  

        Oh yeah I think that's still the case unfortunately.. Very painful to upload/sync.. Especially on my flakey exetel connection

        • +1 vote

          Dropbox doesn't have that limitation and from memory neither does onedrive. I pushed up 60gb over the last few months to Dropbox on an ADSL2 connection…it was painful but it got there. Largest file was 20gb.

          Funny you say that about exetel, I was with them for my ADSL and over 6 months or so it went to shit. My speeds were inconsistent and downright unusable alot of the time. They made me do some testing and from what I gathered they had oversold my area and couldn't resolve the issue, they told me to find another company. Moved to TPG and my sync speeds went from 6 to around 10mbit, and best of all the speeds are consistent and stable. It did cost me an extra $15 per month though.

        •  

          @knk:

          Thanks for the feedback on exetel experience. Will look into tpg etc once I get flatmates to share the bill.

          Yeah I tried to use one drive last week but many files had names/paths that were too long for the server.. And I was prompted to manually change them. This is not possible as they are website embedded resources.

          Thanks for the Dropbox suggestion. It's not free for uni people tho.. I don't think.. Maybe one day.

        •  

          @Stitchy:

          Yeah it isn't free but 1tb is like 130 a year I think? Not too pricey, but not ozbargain-esque.

  • -3 votes

    This is exactly RARE at all. Read about cryptolocker, been around for at least couple of years. Have been the most successful ransomware ever.

    • +1 vote

      4 pages of comments proving this isn't Cryptolocker. Infact the original Cryptolocker isn't even being actively distributed as it can be easily decrypted.

      This is a new variant based off Cryptolocker or another type of ransomware that isn't as widespread and "professional" like Cryptowall 4.0, Radamant and TelsaCrypt etc.

    •  

      Yeah, how many people are going to tell me that this is Cryptolocker without reading the comments? Jesus, it's getting pretty old. If you're not going to comment something helpful in any way, don't comment.

  •  

    I don't run any antivirus because it slows my system down.
    If we don't download any torrents or open any suspicious email or webpage, would our changes of getting attacked be greatly reduced to 0?

    Or do the attackers target any random IP?
    Thanks.

    •  

      You're using the wrong product if it's slowing your system down. A lot of security suites include Gamer Mode or similar that reduce the amount of resources it uses.

  • +1 vote

    reading this made me copy all my mp3s onto another hdd and stash it at my folks place. Would never pay those c**ts but then again, i don't have anything worth $600 on my computer.

  •  

    Just curious, how much $$$ are these scumbags charging to get your computer/files unlocked?

    • +1 vote

      1 Bitcoin (~ $600), and a couple phony emails in broken English crying poverty got them down to 0.5 Bitcoin (~ $300).

  • -2 votes

    ok seems like you may have a chance of decryption if they are negotiable this could mean that the private key is located somewhere on your computer, if you make a clone of your drive and run a antivirus scan with one of those rescue disk's you may be able to find a bit more info about the variant that you have. worst case if you have a clone and someone cracks it at a later date then you will possibly be able to reverse the damage. by the way i recommend HD clone by mirray software there is a free one it just works at a slower rate very detailed clones.

    •  

      Personally, I'd use clonezilla for the backup but it's a good idea.

      I don't see where you're drawing the conclusion that the private key is on his computer though, they're negotiable because some money is better than no money.

  •  

    This happened to me about 6 months ago.

    I paid the 1 bitcoin and the hacker gave me the unlock keys to decrypt my 4 internal hard drives

    :)

    Suxs but I didnt lose 20 years worth of data. (not p0rn)

  • Top