Please Help - Ransomware has stolen my files and I need to pay in BitCoins

[redsn0w]

When you will have the bitcoins (also through cash) I suggest you to try a double spend transaction, but I do not know if it will work at 100%. Try to check this section 'https://bitcointalk.org/index.php?board=53.0' maybe you will find someone who will sell you some bitcoins.

It is very hard to attempt a double spend attack which will give you confirmation. Any hacker would want their ransom to have confirmations though.

Shvdb has a service which allows exchange of paypal to BTC if you have PayPal. The process was abit complicated but at least it protects the seller.

Maybe you are right, I have never "tried a double spend attack" against a ransomware. Maybe with the oldest version of those ransom. it could be possible double-spend a transaction ... Who knows?

[fox19891989]

Firstly, don't pay a ransom, they may blackmail you again if they get the money. I don't think the hackers will decrypt your files after they receive the ransom. They just threatened you. Your company should have backups that they can restore. Ask your company's IT department if they can help you. Don't be nervous, dude.

If you want to buy bitcoin, you can transfer money to bank or payment processors, and buy them in bitstamp, btc-e,com. Most places will not accept paypal or credit card, because these can have chargebacks and exchanges have the possibility to be scammed.

[dserrano5]

Your company should have backups that they can restore. Ask your company's IT department if they can help you.

A hero member should know that, well, reading the thread you're replying to usually helps towards not making a fool of yourself.

(edit: typo)

[Tsquared]

Bitcoin is very much like cash. Once the transaction is complete it cannot be reversed, therefore it's unlikely you'll be able to make an initial purchase of 2.5 BTC with a credit card. As DannyHamilton suggests, you can make this purchase with cash locally though, so mention your general location and maybe someone will meet you to trade BTC for cash. If no luck here, you can put a WTB (want to buy) ad in your local Craigslist. Maybe offer to pay 10% over exchange rate. Meet in a public place like a mall, restaurant, or even a local police station to avoid being robbed since you'll be carrying a lot of cash.

TT

[toddball]

Hey ALL

Again, thanks for your help so far.

Yeah, some of you haven't read thru the parts where I stated that thought I was backing up continuously, that I'm an outside consultant and therefore fell thru the cracks of IT backups.  I had antivirus, and have run lots of malware now and the threat appears to be removed.

All of my files are still here, but they are encrypted with 2048 RSA encryption.  This is like out of a movie, pay the ransom, get the key.

You don't think I'll get my files back but many have in fact, gotten theirs back.  In the spirit of get what you pay for, if they didn't make good on the promise then there would be more reports of this.  I also feel like I would not have been able to INSTANTLY get my "test" file back so quickly.  I mean, it was instantaneously available, so obviously the process is automated.

What I'm worried about at this point is the offer expiring.  I never saw the original splash screen but it's been like 72 hours.  Gotta make this happen today.  Waiting for some folks to get back to me about selling their coin.

Going to look into buying at TruCoin as a backup I guess

[toddball]

Scratch that, TruCoin seems a bust.

All I got was a "you have been added to our list" message and I read that people waited and waited and nothing happened.

I live in the middle of nowhere in Northern MI, so I can't just walk out and meet folks for a transaction.

Any suggestions for a specific site that seems to have quick turnaround?

Thanks

TB

[Tsquared]

Scratch that, TruCoin seems a bust.

All I got was a "you have been added to our list" message and I read that people waited and waited and nothing happened.

I live in the middle of nowhere in Northern MI, so I can't just walk out and meet folks for a transaction.

Any suggestions for a specific site that seems to have quick turnaround?

Thanks

TB

One of the downsides of being an Uper. I can help if you'd want to drive to the Saginaw/Bay City area.

TT

[btchris]

Any suggestions for a specific site that seems to have quick turnaround?

I signed up at localbitcoins.com because that is what was suggested by the hackers.  But nobody there will sell me 2.5 bitcoins and they want a crazy amount more than market value for them.

Regarding localbitcoins.com, were you looking in the "Buy bitcoins online in United States" section here, which typically works anywhere in the U.S. via Western Union, Moneygram, or branch cash deposits (ignore OKPay, Perfect Money, WebMoney, etc., they'll probably just make things more complicated)?

Also, DannyHamilton suggested he may be able to help you out directly: https://bitcointalk.org/index.php?topic=1037805.msg11193629#msg11193629. He's a widely trusted user on Bitcointalk.org, see here (and also a trusted escrow agent, see here), you should consider his offer.

P.S. I'm very sorry this is your first experience with Bitcoin , but I do hope you'll stick around once this mess is settled.

[cr1776]

Scratch that, TruCoin seems a bust.

All I got was a "you have been added to our list" message and I read that people waited and waited and nothing happened.

I live in the middle of nowhere in Northern MI, so I can't just walk out and meet folks for a transaction.

Any suggestions for a specific site that seems to have quick turnaround?

Thanks

TB

Since you are in the US, coinbase.com has fast turnaround - or at least they have in the past.

I too have seen reports where people paid and got their files unlocked, so if you need the files, this is pretty much the only way.

Good luck.

[DannyHamilton]

- snip -
Yeah, some of you haven't read thru the parts where I stated
- snip -

You would do well not to take advice from anybody that has an advertisement in their signature space on this forum.

The vast majority of those are people that are being paid per post to advertise with those signatures.  Therefore, they'll say just about anything in a discussion thread just to increase their post count (and therefore increase their income).  Generally, they know less about the topic they are discussing than the person asking the questions.

[cr1776]

- snip -
Yeah, some of you haven't read thru the parts where I stated
- snip -

You would do well not to take advice from anybody that has an advertisement in their signature space on this forum.

The vast majority of those are people that are being paid per post to advertise with those signatures.  Therefore, they'll say just about anything in a discussion thread just to increase their post count (and therefore increase their income).  Generally, they know less about the topic they are discussing than the person asking the questions.

Danny is correct. 

Often the people with the ads in their signatures are doing nothing but spouting random advice that is often not accurate merely to get the ads in front of people.  Be wary of advice from people with the signature ad campaigns.

[tss]

- snip -
Yeah, some of you haven't read thru the parts where I stated
- snip -

You would do well not to take advice from anybody that has an advertisement in their signature space on this forum.

The vast majority of those are people that are being paid per post to advertise with those signatures.  Therefore, they'll say just about anything in a discussion thread just to increase their post count (and therefore increase their income).  Generally, they know less about the topic they are discussing than the person asking the questions.

Danny is correct. 

Often the people with the ads in their signatures are doing nothing but spouting random advice that is often not accurate merely to get the ads in front of people.  Be wary of advice from people with the signature ad campaigns.

also click the report button when you see someone clearly wrote an answer without any thought or knowledge on the subject matter.

[saddambitcoin]

OP: have you tried Coinbase? They have an "instant-buy" option if you verify your account with a Visa or Mastercard credit card (along with verifying your bank account).

I'm not sure how long the verification process takes as its been awhile since I did it. If you don't do the instant buy method, the turnaround time for receiving BTC is 4 business days.

As others have said, it is difficult to buy bitcoins with your preferred payment methods (paypal, MC) as they are reversible, bitcoin is not.

[notlist3d]

OP: have you tried Coinbase? They have an "instant-buy" option if you verify your account with a Visa or Mastercard credit card (along with verifying your bank account).

I'm not sure how long the verification process takes as its been awhile since I did it. If you don't do the instant buy method, the turnaround time for receiving BTC is 4 business days.

As others have said, it is difficult to buy bitcoins with your preferred payment methods (paypal, MC) as they are reversible, bitcoin is not.

Why are we giving OP advice on buying bitcoins? I could have missed something, but is this advice so he can pay the ransomware?

OP you should in NO way pay the ransomware.   I gave my advice in a earlier post on how to get rid of it most likely.   Does your company have a help desk area that can help you? (I did helpdesk work once and removing virus's was normal.  Would not lose your job liked you talked about).

If no resources at work, and cannot do it yourself.  Look into places that fix computers vs paying ransomware.

[achow101_alt]

OP: have you tried Coinbase? They have an "instant-buy" option if you verify your account with a Visa or Mastercard credit card (along with verifying your bank account).

I'm not sure how long the verification process takes as its been awhile since I did it. If you don't do the instant buy method, the turnaround time for receiving BTC is 4 business days.

As others have said, it is difficult to buy bitcoins with your preferred payment methods (paypal, MC) as they are reversible, bitcoin is not.

Why are we giving OP advice on buying bitcoins? I could have missed something, but is this advice so he can pay the ransomware?

OP you should in NO way pay the ransomware.   I gave my advice in a earlier post on how to get rid of it most likely.   Does your company have a help desk area that can help you? (I did helpdesk work once and removing virus's was normal.  Would not lose your job liked you talked about).

If no resources at work, and cannot do it yourself.  Look into places that fix computers vs paying ransomware.

He said in an earlier post that he had no recent backup to restore the computer from. Removing the virus would not help, and since he has no backup, his last resort is to pay the ransom.

Yeah, some of you haven't read thru the parts where I stated that thought I was backing up continuously, that I'm an outside consultant and therefore fell thru the cracks of IT backups.  I had antivirus, and have run lots of malware now and the threat appears to be removed.

[Cryptowatch.com]

Just my two cents:

If possible - mirror the HD in question, so if everything goes badly, you at least have a copy. I assume it is only your personal files that are encrypted, and that the rest of the OS is untouched.

You mentioned that there was a "test-drive" for decryption and that you got one file back. If this code is not too sophisticated, an expert might be able to crack it so all of your files could be decrypted. Perhaps if you posted on some crypto/reverse-engineering/security forum there would be some people able to help you out. Professional services might be worth a shot too, but that might quickly add up costs.  A long shot could even be the a police department with a cyber investigation unit. If such a thing exists.

Contrary to what others say, I believe you would get your files back. If word got out that nobody gets their files back from paying, then people would most likely stop paying, and the criminals would shot themselves in the foot.

Once everything is hopefully restored, get a proper backup solution and don't forget to test that it actually works now and then.

[Reynaldo]

Contact DannyHamilton and try to buy from him with cash since he's a trusted member; They WONT decrypt your files, in fact your files may not exist anymore this type of ransom ware is well-known and the pay to this address has been going around for quite long time; More information here on the one that I'm talking about http://en.wikipedia.org/wiki/CryptoLocker

[bleeding2323]

If you have not gotten this resolved, I know of some one that can help you.  pm me i will share the information with you.

[notlist3d]

Just my two cents:

If possible - mirror the HD in question, so if everything goes badly, you at least have a copy. I assume it is only your personal files that are encrypted, and that the rest of the OS is untouched.

You mentioned that there was a "test-drive" for decryption and that you got one file back. If this code is not too sophisticated, an expert might be able to crack it so all of your files could be decrypted. Perhaps if you posted on some crypto/reverse-engineering/security forum there would be some people able to help you out. Professional services might be worth a shot too, but that might quickly add up costs.  A long shot could even be the a police department with a cyber investigation unit. If such a thing exists.

Contrary to what others say, I believe you would get your files back. If word got out that nobody gets their files back from paying, then people would most likely stop paying, and the criminals would shot themselves in the foot.

Once everything is hopefully restored, get a proper backup solution and don't forget to test that it actually works now and then.

I wish OP could give us exact virus/malware he has.  If he had that we could tell him a lot more.  My bachelors degree is actually based on computer security.  I added on quite a few extra hours to get this vs standard bachelors at a University.  Bitcoin and security are what I enjoy reading about.

We can guess and throw out ideas.  But without knowing exact variant he has it's all guesses.  It is bad you do not have backups, this makes it harder.  My last company we suggested storing backups of anything important on a network drive that we had with all kinds of security on it. 

Does your company have a help desk?  I still say this is a good option depending on how well they are.   I would hope they could look at it and say if it's a lost cause,  or if they can get rid of malware.  There is a chance it's not really some super encryption on it, but the malware makes it appear this way.  Or it could be more advanced and truly have them locked up.

Depending on your level it might be something you can handle.   It all depends I don't know your background.

And the third option is a computer repair service.  If you do one of these i give it a 90 percent chance they blow it away and reinstall windows.  So good that you have a safe computer again, but most likely lose data.

[philipma1957]

Frankly I would not trust the op.  He refused to meet with  danny h.  Strong chance he is looking to con someone to take a fake cc or paypal.

Also he could be a signature shill. Posting a topic to allow people in signature campaigns to post here with legit answers.

I won't post again.  And I do not believe him as he would not meet with danny h.

Also classic excuse I forgot to backup my files.  Feel sorry for him and send him a coin that he charges on his cc and good luck to you.