Ransom demanded from an attacker

[doublemore]

I hope a trend hasn't started where people start demanding bitcoin for all criminal attacks or could that be good for the market price hmmm ? Conclusion, bitcoin is going to change the world.

[zPanda]

Crypto Lockers are definitely easy to remove.

[K.A.T]

I think there was a Vulnerability  in RDP at that time where the attacker was scanning possible open systems....

[K.A.T]

Reply from BTC-e 

Дoбpый дeнь

Этoгo aдpeca y нac нeт.



good afternoon

It addresses we have.


 

[ChugoBoss]

Hello,

We were also attacked by this person, the virus was identified and disabled, but is was too late. Did your brother recover his files after paying the ransom?

[mayax]

Install a good antivirus(it cost you up to 60 usd per year) if you really want to be protected and back up your daily/weekly.

[Kakmakr]

Install a good antivirus(it cost you up to 60 usd per year) if you really want to be protected and back up your daily/weekly.

The AV will not stop a hacker, if he has remote access to your computer or server via a backdoor. They will exploit that and just encrypt your data. We used to do that in a class room environment at school <many years ago> and we used a simply encryption in Pkzip. <Just backup and password protect the zip file and delete the data>

It was mostly for fun to get some extra food for lunch. The data was usually homework that was done by the students. We got caught and we got a massive hiding, which ended our hacking extortion scheme and cut off our extra food.   

[NorrisK]

Reply from BTC-e 

Дoбpый дeнь

Этoгo aдpeca y нac нeт.



good afternoon

It addresses we have.


 

If this is true, try presenting them with the proof that the funds were acquired after hacking. If you are lucky they will freeze the account and possibly even return the coins to you


Doesn't hurt to try at least.

[RustyNoman]

I hope a trend hasn't started where people start demanding bitcoin for all criminal attacks or could that be good for the market price hmmm ? Conclusion, bitcoin is going to change the world.

When Monero becomes popular in the near future, the attackers will demand Monero payment. That is more anonymous than bitcoin.

[enhu]

I hope a trend hasn't started where people start demanding bitcoin for all criminal attacks or could that be good for the market price hmmm ? Conclusion, bitcoin is going to change the world.

When Monero becomes popular in the near future, the attackers will demand Monero payment. That is more anonymous than bitcoin.

Sure it will be one of their option in the future. they need no bitmixer to simply avoid tracking.
Information the OP's brother trying to cover must be very private, must be worth paying the ransom for it could get him in trouble lol

[HardFlaccid]

This is for my brother.. who has noting to do with Bitcoins... He had to pay to get his business data. 

Bitstamp just confirmed that non of their users use this email address.... which most probably is for Multibit or something like that...

Why the hell would the guy use the same email to ask for ransom and to register in an exchange?

i`m sorry for your loss, btw

[jugador]

Hi all.

Just to share, we received the reply from the attacker as shown below.

Waiting for my brother to check and decrypt. I don't know if this works or not.



---------- Forwarded message ----------
From: Jack Williams <mushelps@gmail.com>
Date: 2015-11-07 18:12 GMT+03:00
Subject: Re: Fwd: Email
To:

Hello!

Do you have process in the memory called lsassw86s.exe ? If yes , kill process lsassw86s.exe first.
Also delete c:\windows\system32\lsassw86s.exe file.

Now you can run decrypt tool.

1st Decrypt password: 145C7C3F238B235F36C19125854FC9A77A6K7)CIAu4wCUBc407T2(E3B43vEQ4q8R9I1g5b7kB*9fDzE3EwEa1+8i5N4F8)Dt4v712QB=5d0q8i0k
2st Decrypt password: 21063857F60263D5921FFD2CB9B24E569(C54l6sDI9u1v4d7C2p7dA(BDCICSCv9FCl98744MEy8&BO7p7VASEo2@EXCODQCf619-DU6gCa4q9E0u
3st Decrypt password: quu*A**$$quu*V$uLFquu*V$uLF


Decryption tool (password for the archive: 123 ):

https://www.sendspace.com/file/ex2rs1

Download it and unpack to any folder. Also program require administrative rules (use administrator account).

Run decrypt.exe .

Copy paste 1st Decrypt password, 2st Decrypt password and 3st Decrypt passwords in decrypt tool 3 fields.

If you have not stop our software - use decryption tool, because the tool will stop our software before decrypting the files.

This is very important to stop our software service (and dont delete any files in ProgramData folder before stop) because your decrypted
files may will be encrypted again.

p.s. when you will start decrypt tool it would seem as if the program hanging, but everything is fine, just wait for the message about
successful completion of decrypting and dont touch decrypt window with your mouse.

If you have any questions or troubles in decrypting feel free to contact me .


Thank You!

So does this mean they put 3 layers of cryptography around your data??

It's pretty impressive

[lumeire]

Install a good antivirus(it cost you up to 60 usd per year) if you really want to be protected and back up your daily/weekly.

The AV will not stop a hacker, if he has remote access to your computer or server via a backdoor. They will exploit that and just encrypt your data. We used to do that in a class room environment at school <many years ago> and we used a simply encryption in Pkzip. <Just backup and password protect the zip file and delete the data>

It was mostly for fun to get some extra food for lunch. The data was usually homework that was done by the students. We got caught and we got a massive hiding, which ended our hacking extortion scheme and cut off our extra food.   

Any tips to prevent this from happening to us, that is, aside from not downloading crap received from emails?