ransom note

[sandaq]

A friend's of someone in my familly computer was hacked and encrypted with those pesky ransom software. They ask for 2BTC to decrypt the files on his computer. I said I'll sell him those 2 btc. He want me to send them directely to the ransome software address. Should I do that or should I ask him to install a wallet and send to him instead?

[7788bitcoin]

I thought ransomware usually attacks companies and not individuals... If the files in the computer are not that important, I suggest not to pay for the decryption- just format the harddisk.

It actually doesn't matter if you or them sending the bitcoins. Maybe need slightly more to cover the transaction fees (like 100bits per transaction)

[Hazir]

I thought ransomware usually attacks companies and not individuals... If the files in the computer are not that important, I suggest not to pay for the decryption- just format the harddisk.

It actually doesn't matter if you or them sending the bitcoins. Maybe need slightly more to cover the transaction fees (like 100bits per transaction)

I am victim of a ransomware attack and it infected my private laptop. So it is a myth that ransomware is only attacking companies.
But - there are various kinds of ransomwares I was dealing with CryptoWall, and as far as I can tell you can't recover data from this attack but I know that some cases you can actually recover from an attack.

Op, the most important fact - what type of ransomware infected your friend's machine?

[MingLee]

I thought ransomware usually attacks companies and not individuals... If the files in the computer are not that important, I suggest not to pay for the decryption- just format the harddisk.

It actually doesn't matter if you or them sending the bitcoins. Maybe need slightly more to cover the transaction fees (like 100bits per transaction)

I am victim of a ransomware attack and it infected my private laptop. So it is a myth that ransomware is only attacking companies.
But - there are various kinds of ransomwares I was dealing with CryptoWall, and as far as I can tell you can't recover data from this attack but I know that some cases you can actually recover from an attack.

Op, the most important fact - what type of ransomware infected your friend's machine?

Aside from the type of ransomeware, it is mostly a gamble as to whether or not the files will be decrypted. Most of the time they will be once the funds are sent, but occasionally they won't decrypt. A lot of this depends on the type of ransomware that infected your computer.

As for ransomware viruses attacking specific groups; they will infect anything they can find. Their purpose is to make money for the creator and not specifically harass anyone.

[~Bitcoin~]

2BTC is large money so if the files that got encrypted are not much of importance than i will suggest not to pay anything to hacker. And please suggest him to be carefull about his firewall and antivirus in future. And also there will be chance hacker will demand more after you pay him this 2BTC so better format computer fully and have strong firewall and antivirus in that computer.

[Lauda]

Unless the files are 'irreplaceable' as in extremely valuable (regardless whether it's monetary or sentimental value), I advise against paying them. These attacks would have stopped a long time ago if people did not pay and had created backups as they already should have. The primary lesson here is to have a minimum of 1 backup, although there are various backup plans (e.g. 3-2-1) that users should be familiar with. This becomes even more important when Bitcoin users are in question (e.g. wallet file could go corrupt).

As for ransomware viruses attacking specific groups; they will infect anything they can find. Their purpose is to make money for the creator and not specifically harass anyone.

The primary reason for which this ridiculous type of attack works is because people are ignorant and dumb when it comes to technology. A singular backup can easily make this kind of attack obsolete.

Should I do that or should I ask him to install a wallet and send to him instead?

It doesn't really matter for the end result. The people behind the malware don't care where the money is going to come from. Depending on the type of malware, it is possible to 'unlock' the system.

[sandaq]

Should I do that or should I ask him to install a wallet and send to him instead?

It doesn't really matter for the end result. The people behind the malware don't care where the money is going to come from.

There are three things I'm afraid of, first me getting assosiated with he ransom, which can be no problem if someone investigate, then I just show them the whatsup conversation I had with this familly frind. Second the ransom software will somehow learn who I am and will target me, and third that they won't release the encrypted files and this friend will say I didn't pay them (I guess this can be avoided by sending the friend to the blockchain to view the transaction).

[Lauda]

There are three things I'm afraid of, first me getting assosiated with he ransom, which can be no problem if someone investigate, then I just show them the whatsup conversation I had with this familly frind.

I don't think an outgoing transaction would get you in trouble, an incoming one may.

Second the ransom software will somehow learn who I am and will target me

Anyone with detect computer skills should be able to avoid this script-kiddie malware stuff online these days.

and third that they won't release the encrypted files and this friend will say I didn't pay them (I guess this can be avoided by sending the friend to the blockchain to view the transaction).

You have a fair point here. Get him to install Electrum or a similar SPV client. Additionally, I made a small edit that you didn't see:

Depending on the type of malware, it is possible to 'unlock' the system.

So what's the name on the ransom note?

[HatakeKakashi]

A friend's of someone in my familly computer was hacked and encrypted with those pesky ransom software. They ask for 2BTC to decrypt the files on his computer. I said I'll sell him those 2 btc. He want me to send them directely to the ransome software address. Should I do that or should I ask him to install a wallet and send to him instead?

Don't worry, you are safe when sending transactions. Also, please be safe with dealing online and tell your friend that there is something called "Cloud Storage". I think you need to buy a secure VPN, a good antivirus and run softwares in sandbox.

[ObscureBean]

He should send the BTC only if he's got important files on his computer that would be worth +$1200. That a lot of money, if he's got everything backed up elsewhere, he could simply wipe his HDD and reinstall the OS. But to answer your question, I think you definitely send the BTC to him first, you're dealing with your friend not the hackers.

[sandaq]

So what's the name on the ransom note?

zepto, it's a new version of locky

[Carlsen]

I would not pay that.
I think those 2 coins would be better invested if he bought himself a new computer and a few usb sticks to save the important data.
Or just format the hard drive and buy a new operating system.
The chances of getting his computer working again are minimal.

[Baby Rage]

Send the Btc to him. that way your conscience is clear if something goes wrong. You really dont want to be on the bad end of something like this. If he is buying the btc from you then send it to him.

[Lauda]

So what's the name on the ransom note?

zepto, it's a new version of locky

Interesting. After spending a small time researching, there seems to be information regarding the removal of the ransomware. According to some sources, it doesn't encrypt the original files but rather creates encrypted copies. I highly suggest reading up a lot on this matter on Google. A possible method for recovery here is the standard software used for recovery of the deleted files. I've also seen suggestions ranging from manual (e.g. booting into safe-mode and trying to get rid of it) to automated tools. That friend should consider the amount of valuable data stored on the computer and their exact location (depending on usage patterns this may be easy). You should try recovering these files, if successful a simple format would solve the problem and save a lot of money.

I would not pay that. I think those 2 coins would be better invested if he bought himself a new computer and a few usb sticks to save the important data.

Another useless post. How would the friend save important data on the USB sticks if it that is already encrypted/lost?

[Kprawn]

So what's the name on the ransom note?

zepto, it's a new version of locky

Interesting. After spending a small time researching, there seems to be information regarding the removal of the ransomware. According to some sources, it doesn't encrypt the original files but rather creates encrypted copies. I highly suggest reading up a lot on this matter on Google. A possible method for recovery here is the standard software used for recovery of the deleted files. I've also seen suggestions ranging from manual (e.g. booting into safe-mode and trying to get rid of it) to automated tools. That friend should consider the amount of valuable data stored on the computer and their exact location (depending on usage patterns this may be easy). You should try recovering these files, if successful a simple format would solve the problem and save a lot of money.

I would not pay that. I think those 2 coins would be better invested if he bought himself a new computer and a few usb sticks to save the important data.

Another useless post. How would the friend save important data on the USB sticks if it that is already encrypted/lost?

Most people are not familiar with the data recovery software out there and they would pay without thinking about other alternatives. Even if they knew about this software, they would pay someone

else to recover the data. Why risk doing the data recovery by yourself and then possibly losing everything? Before I do data recovery, I clone the disk with a docking station, and that way the original

source remains intact, just in case something goes wrong. 

[shorena]

So what's the name on the ransom note?

zepto, it's a new version of locky

Tell your friend to contact their support. They might be willing to lower the price. They have in the past and their ... "customer" support is excellent.

If you are afraid of any repercussions, write up a small statement and let your friend sign it. I dont think you have to worry about that though.

[Lauda]

Most people are not familiar with the data recovery software out there and they would pay without thinking about other alternatives.

I'd say that a good number of such software is as hard as using Microsoft Paint.

Even if they knew about this software, they would pay someone else to recover the data.

Which comes back to their ignorance and stupidity.

Why risk doing the data recovery by yourself and then possibly losing everything?

What risk? You won't kill your data with data recovery software.

Before I do data recovery, I clone the disk with a docking station, and that way the original source remains intact, just in case something goes wrong.  

I'd expect this to be too much for the people in question.

[immangrace]

I wouldn't pay any ransom unless I have something really valuable and important, also, backups should be made not only for this kind of attack, but in case of HDD failure, I usually burn DVDs with the important stuff I have, making more than one copy, I also keep some files on a 16 GB USB, or on my old 4 GB USB.

[calkob]

i wouldnt have anything to do with it and would help my friend get the BTC and let him sort it out, if anything goes wrong then it aint your fault.

[X7]

Not sure if I would get involved, but from a security stand point. Send him the BTC to a newly installed wallet or generated address (WHICH HE CONTROLS) and let him handle his own ransomware issue.