Bitcoin Forum
June 15, 2024, 08:45:59 PM *
News: Latest Bitcoin Core release: 27.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: ransom note  (Read 1008 times)
sandaq (OP)
Member
**
Offline Offline

Activity: 72
Merit: 11


View Profile WWW
August 02, 2016, 02:57:58 PM
 #1

A friend's of someone in my familly computer was hacked and encrypted with those pesky ransom software. They ask for 2BTC to decrypt the files on his computer. I said I'll sell him those 2 btc. He want me to send them directely to the ransome software address. Should I do that or should I ask him to install a wallet and send to him instead?

7788bitcoin
Legendary
*
Offline Offline

Activity: 2282
Merit: 1023


View Profile
August 02, 2016, 03:19:38 PM
 #2

I thought ransomware usually attacks companies and not individuals... If the files in the computer are not that important, I suggest not to pay for the decryption- just format the harddisk.

It actually doesn't matter if you or them sending the bitcoins. Maybe need slightly more to cover the transaction fees (like 100bits per transaction)
Hazir
Legendary
*
Offline Offline

Activity: 1596
Merit: 1005


★Nitrogensports.eu★


View Profile
August 02, 2016, 03:32:51 PM
 #3

I thought ransomware usually attacks companies and not individuals... If the files in the computer are not that important, I suggest not to pay for the decryption- just format the harddisk.

It actually doesn't matter if you or them sending the bitcoins. Maybe need slightly more to cover the transaction fees (like 100bits per transaction)
I am victim of a ransomware attack and it infected my private laptop. So it is a myth that ransomware is only attacking companies.
But - there are various kinds of ransomwares I was dealing with CryptoWall, and as far as I can tell you can't recover data from this attack but I know that some cases you can actually recover from an attack.

Op, the most important fact - what type of ransomware infected your friend's machine?


           █████████████████     ████████
          █████████████████     ████████
         █████████████████     ████████
        █████████████████     ████████
       ████████              ████████
      ████████              ████████
     ████████     ███████  ████████     ████████
    ████████     █████████████████     ████████
   ████████     █████████████████     ████████
  ████████     █████████████████     ████████
 ████████     █████████████████     ████████
████████     ████████  ███████     ████████
            ████████              ████████
           ████████              ████████
          ████████     █████████████████
         ████████     █████████████████
        ████████     █████████████████
       ████████     █████████████████
▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
▬▬ THE LARGEST & MOST TRUSTED ▬▬
      BITCOIN SPORTSBOOK     
   ▄▄
██
██
██
██
██
██
██
██
██
██     
██
██
             ▄▄▄▄▀▀▀▀▄
     ▄▄▄▄▀▀▀▀        ▀▄▄▄▄          
▄▀▀▀▀                 █   ▀▀▀▀▀▀▀▄▄
█                    ▀▄          █
 █   ▀▌     ██▄        █          █              
 ▀▄        ▐████▄       █        █
  █        ███████▄     ▀▄       █
   █      ▐████▄█████████████████████▄
   ▀▄     ███████▀                  ▀██
    █      ▀█████    ▄▄        ▄▄    ██
     █       ▀███   ████      ████   ██
     ▀▄        ██    ▀▀        ▀▀    ██
      █        ██        ▄██▄        ██
       █       ██        ▀██▀        ██
       ▀▄      ██    ▄▄        ▄▄    ██
        █      ██   ████      ████   ██
         █▄▄▄▄▀██    ▀▀        ▀▀    ██
               ██▄                  ▄██
                ▀████████████████████▀




  CASINO  ●  DICE  ●  POKER  
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
   24 hour Customer Support   

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
MingLee
Hero Member
*****
Offline Offline

Activity: 490
Merit: 520


View Profile
August 02, 2016, 03:40:03 PM
 #4

I thought ransomware usually attacks companies and not individuals... If the files in the computer are not that important, I suggest not to pay for the decryption- just format the harddisk.

It actually doesn't matter if you or them sending the bitcoins. Maybe need slightly more to cover the transaction fees (like 100bits per transaction)
I am victim of a ransomware attack and it infected my private laptop. So it is a myth that ransomware is only attacking companies.
But - there are various kinds of ransomwares I was dealing with CryptoWall, and as far as I can tell you can't recover data from this attack but I know that some cases you can actually recover from an attack.

Op, the most important fact - what type of ransomware infected your friend's machine?
Aside from the type of ransomeware, it is mostly a gamble as to whether or not the files will be decrypted. Most of the time they will be once the funds are sent, but occasionally they won't decrypt. A lot of this depends on the type of ransomware that infected your computer.

As for ransomware viruses attacking specific groups; they will infect anything they can find. Their purpose is to make money for the creator and not specifically harass anyone.
~Bitcoin~
Legendary
*
Offline Offline

Activity: 994
Merit: 1000



View Profile
August 02, 2016, 03:46:32 PM
 #5

2BTC is large money so if the files that got encrypted are not much of importance than i will suggest not to pay anything to hacker. And please suggest him to be carefull about his firewall and antivirus in future. And also there will be chance hacker will demand more after you pay him this 2BTC so better format computer fully and have strong firewall and antivirus in that computer.

Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
August 02, 2016, 03:47:25 PM
 #6

Unless the files are 'irreplaceable' as in extremely valuable (regardless whether it's monetary or sentimental value), I advise against paying them. These attacks would have stopped a long time ago if people did not pay and had created backups as they already should have. The primary lesson here is to have a minimum of 1 backup, although there are various backup plans (e.g. 3-2-1) that users should be familiar with. This becomes even more important when Bitcoin users are in question (e.g. wallet file could go corrupt).

As for ransomware viruses attacking specific groups; they will infect anything they can find. Their purpose is to make money for the creator and not specifically harass anyone.
The primary reason for which this ridiculous type of attack works is because people are ignorant and dumb when it comes to technology. A singular backup can easily make this kind of attack obsolete.

Should I do that or should I ask him to install a wallet and send to him instead?
It doesn't really matter for the end result. The people behind the malware don't care where the money is going to come from. Depending on the type of malware, it is possible to 'unlock' the system.

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
sandaq (OP)
Member
**
Offline Offline

Activity: 72
Merit: 11


View Profile WWW
August 02, 2016, 03:52:24 PM
 #7

Should I do that or should I ask him to install a wallet and send to him instead?
It doesn't really matter for the end result. The people behind the malware don't care where the money is going to come from.

There are three things I'm afraid of, first me getting assosiated with he ransom, which can be no problem if someone investigate, then I just show them the whatsup conversation I had with this familly frind. Second the ransom software will somehow learn who I am and will target me, and third that they won't release the encrypted files and this friend will say I didn't pay them (I guess this can be avoided by sending the friend to the blockchain to view the transaction).

Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
August 02, 2016, 03:55:16 PM
 #8

There are three things I'm afraid of, first me getting assosiated with he ransom, which can be no problem if someone investigate, then I just show them the whatsup conversation I had with this familly frind.
I don't think an outgoing transaction would get you in trouble, an incoming one may.

Second the ransom software will somehow learn who I am and will target me
Anyone with detect computer skills should be able to avoid this script-kiddie malware stuff online these days.

and third that they won't release the encrypted files and this friend will say I didn't pay them (I guess this can be avoided by sending the friend to the blockchain to view the transaction).
You have a fair point here. Get him to install Electrum or a similar SPV client. Additionally, I made a small edit that you didn't see:

Depending on the type of malware, it is possible to 'unlock' the system.
So what's the name on the ransom note?

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
HatakeKakashi
Hero Member
*****
Offline Offline

Activity: 1274
Merit: 513


View Profile
August 02, 2016, 04:02:01 PM
 #9

A friend's of someone in my familly computer was hacked and encrypted with those pesky ransom software. They ask for 2BTC to decrypt the files on his computer. I said I'll sell him those 2 btc. He want me to send them directely to the ransome software address. Should I do that or should I ask him to install a wallet and send to him instead?
Don't worry, you are safe when sending transactions. Also, please be safe with dealing online and tell your friend that there is something called "Cloud Storage". I think you need to buy a secure VPN, a good antivirus and run softwares in sandbox.

 
                                . ██████████.
                              .████████████████.
                           .██████████████████████.
                        -█████████████████████████████
                     .██████████████████████████████████.
                  -█████████████████████████████████████████
               -███████████████████████████████████████████████
           .-█████████████████████████████████████████████████████.
        .████████████████████████████████████████████████████████████
       .██████████████████████████████████████████████████████████████.
       .██████████████████████████████████████████████████████████████.
       ..████████████████████████████████████████████████████████████..
       .   .██████████████████████████████████████████████████████.
       .      .████████████████████████████████████████████████.

       .       .██████████████████████████████████████████████
       .    ██████████████████████████████████████████████████████
       .█████████████████████████████████████████████████████████████.
        .███████████████████████████████████████████████████████████
           .█████████████████████████████████████████████████████
              .████████████████████████████████████████████████
                   ████████████████████████████████████████
                      ██████████████████████████████████
                          ██████████████████████████
                             ████████████████████
                               ████████████████
                                   █████████
.YoBit AirDrop $.|.Get 700 YoDollars for Free!.🏆
ObscureBean
Legendary
*
Offline Offline

Activity: 1148
Merit: 1000


View Profile WWW
August 02, 2016, 04:15:55 PM
 #10

He should send the BTC only if he's got important files on his computer that would be worth +$1200. That a lot of money, if he's got everything backed up elsewhere, he could simply wipe his HDD and reinstall the OS. But to answer your question, I think you definitely send the BTC to him first, you're dealing with your friend not the hackers.
sandaq (OP)
Member
**
Offline Offline

Activity: 72
Merit: 11


View Profile WWW
August 02, 2016, 04:20:27 PM
 #11

So what's the name on the ransom note?

zepto, it's a new version of locky

Carlsen
Hero Member
*****
Offline Offline

Activity: 910
Merit: 501


View Profile
August 02, 2016, 04:20:52 PM
 #12

I would not pay that.
I think those 2 coins would be better invested if he bought himself a new computer and a few usb sticks to save the important data.
Or just format the hard drive and buy a new operating system.
The chances of getting his computer working again are minimal.

  It's me!!!
Baby Rage
Full Member
***
Offline Offline

Activity: 182
Merit: 100


Qtum • Value Transfer Protocol DAPP Platform


View Profile
August 02, 2016, 04:26:05 PM
 #13

Send the Btc to him. that way your conscience is clear if something goes wrong. You really dont want to be on the bad end of something like this. If he is buying the btc from you then send it to him.

▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ Qtum █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
●▬●▬●▬● First UTXO Based PoS Smart Contract and DAPP Platform ●▬●▬●▬●
▃▃▃▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▅▃▃▃
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
August 02, 2016, 04:34:18 PM
 #14

So what's the name on the ransom note?
zepto, it's a new version of locky
Interesting. After spending a small time researching, there seems to be information regarding the removal of the ransomware. According to some sources, it doesn't encrypt the original files but rather creates encrypted copies. I highly suggest reading up a lot on this matter on Google. A possible method for recovery here is the standard software used for recovery of the deleted files. I've also seen suggestions ranging from manual (e.g. booting into safe-mode and trying to get rid of it) to automated tools. That friend should consider the amount of valuable data stored on the computer and their exact location (depending on usage patterns this may be easy). You should try recovering these files, if successful a simple format would solve the problem and save a lot of money.

I would not pay that. I think those 2 coins would be better invested if he bought himself a new computer and a few usb sticks to save the important data.
Another useless post. How would the friend save important data on the USB sticks if it that is already encrypted/lost? Roll Eyes

"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
Kprawn
Legendary
*
Offline Offline

Activity: 1904
Merit: 1074


View Profile
August 02, 2016, 06:40:39 PM
 #15

So what's the name on the ransom note?
zepto, it's a new version of locky
Interesting. After spending a small time researching, there seems to be information regarding the removal of the ransomware. According to some sources, it doesn't encrypt the original files but rather creates encrypted copies. I highly suggest reading up a lot on this matter on Google. A possible method for recovery here is the standard software used for recovery of the deleted files. I've also seen suggestions ranging from manual (e.g. booting into safe-mode and trying to get rid of it) to automated tools. That friend should consider the amount of valuable data stored on the computer and their exact location (depending on usage patterns this may be easy). You should try recovering these files, if successful a simple format would solve the problem and save a lot of money.

I would not pay that. I think those 2 coins would be better invested if he bought himself a new computer and a few usb sticks to save the important data.
Another useless post. How would the friend save important data on the USB sticks if it that is already encrypted/lost? Roll Eyes

Most people are not familiar with the data recovery software out there and they would pay without thinking about other alternatives. Even if they knew about this software, they would pay someone

else to recover the data. Why risk doing the data recovery by yourself and then possibly losing everything? Before I do data recovery, I clone the disk with a docking station, and that way the original

source remains intact, just in case something goes wrong.  Grin

THE FIRST DECENTRALIZED & PLAYER-OWNED CASINO
.EARNBET..EARN BITCOIN: DIVIDENDS
FOR-LIFETIME & MUCH MORE.
. BET WITH: BTCETHEOSLTCBCHWAXXRPBNB
.JOIN US: GITLABTWITTERTELEGRAM
shorena
Copper Member
Legendary
*
Offline Offline

Activity: 1498
Merit: 1520


No I dont escrow anymore.


View Profile WWW
August 02, 2016, 06:53:16 PM
 #16

So what's the name on the ransom note?

zepto, it's a new version of locky

Tell your friend to contact their support. They might be willing to lower the price. They have in the past and their ... "customer" support is excellent.

If you are afraid of any repercussions, write up a small statement and let your friend sign it. I dont think you have to worry about that though.

Im not really here, its just your imagination.
Lauda
Legendary
*
Offline Offline

Activity: 2674
Merit: 2965


Terminated.


View Profile WWW
August 02, 2016, 07:57:28 PM
 #17

Most people are not familiar with the data recovery software out there and they would pay without thinking about other alternatives.
I'd say that a good number of such software is as hard as using Microsoft Paint.

Even if they knew about this software, they would pay someone else to recover the data.
Which comes back to their ignorance and stupidity.

Why risk doing the data recovery by yourself and then possibly losing everything?
What risk? You won't kill your data with data recovery software.

Before I do data recovery, I clone the disk with a docking station, and that way the original source remains intact, just in case something goes wrong.  Grin
I'd expect this to be too much for the people in question.


"The Times 03/Jan/2009 Chancellor on brink of second bailout for banks"
😼 Bitcoin Core (onion)
immangrace
Full Member
***
Offline Offline

Activity: 196
Merit: 100


View Profile
August 02, 2016, 08:09:13 PM
 #18

I wouldn't pay any ransom unless I have something really valuable and important, also, backups should be made not only for this kind of attack, but in case of HDD failure, I usually burn DVDs with the important stuff I have, making more than one copy, I also keep some files on a 16 GB USB, or on my old 4 GB USB.

calkob
Hero Member
*****
Offline Offline

Activity: 1092
Merit: 520


View Profile
August 02, 2016, 08:37:23 PM
 #19

i wouldnt have anything to do with it and would help my friend get the BTC and let him sort it out, if anything goes wrong then it aint your fault.
X7
Legendary
*
Offline Offline

Activity: 1162
Merit: 1009


Let he who is without sin cast the first stone


View Profile
August 03, 2016, 12:01:18 AM
 #20

Not sure if I would get involved, but from a security stand point. Send him the BTC to a newly installed wallet or generated address (WHICH HE CONTROLS) and let him handle his own ransomware issue.

For what shall it profit a man, if he shall gain the world, and lose his own soul?
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!