Ransomware and BTC

[BitAurum]

Use the money to buy some good anti virus plans for you and your wife, get a license for hitman pro and install hitman pro alert as well and finally put your wife through cyber security training so this won't happen again.

Paying these people is not the solution, it will just keep happening to people around the world when people fall for their demands.

@OP: IMO, This is the best solution for you if the files cannot be recovered.

There is no guarantee that the hacker will help you gain access to your data after you have paid them.

[ricreis394]

Hi. I’ve registered in your community in hope that you’ll help me. My problem is that my wife’s laptop is infected with Odin virus that has encrypted all files. And now it claims for 1.5 BTC for encryption. I tried different tools, antiviruses, guides etc. One thing that had helped me was ShadowExplorer (http://www.shadowexplorer.com/downloads.html) which I found in this site (http://myspybot.com/odin-virus/), and with a help of it I managed to decrypt little bit of files, but not very important.
So finally I decided to pay 1.5 BTC for encryption, but I don’t know how, where and when I can buy this crypto currency. So I hope that you can give me some advice's or provide with a link to a step-by-step guide on how to use BTC.
And last question – why can’t I pay with my dollar card? What is a reason for them to use Bitcoins? I don’t get it.

I'll chime in with others.

1, don't even bother paying this "ransom" you are just tossing out good $
2, use that $ and buy yourself another computer and try to safeguard it better, not downloading things and sites you visit, anti-virus, different passwords, all sorts of things I don't have the time to list
3, learn to remove the virus yourself/with help from online, malewarebyets is a pretty good site that helps people, I haven't been there in years, but know it exists
4, your computer is already compromised and any files will just compromise a new system.........don't even bother accept the loss, documents and photos should of been printed anyways and not just stored on a pc 

Lastly, sorry this happened to you.  Most people are just assholes and we have to learn how to swim among them.

as a cheaper solution, you don't even have to replace the computer, just the hard drive, those can be pretty cheap.  you may even have another older computer sitting around that has a hard drive you can use.  but, with a new hard drive in place, do not get skippy and try adding the infected drive after the fact and get your files, within seconds of adding that hard drive you will likely be right back here at square one

correct me if i am wrong but can't you just format the hard drive instead? it is not physically damaged. the files re just encrypted which you can format and start fresh with an empty HDD.

and to OP, i have seen some progress in breaking the encryption of some types of ransomeware on reddit. maybe you should check it out.

If the OP wants to recover his files, formatting doesn't solve the problem.
Remember that certain computers have valuable files, and that files can cost more than 1.5 BTC, probably OP is in that situation.
I heard reports that some people pays and is successful, but I believe it's a risk anyway.

[LoyceV]

Remember that certain computers have valuable files, and that files can cost more than 1.5 BTC, probably OP is in that situation.
I heard reports that some people pays and is successful, but I believe it's a risk anyway.

As far as I know, they even give good support after paying. It's their core business to make sure everybody knows paying gets you back your files, if they don't deliver, their business model fails.
I've even read about competing cyber criminals, it's big business!

Just a friendly reminder to everybody: make sure you have backups, and make sure your backups are not just on a disk that is connected to the computer.

[Wesarind]

Remember that certain computers have valuable files, and that files can cost more than 1.5 BTC, probably OP is in that situation.
I heard reports that some people pays and is successful, but I believe it's a risk anyway.

As far as I know, they even give good support after paying. It's their core business to make sure everybody knows paying gets you back your files, if they don't deliver, their business model fails.
I've even read about competing cyber criminals, it's big business!

Just a friendly reminder to everybody: make sure you have backups, and make sure your backups are not just on a disk that is connected to the computer.

Are these ransomware makes caught in the past. If so, they might contribute a lot of money to the governments due to the seizure.

[EnacDomains]

so has anyone been affected by this?

[morantis]

so has anyone been affected by this?

i had one pc that i played around with get it, beyond that no.  it was a crypto only pc, windows based, used only to download and run wallets.  one of those alt coin wallets had it attached, no big deal, daily the wallet.dat files synced to the cloud, so i grabbed the backups from the day before the install and only lost a handful of coins.  fast ass virus, lightning quick, none of this one little window here you can't explain, a pop up here that shouldn't be, nope one blink on the windows security notification and then bam, straight to the new shell.  i spent maybe ten minutes tinkering before a restart, just went past the cover threat window to the file directory.  explorer.exe had been changed and replaced a minute before, there was no backup of the original file that i could see. 

most of the files are not actually encrypted, it is key files that make it work.  most files are intact, but robocopy, copy, move, shell, regedit, and a dozen more are renamed and encrypted, something like regedit.mdlck. i did not have a ftp program installed, but i did wonder if that would have been a key, you can definitely get to the file system, just can't move anything.  you can tell that most files are untouched by their properties.  i thought a neat thing to do might be to install something like cuteftp.  after that, rename all the ftp exe's and confs to something else, doesn't matter, just in case odin looks for them.  make a copy of ipconfig and others and put them somewhere renamed.  so, then life goes on, you get hit with odin, pop into the file system and use the ftp command line functions, with network configs if needed and move your important files elsewhere, just a thought

[xht]

Unfortunately no one can help you to recover it just make this a learning and also remember, dont install untrusted software and definitely dont open weird emails download bad torrents or visit strange websites. Avoid PDF or doc files that could hold back doors.

[Decoded]

Unfortunately no one can help you to recover it just make this a learning and also remember, dont install untrusted software and definitely dont open weird emails download bad torrents or visit strange websites. Avoid PDF or doc files that could hold back doors.

Avoid any file for that matter.

If you are downloading something cryptographically signed, don't leave it for granted. Verify it.

Check if the website you are downloading files from is the real one

If someone sends you a link, hover your cursor into it. You will see where it will really lead you. If you don't recognise it, check on a redirection site to see if the url redirects you to a malicious site.

[veleten]

never ever pay to the parasites who spread ransomware!
there is 99.9% chance you will not hear from them after you have sent them money
they do not care about the integrity of your files,all they care for is to get your money
I read stories of people who paid them and didn't get the unlocker or the "code" or whatever to unlock the files,I have yet to hear a single one where you pay and you get your files decrypted

[ricreis394]

never ever pay to the parasites who spread ransomware!
there is 99.9% chance you will not hear from them after you have sent them money
they do not care about the integrity of your files,all they care for is to get your money
I read stories of people who paid them and didn't get the unlocker or the "code" or whatever to unlock the files,I have yet to hear a single one where you pay and you get your files decrypted

people that work behind that virus must be loyal to users, otherwise their clients (which are the victims) don't pay them because of the fear to lose the money for nothing.

[morantis]

never ever pay to the parasites who spread ransomware!
there is 99.9% chance you will not hear from them after you have sent them money
they do not care about the integrity of your files,all they care for is to get your money
I read stories of people who paid them and didn't get the unlocker or the "code" or whatever to unlock the files,I have yet to hear a single one where you pay and you get your files decrypted

people that work behind that virus must be loyal to users, otherwise their clients (which are the victims) don't pay them because of the fear to lose the money for nothing.

hell, i doubt the devs are anywhere near these guys.  It came out, was most likely sold a few times and used many times by the devs and after a few sales, it hit the darkweb and other markets.  Once the virus hit the media, I am sure the devs never touched it again.  And that is if they ever used it for profit, some of these guys are just trying for proof of concept.