Wanna Cry new ? please help (cryptolocker Petya)

[farsky]

Hello, guys !
Please help with in fighting the virus.

At the wife at work the server and other computers picked up a virus similar to WannaCry
(All except the wife's computer, to which I installed Comodo)

The server is a laptop without antivirus and firewall.
All important information is stored on the server.



Bitcoin address and email:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
wowsmith123456@posteo.net

[1714044760]

1714044760

[1714044760]

1714044760

[EXtremeAEX]

Oh my, that seems really serious. Is it just that the computers at your work are infected, or is this virus spreading throughout the country? We may not be able to help much in this but I think this is a serious issue and I suggest you to report this crime for investigation.

Depending on your country, you should call and ask for help/file a complaint. 

Is there a time limit to this?

[GreenBits]

Hello, guys !
Please help with in fighting the virus.

At the wife at work the server and other computers picked up a virus similar to WannaCry
(All except the wife's computer, to which I installed Comodo)

The server is a laptop without antivirus and firewall.
All important information is stored on the server.



Bitcoin address and email:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
wowsmith123456@posteo.net

Shit! Sorry to hear this man. Ransomware has been around for a while now, this may not be a WC variant as much as a predecessor. Pray it's an old one; some of the encryption has been broken on the oldest ones, and there may be a utility to help you recover your data.

If it's a business, they need to report this to the authorities, for the sake of investigation and liability. As for the terminals, it is unfortunate, but the data is most likely gone. Really hoping they were using back ups.

What are the IT guys saying, or, no ITs at this particular job? (May be a small company, but if they are all using terminals, somebody is fixing them).

[farsky]

Time constraints do not seem to exist.

Yes, it's business, but it's so small a company that they do not have a IT specialist.
Rare copies are rarely made.
I told them for a long time to buy a normal server and install a firewall.
Here it is the price of carelessness. Work completely stopped, all in shock

[Joel_Jantsen]

I told them for a long time to buy a normal server and install a firewall.
Here it is the price of carelessness. Work completely stopped, all in shock

You need to hurry up and seek professional help.
Have you tried contacting your anti-virus customer support ? Approached any computer security professionals yet ?
You can also get in touch with the dude who mitigated the last major ransomware attack.Look up for his information,you can find him on twitter.

[NeuroticFish]

Time constraints do not seem to exist.

Yes, it's business, but it's so small a company that they do not have a IT specialist.

They may have to hire a specialist; paying the ransom may not give their data back.

Make a copy/clone of the HDDs, in case anything goes wrong it'll reduce the risk to get the data deleted.
Research on ransomware / virus related forums, some older variants already have recipes the decrypt/recover the data.
All this needs some knowledge and a lot of time to research and try.

[YuginKadoya]

Hello, guys !
Please help with in fighting the virus.

At the wife at work the server and other computers picked up a virus similar to WannaCry
(All except the wife's computer, to which I installed Comodo)

The server is a laptop without antivirus and firewall.
All important information is stored on the server.



Bitcoin address and email:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
wowsmith123456@posteo.net

Shit! Sorry to hear this man. Ransomware has been around for a while now, this may not be a WC variant as much as a predecessor. Pray it's an old one; some of the encryption has been broken on the oldest ones, and there may be a utility to help you recover your data.

If it's a business, they need to report this to the authorities, for the sake of investigation and liability. As for the terminals, it is unfortunate, but the data is most likely gone. Really hoping they were using back ups.

What are the IT guys saying, or, no ITs at this particular job? (May be a small company, but if they are all using terminals, somebody is fixing them).

Yup this Ransomware thing is kinda spreading and victimizing companies that don't have proper securities or sometimes victimizing home desktop by locking and spreading their bitcoin wallet so the people would rather put up the sum that they want, well I think the best hackers can really debunk it but I don't know where to find one so good luck with that.

[farsky]

It seems that this is all over our country (Ukraine), large transport companies and banks are affected (I was told so, I can not confidently assert)

[EXtremeAEX]

Yes it looks like you are not the only one. Now I am starting to feel afraid too...


... Not sure whether I wanna laugh or I wanna cry...

So it seems like this is another ransomware attack, different soup, same ingredients, mostly likely a similar virus. Anyone have advice on what to do? (E.g. Backup files...)

The twitter page here is having a commotion there right now.
https://twitter.com/hashtag/petya

The best thing to do will be to wait for an official national announcement as you are not the only one. Hopefully someone will be able to solve this again.

[eternalgloom]

Do you remember from what file you got the virus? Anything you've opened that you shouldn't have?
Possibly some attachement from an e-mail or something?

If you're lucky, there are decryption key's available for that type of ransomware, but I can't identify it from that screenshot.

[cellard]

Hello, guys !
Please help with in fighting the virus.

At the wife at work the server and other computers picked up a virus similar to WannaCry
(All except the wife's computer, to which I installed Comodo)

The server is a laptop without antivirus and firewall.
All important information is stored on the server.



Bitcoin address and email:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
wowsmith123456@posteo.net

Oh boy. Are you from the eastern europe? It looks like a Wannacry variant is spreading fast in parts of Russia and Ukraine:

http://www.financemagnates.com/cryptocurrency/news/cyber-security-experts-say-bitcoin-ransomware-behind-attack-russia-ukraine/

Notice how the picture looks like yours and this other russian guy here:

Yes it looks like you are not the only one. Now I am starting to feel afraid too...


... Not sure whether I wanna laugh or I wanna cry...

So it seems like this is another ransomware attack, different soup, same ingredients, mostly likely a similar virus. Anyone have advice on what to do? (E.g. Backup files...)

The twitter page here is having a commotion there right now.
https://twitter.com/hashtag/petya

The best thing to do will be to wait for an official national announcement as you are not the only one. Hopefully someone will be able to solve this again.

A good reminder to backup your data immediately, starting by your bitcoin private keys. In fact, im going to do that right now.

[EXtremeAEX]

Dude, what a beast. They already got their first Bitcoin from 8 victims.



https://bitref.com/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX

I don't know if after paying it actually works, I mean the virus is probably still there, and can attack any time.  Nothing is safe on the internet...

Two types of people who earn money: One makes antivirus, the other makes a virus

[Kprawn]

Let this be a warning to everyone to make regular backups of ALL their data. DO NOT simply overwrite your previous backups with new backups,

because you may have to go back a few to get the data without the Ransomeware attached. I keep several sets of backups on DVD's of my most

precious files. I would not use external harddrives to backup my data, because these can be infected too. Large backups can be split over several

DVD's. 

[eternalgloom]

Yeah looks like this is another Wannacry variant, called 'Petya', it's a pretty big story on most mainstream news websites.

https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe
https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

Certainly don't pay, it's not likely that your files will get released.

[btctousd81]

does it actually encrypts the files or just threatens as a fake warning ?
i have never came in contact with infected machine.

try removing hdd and using it on another machine as  a secondary, even better use it on linux machine., if files are not already encrpted then get backup and do full system reinstall.

[Wendigo]

The server is a laptop without antivirus and firewall.
All important information is stored on the server.

The firm should pay up the $300 ransom and hopefully they will get their data back. Then they should hire an IT guy who is able to set up a server that is not residing inside a laptop in the first place.

[BreathOfZen]

Dumb question: if the attackers address is known couldn't their plans be ruined by dusting the address?

[Kaller]

They just send it there and then hide the sends under another address.
Most likely a mixer service address so not to be detected where they eventually end up.

[Welshmaiden]

Oh no this is terrible. I hope this doesn't cause problems for bitcoin. It's on mainstream news here in the uk. But I think mostly Ukraine and Russia affected.

[foodstamps]

It seems pretty immature they cannot make unique address for each infection right? It would be much easier that way, then no communication would be necessary.