farsky (OP)
|
|
June 27, 2017, 12:14:49 PM Last edit: June 27, 2017, 04:07:03 PM by farsky |
|
Hello, guys ! Please help with in fighting the virus.At the wife at work the server and other computers picked up a virus similar to WannaCry (All except the wife's computer, to which I installed Comodo) The server is a laptop without antivirus and firewall. All important information is stored on the server. Bitcoin address and email: 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX wowsmith123456@posteo.net
|
Rus fascists: Goran_, mp3.Maniac, Xommy, ivan1975, lovesmayfamilis, Excimer, leonello, Snork1979, be.open, K210, Azrieli.
|
|
|
EXtremeAEX
|
|
June 27, 2017, 12:24:51 PM |
|
Oh my, that seems really serious. Is it just that the computers at your work are infected, or is this virus spreading throughout the country? We may not be able to help much in this but I think this is a serious issue and I suggest you to report this crime for investigation. Depending on your country, you should call and ask for help/file a complaint. Is there a time limit to this?
|
|
|
|
GreenBits
Legendary
Offline
Activity: 1148
Merit: 1048
|
|
June 27, 2017, 12:27:51 PM |
|
Hello, guys ! Please help with in fighting the virus.At the wife at work the server and other computers picked up a virus similar to WannaCry (All except the wife's computer, to which I installed Comodo) The server is a laptop without antivirus and firewall. All important information is stored on the server. Bitcoin address and email: 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX wowsmith123456@posteo.netShit! Sorry to hear this man. Ransomware has been around for a while now, this may not be a WC variant as much as a predecessor. Pray it's an old one; some of the encryption has been broken on the oldest ones, and there may be a utility to help you recover your data. If it's a business, they need to report this to the authorities, for the sake of investigation and liability. As for the terminals, it is unfortunate, but the data is most likely gone. Really hoping they were using back ups. What are the IT guys saying, or, no ITs at this particular job? (May be a small company, but if they are all using terminals, somebody is fixing them).
|
|
|
|
farsky (OP)
|
|
June 27, 2017, 01:00:13 PM |
|
Time constraints do not seem to exist.
Yes, it's business, but it's so small a company that they do not have a IT specialist. Rare copies are rarely made. I told them for a long time to buy a normal server and install a firewall. Here it is the price of carelessness. Work completely stopped, all in shock
|
Rus fascists: Goran_, mp3.Maniac, Xommy, ivan1975, lovesmayfamilis, Excimer, leonello, Snork1979, be.open, K210, Azrieli.
|
|
|
Joel_Jantsen
Legendary
Offline
Activity: 1988
Merit: 1317
Get your game girl
|
|
June 27, 2017, 01:08:33 PM |
|
I told them for a long time to buy a normal server and install a firewall. Here it is the price of carelessness. Work completely stopped, all in shock
You need to hurry up and seek professional help. Have you tried contacting your anti-virus customer support ? Approached any computer security professionals yet ? You can also get in touch with the dude who mitigated the last major ransomware attack.Look up for his information,you can find him on twitter.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3808
Merit: 6522
Looking for campaign manager? Contact icopress!
|
|
June 27, 2017, 01:16:15 PM |
|
Time constraints do not seem to exist.
Yes, it's business, but it's so small a company that they do not have a IT specialist.
They may have to hire a specialist; paying the ransom may not give their data back. Make a copy/clone of the HDDs, in case anything goes wrong it'll reduce the risk to get the data deleted. Research on ransomware / virus related forums, some older variants already have recipes the decrypt/recover the data. All this needs some knowledge and a lot of time to research and try.
|
|
|
|
YuginKadoya
Legendary
Offline
Activity: 3038
Merit: 1169
|
|
June 27, 2017, 01:30:57 PM |
|
Hello, guys ! Please help with in fighting the virus.At the wife at work the server and other computers picked up a virus similar to WannaCry (All except the wife's computer, to which I installed Comodo) The server is a laptop without antivirus and firewall. All important information is stored on the server. Bitcoin address and email: 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX wowsmith123456@posteo.netShit! Sorry to hear this man. Ransomware has been around for a while now, this may not be a WC variant as much as a predecessor. Pray it's an old one; some of the encryption has been broken on the oldest ones, and there may be a utility to help you recover your data. If it's a business, they need to report this to the authorities, for the sake of investigation and liability. As for the terminals, it is unfortunate, but the data is most likely gone. Really hoping they were using back ups. What are the IT guys saying, or, no ITs at this particular job? (May be a small company, but if they are all using terminals, somebody is fixing them). Yup this Ransomware thing is kinda spreading and victimizing companies that don't have proper securities or sometimes victimizing home desktop by locking and spreading their bitcoin wallet so the people would rather put up the sum that they want, well I think the best hackers can really debunk it but I don't know where to find one so good luck with that.
|
|
|
|
farsky (OP)
|
|
June 27, 2017, 01:36:24 PM |
|
It seems that this is all over our country (Ukraine), large transport companies and banks are affected (I was told so, I can not confidently assert)
|
Rus fascists: Goran_, mp3.Maniac, Xommy, ivan1975, lovesmayfamilis, Excimer, leonello, Snork1979, be.open, K210, Azrieli.
|
|
|
EXtremeAEX
|
|
June 27, 2017, 02:05:53 PM |
|
Yes it looks like you are not the only one. Now I am starting to feel afraid too... ... Not sure whether I wanna laugh or I wanna cry... So it seems like this is another ransomware attack, different soup, same ingredients, mostly likely a similar virus. Anyone have advice on what to do? (E.g. Backup files...) The twitter page here is having a commotion there right now. https://twitter.com/hashtag/petyaThe best thing to do will be to wait for an official national announcement as you are not the only one. Hopefully someone will be able to solve this again.
|
|
|
|
eternalgloom
Legendary
Offline
Activity: 1792
Merit: 1283
|
|
June 27, 2017, 02:07:12 PM |
|
Do you remember from what file you got the virus? Anything you've opened that you shouldn't have? Possibly some attachement from an e-mail or something?
If you're lucky, there are decryption key's available for that type of ransomware, but I can't identify it from that screenshot.
|
|
|
|
cellard
Legendary
Offline
Activity: 1372
Merit: 1252
|
|
June 27, 2017, 02:22:05 PM |
|
Hello, guys ! Please help with in fighting the virus.At the wife at work the server and other computers picked up a virus similar to WannaCry (All except the wife's computer, to which I installed Comodo) The server is a laptop without antivirus and firewall. All important information is stored on the server. Bitcoin address and email: 1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX wowsmith123456@posteo.netOh boy. Are you from the eastern europe? It looks like a Wannacry variant is spreading fast in parts of Russia and Ukraine: http://www.financemagnates.com/cryptocurrency/news/cyber-security-experts-say-bitcoin-ransomware-behind-attack-russia-ukraine/Notice how the picture looks like yours and this other russian guy here: Yes it looks like you are not the only one. Now I am starting to feel afraid too... ... Not sure whether I wanna laugh or I wanna cry... So it seems like this is another ransomware attack, different soup, same ingredients, mostly likely a similar virus. Anyone have advice on what to do? (E.g. Backup files...) The twitter page here is having a commotion there right now. https://twitter.com/hashtag/petyaThe best thing to do will be to wait for an official national announcement as you are not the only one. Hopefully someone will be able to solve this again. A good reminder to backup your data immediately, starting by your bitcoin private keys. In fact, im going to do that right now.
|
|
|
|
EXtremeAEX
|
|
June 27, 2017, 02:53:14 PM |
|
Dude, what a beast. They already got their first Bitcoin from 8 victims. https://bitref.com/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWXI don't know if after paying it actually works, I mean the virus is probably still there, and can attack any time. Nothing is safe on the internet... Two types of people who earn money: One makes antivirus, the other makes a virus
|
|
|
|
Kprawn
Legendary
Offline
Activity: 1904
Merit: 1074
|
|
June 27, 2017, 03:13:33 PM |
|
Let this be a warning to everyone to make regular backups of ALL their data. DO NOT simply overwrite your previous backups with new backups, because you may have to go back a few to get the data without the Ransomeware attached. I keep several sets of backups on DVD's of my most precious files. I would not use external harddrives to backup my data, because these can be infected too. Large backups can be split over several DVD's.
|
|
|
|
eternalgloom
Legendary
Offline
Activity: 1792
Merit: 1283
|
|
June 27, 2017, 03:19:02 PM |
|
|
|
|
|
btctousd81
|
|
June 27, 2017, 04:13:24 PM |
|
does it actually encrypts the files or just threatens as a fake warning ? i have never came in contact with infected machine.
try removing hdd and using it on another machine as a secondary, even better use it on linux machine., if files are not already encrpted then get backup and do full system reinstall.
|
|
|
|
Wendigo
Legendary
Offline
Activity: 2604
Merit: 1036
|
|
June 27, 2017, 04:39:16 PM |
|
The server is a laptop without antivirus and firewall. All important information is stored on the server. The firm should pay up the $300 ransom and hopefully they will get their data back. Then they should hire an IT guy who is able to set up a server that is not residing inside a laptop in the first place.
|
|
|
|
BreathOfZen
|
|
June 27, 2017, 04:53:28 PM |
|
Dumb question: if the attackers address is known couldn't their plans be ruined by dusting the address?
|
Aoeui Artifacts
|
|
|
Kaller
|
|
June 27, 2017, 04:57:00 PM |
|
They just send it there and then hide the sends under another address. Most likely a mixer service address so not to be detected where they eventually end up.
|
|
|
|
Welshmaiden
Newbie
Offline
Activity: 38
Merit: 0
|
|
June 27, 2017, 06:18:29 PM |
|
Oh no this is terrible. I hope this doesn't cause problems for bitcoin. It's on mainstream news here in the uk. But I think mostly Ukraine and Russia affected.
|
|
|
|
foodstamps
|
|
June 27, 2017, 06:21:18 PM |
|
It seems pretty immature they cannot make unique address for each infection right? It would be much easier that way, then no communication would be necessary.
|
|
|
|
|