Bitcoin Forum
August 21, 2019, 01:56:21 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: [1] 2 3 »  All
  Print  
Author Topic: Wanna Cry new ? please help (cryptolocker Petya)  (Read 1688 times)
farsky
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 631



View Profile
June 27, 2017, 12:14:49 PM
Last edit: June 27, 2017, 04:07:03 PM by farsky
 #1

Hello, guys !
Please help with in fighting the virus.

At the wife at work the server and other computers picked up a virus similar to WannaCry
(All except the wife's computer, to which I installed Comodo)

The server is a laptop without antivirus and firewall.
All important information is stored on the server.



Bitcoin address and email:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
wowsmith123456@posteo.net


     ██                         ██
     ██                         ██
     ██         ▄█████▄         ██
     ██        ▄█▀   ▀█▄        ██
     ██▄       ██     ██       ▄██
      ▀███▄    ██     ██    ▄███▀
         ▀███▄██       ██▄███▀
            ▀██         ██▀


▄████████████             ████████████▄
██         ██             ██         ██
██        ▐█▌             ▐█▌        ██
██    ▄▄████▌             ▐████▄▄    ██
██   ██▀   ██             ██   ▀██   ██
██    ██    ██▄         ▄██    ██    ██
██    ██     ▀██▄▄   ▄▄██▀     ██    ██
       ██      ▀▀█████▀▀      ██
       ██                     ██
        ██                   ██
   
kriptotrackers
   
   
|
   
|


           ▄▄█▄▄   ▄
█▄        ████████▀▄
███      █████████▀
▐███▄    ████████▌
▄▄█████▄▄▄███████▌
  ▀█████████████
  ▄▄██████████▀
    ▄████████▀
▀▀████████▀
    ▀▀▀
 

    ▄█▀▀ ▄▄▄▄▄▄ ▀▀█▄
   ▐█▄████████████▄█▌
  ▐██████████████████▌
  █████▀▀▀████▀▀▀█████
 █████     ██     █████
▐██████▄▄▄████▄▄▄██████▌
 ████▄▀▀▀██████▀▀▀▄████
  ▀▀████        ████▀▀
      ▀▀        ▀▀
   
 

█▀▀▀▀▀▀██▄
█      █ ▀█▄
█      █   ▀█
█      ▀▀▀▀▀█
█           █
█           █
█           █
█           █
█▄▄▄▄▄▄▄▄▄▄▄█
1566352581
Hero Member
*
Offline Offline

Posts: 1566352581

View Profile Personal Message (Offline)

Ignore
1566352581
Reply with quote  #2

1566352581
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566352581
Hero Member
*
Offline Offline

Posts: 1566352581

View Profile Personal Message (Offline)

Ignore
1566352581
Reply with quote  #2

1566352581
Report to moderator
1566352581
Hero Member
*
Offline Offline

Posts: 1566352581

View Profile Personal Message (Offline)

Ignore
1566352581
Reply with quote  #2

1566352581
Report to moderator
EXtremeAEX
Hero Member
*****
Offline Offline

Activity: 784
Merit: 503



View Profile
June 27, 2017, 12:24:51 PM
 #2

Oh my, that seems really serious. Is it just that the computers at your work are infected, or is this virus spreading throughout the country? We may not be able to help much in this but I think this is a serious issue and I suggest you to report this crime for investigation.

Depending on your country, you should call and ask for help/file a complaint.  Lips sealed Undecided

Is there a time limit to this? Huh


                         ███████
                      ████    ████
                      ███       ███
                      ███       ███
                       ████   ███
                         ███████
               
         
        ██████████████                ██████████████
     ███████████████████         ████████████████████
   ███████████████████████████████████████████████████
 ████████████    ██████████████████████████    █████████
███████████                                     ███████                                 
████████████    ██████████████████████████    █████████ 
   █████████████████████████████████████████████████
        ███████████████              ███████████
                                     
      ██████████████                ██████████████
     ███████████████████         ████████████████████
   ███████████████████████████████████████████████████
 ████████████    ██████████████████████████    █████████
███████████                                     ███████                                 
████████████    ██████████████████████████    █████████ 
   █████████████████████████████████████████████████
        ███████████████              ███████████
AUDITCHAIN
.
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀
.



.
.


.
READ OUR WHITEPAPER
.
YouTubeRedditLinkedInInstagramMedium
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
GreenBits
Legendary
*
Offline Offline

Activity: 1148
Merit: 1048



View Profile
June 27, 2017, 12:27:51 PM
 #3

Hello, guys !
Please help with in fighting the virus.

At the wife at work the server and other computers picked up a virus similar to WannaCry
(All except the wife's computer, to which I installed Comodo)

The server is a laptop without antivirus and firewall.
All important information is stored on the server.



Bitcoin address and email:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
wowsmith123456@posteo.net


Shit! Sorry to hear this man. Ransomware has been around for a while now, this may not be a WC variant as much as a predecessor. Pray it's an old one; some of the encryption has been broken on the oldest ones, and there may be a utility to help you recover your data.

If it's a business, they need to report this to the authorities, for the sake of investigation and liability. As for the terminals, it is unfortunate, but the data is most likely gone. Really hoping they were using back ups.

What are the IT guys saying, or, no ITs at this particular job? (May be a small company, but if they are all using terminals, somebody is fixing them).
farsky
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 631



View Profile
June 27, 2017, 01:00:13 PM
 #4

Time constraints do not seem to exist.

Yes, it's business, but it's so small a company that they do not have a IT specialist.
Rare copies are rarely made.
I told them for a long time to buy a normal server and install a firewall.
Here it is the price of carelessness. Work completely stopped, all in shock


     ██                         ██
     ██                         ██
     ██         ▄█████▄         ██
     ██        ▄█▀   ▀█▄        ██
     ██▄       ██     ██       ▄██
      ▀███▄    ██     ██    ▄███▀
         ▀███▄██       ██▄███▀
            ▀██         ██▀


▄████████████             ████████████▄
██         ██             ██         ██
██        ▐█▌             ▐█▌        ██
██    ▄▄████▌             ▐████▄▄    ██
██   ██▀   ██             ██   ▀██   ██
██    ██    ██▄         ▄██    ██    ██
██    ██     ▀██▄▄   ▄▄██▀     ██    ██
       ██      ▀▀█████▀▀      ██
       ██                     ██
        ██                   ██
   
kriptotrackers
   
   
|
   
|


           ▄▄█▄▄   ▄
█▄        ████████▀▄
███      █████████▀
▐███▄    ████████▌
▄▄█████▄▄▄███████▌
  ▀█████████████
  ▄▄██████████▀
    ▄████████▀
▀▀████████▀
    ▀▀▀
 

    ▄█▀▀ ▄▄▄▄▄▄ ▀▀█▄
   ▐█▄████████████▄█▌
  ▐██████████████████▌
  █████▀▀▀████▀▀▀█████
 █████     ██     █████
▐██████▄▄▄████▄▄▄██████▌
 ████▄▀▀▀██████▀▀▀▄████
  ▀▀████        ████▀▀
      ▀▀        ▀▀
   
 

█▀▀▀▀▀▀██▄
█      █ ▀█▄
█      █   ▀█
█      ▀▀▀▀▀█
█           █
█           █
█           █
█           █
█▄▄▄▄▄▄▄▄▄▄▄█
Joel_Jantsen
Legendary
*
Offline Offline

Activity: 1302
Merit: 1234


Can I merit you with some Flags? 🚩


View Profile
June 27, 2017, 01:08:33 PM
 #5

I told them for a long time to buy a normal server and install a firewall.
Here it is the price of carelessness. Work completely stopped, all in shock
You need to hurry up and seek professional help.
Have you tried contacting your anti-virus customer support ? Approached any computer security professionals yet ?
You can also get in touch with the dude who mitigated the last major ransomware attack.Look up for his information,you can find him on twitter.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
NeuroticFish
Legendary
*
Offline Offline

Activity: 1946
Merit: 1276


There are no mistakes. Only opportunities wasted.


View Profile
June 27, 2017, 01:16:15 PM
 #6

Time constraints do not seem to exist.

Yes, it's business, but it's so small a company that they do not have a IT specialist.

They may have to hire a specialist; paying the ransom may not give their data back.

Make a copy/clone of the HDDs, in case anything goes wrong it'll reduce the risk to get the data deleted.
Research on ransomware / virus related forums, some older variants already have recipes the decrypt/recover the data.
All this needs some knowledge and a lot of time to research and try.

YuginKadoya
Legendary
*
Offline Offline

Activity: 1414
Merit: 1023


View Profile
June 27, 2017, 01:30:57 PM
 #7

Hello, guys !
Please help with in fighting the virus.

At the wife at work the server and other computers picked up a virus similar to WannaCry
(All except the wife's computer, to which I installed Comodo)

The server is a laptop without antivirus and firewall.
All important information is stored on the server.



Bitcoin address and email:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
wowsmith123456@posteo.net


Shit! Sorry to hear this man. Ransomware has been around for a while now, this may not be a WC variant as much as a predecessor. Pray it's an old one; some of the encryption has been broken on the oldest ones, and there may be a utility to help you recover your data.

If it's a business, they need to report this to the authorities, for the sake of investigation and liability. As for the terminals, it is unfortunate, but the data is most likely gone. Really hoping they were using back ups.

What are the IT guys saying, or, no ITs at this particular job? (May be a small company, but if they are all using terminals, somebody is fixing them).

Yup this Ransomware thing is kinda spreading and victimizing companies that don't have proper securities or sometimes victimizing home desktop by locking and spreading their bitcoin wallet so the people would rather put up the sum that they want, well I think the best hackers can really debunk it but I don't know where to find one so good luck with that.
farsky
Hero Member
*****
Offline Offline

Activity: 1022
Merit: 631



View Profile
June 27, 2017, 01:36:24 PM
 #8

It seems that this is all over our country (Ukraine), large transport companies and banks are affected (I was told so, I can not confidently assert)


     ██                         ██
     ██                         ██
     ██         ▄█████▄         ██
     ██        ▄█▀   ▀█▄        ██
     ██▄       ██     ██       ▄██
      ▀███▄    ██     ██    ▄███▀
         ▀███▄██       ██▄███▀
            ▀██         ██▀


▄████████████             ████████████▄
██         ██             ██         ██
██        ▐█▌             ▐█▌        ██
██    ▄▄████▌             ▐████▄▄    ██
██   ██▀   ██             ██   ▀██   ██
██    ██    ██▄         ▄██    ██    ██
██    ██     ▀██▄▄   ▄▄██▀     ██    ██
       ██      ▀▀█████▀▀      ██
       ██                     ██
        ██                   ██
   
kriptotrackers
   
   
|
   
|


           ▄▄█▄▄   ▄
█▄        ████████▀▄
███      █████████▀
▐███▄    ████████▌
▄▄█████▄▄▄███████▌
  ▀█████████████
  ▄▄██████████▀
    ▄████████▀
▀▀████████▀
    ▀▀▀
 

    ▄█▀▀ ▄▄▄▄▄▄ ▀▀█▄
   ▐█▄████████████▄█▌
  ▐██████████████████▌
  █████▀▀▀████▀▀▀█████
 █████     ██     █████
▐██████▄▄▄████▄▄▄██████▌
 ████▄▀▀▀██████▀▀▀▄████
  ▀▀████        ████▀▀
      ▀▀        ▀▀
   
 

█▀▀▀▀▀▀██▄
█      █ ▀█▄
█      █   ▀█
█      ▀▀▀▀▀█
█           █
█           █
█           █
█           █
█▄▄▄▄▄▄▄▄▄▄▄█
EXtremeAEX
Hero Member
*****
Offline Offline

Activity: 784
Merit: 503



View Profile
June 27, 2017, 02:05:53 PM
 #9

Yes it looks like you are not the only one. Now I am starting to feel afraid too...


... Not sure whether I wanna laugh or I wanna cry...

So it seems like this is another ransomware attack, different soup, same ingredients, mostly likely a similar virus. Anyone have advice on what to do? (E.g. Backup files...)

The twitter page here is having a commotion there right now.
https://twitter.com/hashtag/petya

The best thing to do will be to wait for an official national announcement as you are not the only one. Hopefully someone will be able to solve this again.


                         ███████
                      ████    ████
                      ███       ███
                      ███       ███
                       ████   ███
                         ███████
               
         
        ██████████████                ██████████████
     ███████████████████         ████████████████████
   ███████████████████████████████████████████████████
 ████████████    ██████████████████████████    █████████
███████████                                     ███████                                 
████████████    ██████████████████████████    █████████ 
   █████████████████████████████████████████████████
        ███████████████              ███████████
                                     
      ██████████████                ██████████████
     ███████████████████         ████████████████████
   ███████████████████████████████████████████████████
 ████████████    ██████████████████████████    █████████
███████████                                     ███████                                 
████████████    ██████████████████████████    █████████ 
   █████████████████████████████████████████████████
        ███████████████              ███████████
AUDITCHAIN
.
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀
.



.
.


.
READ OUR WHITEPAPER
.
YouTubeRedditLinkedInInstagramMedium
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
eternalgloom
Legendary
*
Offline Offline

Activity: 1680
Merit: 1222



View Profile WWW
June 27, 2017, 02:07:12 PM
 #10

Do you remember from what file you got the virus? Anything you've opened that you shouldn't have?
Possibly some attachement from an e-mail or something?

If you're lucky, there are decryption key's available for that type of ransomware, but I can't identify it from that screenshot.

cellard
Legendary
*
Offline Offline

Activity: 1372
Merit: 1210


View Profile
June 27, 2017, 02:22:05 PM
 #11

Hello, guys !
Please help with in fighting the virus.

At the wife at work the server and other computers picked up a virus similar to WannaCry
(All except the wife's computer, to which I installed Comodo)

The server is a laptop without antivirus and firewall.
All important information is stored on the server.



Bitcoin address and email:
1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX
wowsmith123456@posteo.net


Oh boy. Are you from the eastern europe? It looks like a Wannacry variant is spreading fast in parts of Russia and Ukraine:

http://www.financemagnates.com/cryptocurrency/news/cyber-security-experts-say-bitcoin-ransomware-behind-attack-russia-ukraine/

Notice how the picture looks like yours and this other russian guy here:



Yes it looks like you are not the only one. Now I am starting to feel afraid too...


... Not sure whether I wanna laugh or I wanna cry...

So it seems like this is another ransomware attack, different soup, same ingredients, mostly likely a similar virus. Anyone have advice on what to do? (E.g. Backup files...)

The twitter page here is having a commotion there right now.
https://twitter.com/hashtag/petya

The best thing to do will be to wait for an official national announcement as you are not the only one. Hopefully someone will be able to solve this again.


A good reminder to backup your data immediately, starting by your bitcoin private keys. In fact, im going to do that right now.
EXtremeAEX
Hero Member
*****
Offline Offline

Activity: 784
Merit: 503



View Profile
June 27, 2017, 02:53:14 PM
 #12

Dude, what a beast. They already got their first Bitcoin from 8 victims.



https://bitref.com/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX

I don't know if after paying it actually works, I mean the virus is probably still there, and can attack any time.  Undecided Nothing is safe on the internet... Sad

Quote
Two types of people who earn money: One makes antivirus, the other makes a virus


                         ███████
                      ████    ████
                      ███       ███
                      ███       ███
                       ████   ███
                         ███████
               
         
        ██████████████                ██████████████
     ███████████████████         ████████████████████
   ███████████████████████████████████████████████████
 ████████████    ██████████████████████████    █████████
███████████                                     ███████                                 
████████████    ██████████████████████████    █████████ 
   █████████████████████████████████████████████████
        ███████████████              ███████████
                                     
      ██████████████                ██████████████
     ███████████████████         ████████████████████
   ███████████████████████████████████████████████████
 ████████████    ██████████████████████████    █████████
███████████                                     ███████                                 
████████████    ██████████████████████████    █████████ 
   █████████████████████████████████████████████████
        ███████████████              ███████████
AUDITCHAIN
.
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   ▀▀▀▀▀▀▀▀
.



.
.


.
READ OUR WHITEPAPER
.
YouTubeRedditLinkedInInstagramMedium
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
Kprawn
Legendary
*
Offline Offline

Activity: 1750
Merit: 1058


View Profile
June 27, 2017, 03:13:33 PM
 #13

Let this be a warning to everyone to make regular backups of ALL their data. DO NOT simply overwrite your previous backups with new backups,

because you may have to go back a few to get the data without the Ransomeware attached. I keep several sets of backups on DVD's of my most

precious files. I would not use external harddrives to backup my data, because these can be infected too. Large backups can be split over several

DVD's.  Wink

freebitcoin.TO WIN A  LAMBORGHINI!..

.
                                ▄▄▄▄▄▄▄▄▄▄███████████▄▄▄▄▄
                    ▄▄▄▄▄██████████████████████████████████▄▄▄▄
                    ▀██████████████████████████████████████████████▄▄▄
                    ▄▄████▄█████▄████████████████████████████▄█████▄████▄▄
                    ▀████████▀▀▀████████████████████████████████▀▀▀██████████▄
                      ▀▀▀████▄▄▄███████████████████████████████▄▄▄██████████
                           ▀█████▀  ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀  ▀█████▀▀▀▀▀▀▀▀▀▀
                   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
eternalgloom
Legendary
*
Offline Offline

Activity: 1680
Merit: 1222



View Profile WWW
June 27, 2017, 03:19:02 PM
 #14

Yeah looks like this is another Wannacry variant, called 'Petya', it's a pretty big story on most mainstream news websites.

https://www.theguardian.com/world/2017/jun/27/petya-ransomware-attack-strikes-companies-across-europe
https://www.bleepingcomputer.com/news/security/wannacry-d-j-vu-petya-ransomware-outbreak-wreaking-havoc-across-the-globe/

Certainly don't pay, it's not likely that your files will get released.

btctousd81
Sr. Member
****
Offline Offline

Activity: 420
Merit: 256


View Profile WWW
June 27, 2017, 04:13:24 PM
 #15

does it actually encrypts the files or just threatens as a fake warning ?
i have never came in contact with infected machine.

try removing hdd and using it on another machine as  a secondary, even better use it on linux machine., if files are not already encrpted then get backup and do full system reinstall.

Wendigo
Legendary
*
Offline Offline

Activity: 2114
Merit: 1031



View Profile
June 27, 2017, 04:39:16 PM
 #16

Quote
The server is a laptop without antivirus and firewall.
All important information is stored on the server.

The firm should pay up the $300 ransom and hopefully they will get their data back. Then they should hire an IT guy who is able to set up a server that is not residing inside a laptop in the first place.
BreathOfZen
Full Member
***
Offline Offline

Activity: 140
Merit: 100


View Profile
June 27, 2017, 04:53:28 PM
 #17

Dumb question: if the attackers address is known couldn't their plans be ruined by dusting the address?

Aoeui Artifacts
Kaller
Hero Member
*****
Offline Offline

Activity: 747
Merit: 501

★YoBit.Net★ 1400+ Coins Exchange


View Profile
June 27, 2017, 04:57:00 PM
 #18

They just send it there and then hide the sends under another address.
Most likely a mixer service address so not to be detected where they eventually end up.
Welshmaiden
Newbie
*
Offline Offline

Activity: 38
Merit: 0


View Profile
June 27, 2017, 06:18:29 PM
 #19

Oh no this is terrible. I hope this doesn't cause problems for bitcoin. It's on mainstream news here in the uk. But I think mostly Ukraine and Russia affected.
foodstamps
Hero Member
*****
Offline Offline

Activity: 938
Merit: 502



View Profile
June 27, 2017, 06:21:18 PM
 #20

It seems pretty immature they cannot make unique address for each infection right? It would be much easier that way, then no communication would be necessary.
Pages: [1] 2 3 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!