Wanna Cry new ? please help (cryptolocker Petya)

[AleSergio]

I think it is useless to try to do something to fight with this virus. Reinstall your windows if it doesnt work than yu can try to do smething with your bios system, but all the data will be deffinetly lost Unfortunatelly bitcoin transactions are invisible and fraud couldn`t be found =)

[BreathOfZen]

It seems pretty immature they cannot make unique address for each infection right? It would be much easier that way, then no communication would be necessary.

I would imagine having the infection calling back to a central server to get keys would be a big weakness, and if the program generated private keys they would have to be sent back to the center somehow.

[jekjekman]

A server without a antivirus and firewall, really? it is like making love with a prostitute with (you know). I am not being rude but it so careless and too confident at the same time.

Even me when I am with your situation and having a important files there I will be devastated, maybe face the consequences dude and pay that virus and hope to gain access again with your server.

[Weatherby]

The server is a laptop without antivirus and firewall.
All important information is stored on the server.

The main issue is here,no antivirus and firewall,majority of people try to reduce their expense without using them and they really do not understand the risk they are taking and the expense they have to encounter when something goes wrong,you have to hire a specialist to recover the files and restore the server ,there is no other way for these sort of mess.

[cellard]

Dude, what a beast. They already got their first Bitcoin from 8 victims.



https://bitref.com/1Mz7153HMuxXTuR2R1t78mGSdzaAtNbBWX

I don't know if after paying it actually works, I mean the virus is probably still there, and can attack any time.  Nothing is safe on the internet...

Two types of people who earn money: One makes antivirus, the other makes a virus

It's not that much, considering that they must have spent endless resources to pull such massive attacks... one starts to wonder how lucrative this is for the bad guys.

The fact that they are bothering to do this to get a couple BTCs I think shows that states and hackers in general are trying to amass as much BTC as possible they all know 1 BTC will be very valuable in the next decade so I expect more and more warfare like this with states attacking each other to steal as much as possible BTC from rivals, so keep your coins safe.

[squatz1]

The server is a laptop without antivirus and firewall.
All important information is stored on the server.

The firm should pay up the $300 ransom and hopefully they will get their data back. Then they should hire an IT guy who is able to set up a server that is not residing inside a laptop in the first place.

This is probably going to be your best bet as the $300 amount is pretty low in all honesty and if the encryption / hacker people aren't going to be dicks and would want to just give your stuff back once they've received payment then you should be all fine and dandy, though first you may want to see how much one of those data recovery people cost before going through with payment. I highly doubt that the recovery of the data is going to cost less than $300 though, so that's probably going to be your call on if you want to feed the virus and roll the dice or roll the dice with people who'll try to get your data back.

Good luck!

[CryptosapienZA]

My friend who works for an advertising agency in South Africa had the same message pop up in his machine

[NeuroticFish]

It seems pretty immature they cannot make unique address for each infection right? It would be much easier that way, then no communication would be necessary.

In my eyes this means that they don't really intend to recover the data if somebody is paying the ransom.
But I see a lot of desperate people thinking "let's pay and hopefully... ". Hopefully what? There are free programs that can protect the computers.
If I would make such ransomware I would not even bother to make an encryption that can be decrypted. One direction "encryption" is cheaper.

[OVOBTC]

This server should've been kept offline if you are storing allot of important data on it, since the risk of any of these or a malware is high.
Fixing this isn't something that can be done through guiding online, I suggest visiting a specialized Hardware store and asking about what can be done, and if the data can be extracted from the server or something like that.

[rickbig092]

Time constraints do not seem to exist.

Yes, it's business, but it's so small a company that they do not have a IT specialist.
Rare copies are rarely made.
I told them for a long time to buy a normal server and install a firewall.
Here it is the price of carelessness. Work completely stopped, all in shock

This is risky considering there is useful data in there, I seen allot about wanncry malware before and if the system isn't constrained with time or risk of deleting the data intentionally I would send this to a specialist (which is still cheaper than the ransom and more trustworthy, since the malware might not work and release the data even after paying).

[Eternu]

I am sorry to heard that there is still viruses like that. I am not sure if i can help. I would recommend for you to reinstall and delete all files from your personal computer, but problem is that you have information on it. Maybe you could contact some people from your government, because maybe you are not alone with that problem, and maybe they could help you solve it.

[boyptc]

The heck, I feel sorry about it man. But because your laptop doesn't have any protection such as antivirus and firewall, you were being penetrated easily by that ransom ware. Hate this people who doesn't want to work hard and just hostaging files of innocent people that are working very well. I have read somewhere about bypassing this but it's for wanna cry and I forgot that tutorial already, it should be found in google.

[Vianor21]

This virus can't be uncripted, no way to do that, even if someone pay them

[Kaller]

Oh no this is terrible. I hope this doesn't cause problems for bitcoin. It's on mainstream news here in the uk. But I think mostly Ukraine and Russia affected.

Doesn't anybody else think doing business with anyone from Ukraine is a red flag?
I wouldn't want to do any online transaction with them in receiving anything online like links, files or even pics from them.
There is a potential of getting this virus as it has not been contained yet with over 13,000 pc infected reported just yesterday.

[Russlenat]

Just reformat your laptop and install Operating System to erase that malware on your laptop, these is why some computer technician advice put your files on drive D for encase of trouble you just can reformat your drive C and your laptop is good as new again like nothing happen because your files is safe in drive D. Just ignore that ransomeware payment, and be sure to install antivirus and antimalware after finish installing OS.

[Betwrong]

This virus can't be uncripted, no way to do that, even if someone pay them

How do you know? Can you provide an evidence for your claim?

I found this info on how to protect your computer from the encryption:

For this particular malware outbreak, another line of defence has been discovered: “Petya” checks for a read-only file, C:\Windows\perfc.dat, and if it finds it, it won’t run the encryption side of the software.

Source: https://www.theguardian.com/technology/2017/jun/27/petya-ransomware-cyber-attack-who-what-why-how

I created perfc.dat in the C:\Windows\ just in case, but I'd like to see the comments from people who know better than me in this regard.

[doedz]

If this is an attack like ransomeware, you may be advised to report the case to the police. Before the virus was scattered with a wide computer network.
Especially for PC / Laptop that is still clean, immediately update your operating system and update antivirus.

[Lorilikes]

If you type the words "kill switch for wannacry ransomware" into google, you will find the repair command.  It is now public knowledge, hope this helps!
Good luck.

[Betwrong]

If you type the words "kill switch for wannacry ransomware" into google, you will find the repair command.  It is now public knowledge, hope this helps!
Good luck.

This is not wannacry OP's talking about. It's called Petya, or rather “NotPetya” as some researchers call it. This virus is more powerful then wannacry  was.

I found this peace of information that might be of help:

... according to a tweet from HackerFantastic, when the system goes in for a reboot on its own, the user should power off the computer rather than switch it on. This is because during the reboot the files are being encrypted, and if the computer is switched off during this period, the files remain safe, though still inaccessible.

Source:
http://indianexpress.com/article/technology/tech-news-technology/petya-ransomware-cyber-attack-not-wannacry-same-lock-and-demand-tactic-4726781/

[Kaller]

If you type the words "kill switch for wannacry ransomware" into google, you will find the repair command.  It is now public knowledge, hope this helps!
Good luck.

They had already reported there is no kill switch for this one.
This is a new strain and is a more sophisticated variant of the first version of the virus.

As more time passes a new and more powerful version of this virus will be created by more than just hackers. More than likely organized crime units and possibly the mafia in other countries will start using this when they realize they could somehow  make billions with this and topple governments with sort of software if engineered properly.