Scam: intruder encrypts files, demands ransom

Wow!  That's scary.  Good luck with sorting it out, Bit. 

I had that happen about a month or so ago with my internet PC.
 
It just flagged up a weird legal looking page and a notice I had to
pay $300.00 to get control of my PC back!
 
I don't have a clue how it happened or what could happen...I just unplugged
it (so don't know if an email was received or not) and bought Win 8 and installed it.
I guess that took care of whatever happened because the only trouble I've had
is me learning how the hell Win 8 works....and don't like it at all...but it does seem
to operater faster when I can get it to do something :)
 
 

Wow.

I bet local authorities and others are aware of what is going on.
 

spacey
I had that happen about a month or so ago with my internet PC.
 
It just flagged up a weird legal looking page and a notice I had to
pay $300.00 to get control of my PC back!
 
I don't have a clue how it happened or what could happen...I just unplugged
it (so don't know if an email was received or not) and bought Win 8 and installed it.
I guess that took care of whatever happened because the only trouble I've had
is me learning how the hell Win 8 works....and don't like it at all...but it does seem
to operater faster when I can get it to do something :)
 
 

yes, reinstalling or installing a new OS will almost always wipe out a virus.  the only ones it won't wipe out are the really bad ones which infect the BIOS.

Thanks for that link, arachnaut. Lots of good information there.
 
I see that it attacks all sorts of data files, including Word documents and Excel spreadsheets. Even SQL Server data files, although I'd expect those to be a hard target since the server opens those files exclusively and I'd expect Windows would prevent them from being modified. Oddly, it does not target SQL Server backups, which is a very good thing. Most of my customers use SQL Server.
 
Luckily, my customer had backups and they're back up and running. However, if this was indeed the CryptoLocker virus it could still be lurking. 

Pretty crazy stuff!
 
I typically go through all the laptops around here ever couple/few months and take full backups to a dedicated-for-backups external drive.
Seems I need to take another batch of them this weekend.
 

Beagle

spacey
I had that happen about a month or so ago with my internet PC.
 
It just flagged up a weird legal looking page and a notice I had to
pay $300.00 to get control of my PC back!
 
I don't have a clue how it happened or what could happen...I just unplugged
it (so don't know if an email was received or not) and bought Win 8 and installed it.
I guess that took care of whatever happened because the only trouble I've had
is me learning how the hell Win 8 works....and don't like it at all...but it does seem
to operater faster when I can get it to do something :)
 
 

yes, reinstalling or installing a new OS will almost always wipe out a virus.  the only ones it won't wipe out are the really bad ones which infect the BIOS.

I don't have anything on the internet PC that I care about anyway....and that's why. All I lost was email addresses and time.
If it got one that hit the BIOS...I'd toss it in the trash easy enough. Internet PC doesn't have to be worth much of nothing anyway.
The DAW PC goes on-line only to update music programs.
 

From what I read, you have to intentionally click on a zipped file or active link in an email. The emails generally go to businesses stating that FedEx, UPS, or some other delivery service attempted delivery of a package and that the address they had on you failed.....  and you should click the zipped file for information on how to get the package....
 
I've actually gotten a number of them (the emails of this sort) but since I am aware of the virus threat and I know when I'm expecting a UPS delivery AND that UPS, FedEx and the others all have my address.... I ignore and delete the emails..... I also warn my family and friends about stuff like this....
 
The main thing to remember..... don't click on things out of curiosity.... and think twice before you click on things that look legit. Take a few minutes and make a phone call to verify. Another email that was going around was related to problems with your credit card account, bank account, and other financial accounts.  Same deal... zipped file in the attachments....
 
Pick up the phone and verify before you click....as it turned out, the bank in this case asked me to forward the email to their security dept so they could trace it.

Same with me Mike. I was searching for something...don't remember what but probably
something to do with guitar tools or wood and Bam, there it was.

 This is the first I have heard of this one. Hope you get it sorted Bit.
 
   I have been under the impression that opening and looking at an email isn't harmful AS LONG AS YOU DON'T OPEN ATTACHMENTS OR CLICK LINKS OF ANY KIND. Sorry for the emphasis, I'm not yelling. Maybe this isn't correct. Maybe some emails are dangerous even to look at. If so this would be a new one for me. 
 
 

 That's good to know jbow. Hey how are you hanging in there? Are you in the band?

dmbaer

jbow
This sounds like a job for Black Ops... IMO. People like this need to be squashed like bugs.

Or how about NSA?  Shouldn't all our tax dollars paying for those massive computer resources and communication facilities actually be used for something that helps the taxpayers?

They better stick to listening to phone calls...they've put on a pretty good show demonstrating their computer skills.

Wow Just sat down with my coffee and ventured back in to see what was up in the Old Coffee House.
 
Ive seen similar high jacking here in our area going on but it is being done through the use of telephone calls
They called me and forgot to turn on their cell phones Number Blocker/Private Setting
I just happen to have a spare computer with nothing on it other than the OS
 so I plugged it in to the Internet and called them back
When they answered it sounded like a party going on in the back ground with punks hooping and hollering.
After chatting for a minute, they fell right into my plan of walking through it.
I forget the site they gave me but as soon as I got in, they had complete control of this computer. 
LMAO The first thing he asked was "Where is all the stuff on this computer?"  (Hard not to laugh and keep my cool)
He then said if I buy the Upgrade to Windows, their company can Unlock all the files and the OS will return to working again.
I let him go through his sales pitch while I through all kinds of questions bothering him and he was very pushy on trying to get credit card info from me so he could apply his fix to the computer   :D
 
After getting bored with messing with him, I reached down and unplugged the computer
He was fast to ask where the computer went  LOL  I told him I didn't know-It JUST DIED 
 
I then stated that it wasn't a big deal, Id just dump it all, reload the OS and start from scratch.
WOW he freaked and started going on and on about why I needed to buy his fix so I didn't loose anything.  I said "Theres nothing on this computer to save, its just Windows and that's it"  LOL
 
So yup, after getting bored messing with him, I hung up.
He called right back after turning on his phones Private Settings.  I didn't answer
I then tried to call back to say-  This is the FBIs Cyber Division and we are outside the house.  Unfortunately I couldn't get a call back to him  DANG IT   LOL
 
And I was really starting to enjoy messing with the crook
 
According to my Caller ID they are in Las Vegas

mike_mccue
It sure seems like it should be easy to figure out who spends the ransom money.

My thoughts exactly. You'd think that as soon as you try to convert your scam into cash your anonymity is blown. But I guess the NSA has more important things to do, like intercepting the chancellor of Germany's pizza orders...maybe those priorities will change when some senator's list of campaign contributors gets hijacked.