I got a call from a customer yesterday who had what appeared to be a corrupt database. They're running a version of my application that uses an Access database. Access databases are prone to corruption, and over the past 20 years I've built up an extensive bag of tricks for repairing them. But this one did not appear to be an Access database at all, but rather an encrypted file. It was the right size, but contained no plain text. Plain text would comprise the bulk of a normal database's contents, even one that's been corrupted. There was nothing in the file header to suggest it was, say, a zip or rar, an encrypted Access file, or any other common file type. 
 
I just heard back from the customer this morning and they've received a ransom email, demanding money to get their files back. This is a new one to me!
 
I've asked them to forward the email to me, but I haven't seen it yet. It supposedly contains a link to a website, so it'll be interesting to see where these creeps are located. Don't worry, I won't open the email, just examine the source.
 
Hopefully, they've been diligent with their backups, but it could still be months before they identify every file that's been corrupted.

Wow!  That's scary.  Good luck with sorting it out, Bit. 

My wife stumbled on some ransom ware while surfing midi sites for her robot hobby.

It took me most of a Saturday to rescue her lap top.

I hope she learned to keep the mse updated.

I had that happen about a month or so ago with my internet PC.
 
It just flagged up a weird legal looking page and a notice I had to
pay $300.00 to get control of my PC back!
 
I don't have a clue how it happened or what could happen...I just unplugged
it (so don't know if an email was received or not) and bought Win 8 and installed it.
I guess that took care of whatever happened because the only trouble I've had
is me learning how the hell Win 8 works....and don't like it at all...but it does seem
to operater faster when I can get it to do something :)
 
 

You can read about this here, and note that a Local Security policy fix can help prevent infection:
 
http://www.bleepingcomput...ransomware-information

Wow.

Welcome to the new world of computer ransomware. There's one that hit the 1st of last month called crytolocker that runs a background task that encrypts all your important files, seeks out all network and attached storage drives and does the same thing. Every file is encrypted using a different 2048 bit private key it gets from the hackers server. Once done it pops up the ransom message. 72 hours to use moneypak to pay $300 dollars or the private keys get deleted. I hope you get the severity of this. The files cannot be decrypted without the keys. You have to restore from backup. And the backup can't just be a networked drive, it has to be cold storage. I haven't been following it lately but a lot of businesses were paying the ransom and it was decrypt the files at that time.
 
It was being spread by email, like a message from Dunn & Bradstreet or BBB saying a complaint had been lodged against your company with the complaint attached.
 
Everyone in the business knew this was where it would end up someday. It's really a crying same.
 
Steve

I bet local authorities and others are aware of what is going on.
 

wow

spacey
I had that happen about a month or so ago with my internet PC.
 
It just flagged up a weird legal looking page and a notice I had to
pay $300.00 to get control of my PC back!
 
I don't have a clue how it happened or what could happen...I just unplugged
it (so don't know if an email was received or not) and bought Win 8 and installed it.
I guess that took care of whatever happened because the only trouble I've had
is me learning how the hell Win 8 works....and don't like it at all...but it does seem
to operater faster when I can get it to do something :)
 
 

yes, reinstalling or installing a new OS will almost always wipe out a virus.  the only ones it won't wipe out are the really bad ones which infect the BIOS.