Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New ransomware called Anti-Child Porn Spam Protection or ACCDFISA


  • Please log in to reply
325 replies to this topic

#316 jwatson

jwatson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 27 February 2014 - 06:12 AM

I have NOTHING in my inbox from you. I replied to someone called Ice and someone called Nelson Lopez.

 

So don't go calling me a liar when i have cooperated with everybody that has messaged me. That includes two mods on here.

 

So how about you get your facts right before calling me a liar?

 

Idiot.



BC AdBot (Login to Remove)

 


#317 soporte

soporte

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:www.arsenet.com
  • Local time:09:55 PM

Posted 27 February 2014 - 10:47 AM

Relax Jamie, the quote that I posted is a forwarding of the mail that I sent you :)



#318 jwatson

jwatson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 27 February 2014 - 11:04 AM

You called me a liar and now you edited the message.



#319 soporte

soporte

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:www.arsenet.com
  • Local time:09:55 PM

Posted 27 February 2014 - 11:23 AM

Yes, I edited my message, where's the problem? I called you a liar, and I retired. 

Anyway, I have shown you the proof that I have sent you the mail.

So, you know the solution to the accdfisa decryption?


Edited by soporte, 27 February 2014 - 11:26 AM.


#320 Eros11

Eros11

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 27 February 2014 - 11:32 AM

This is simple ladies and gentlemen.

Mr jwatson claims he has a solution to this virus but refuses to post it on the forum as he is so concerned that the real perpetrators might be reading this forum whilst raking in their millions. Obviously they would never dare pretend to be a helpless victim and email him themselves ( no-one would expect them to be smarter than jwatson of course ). Nor would anyone that has suffered from this virus think to email jwatson and then post it on here anyway... The fact remains that no solution has been presented for peer review and scrutiny which indicates that there is no such solution and thus we are dealing with a delinquent troll. 

 

*TIP* if you don't feed the troll... they die!!

 

Peace and Love!  :thumbup2: 

P.S. expect a retort that goes something like " Fine, Be like that, I wont give the solution, you can all just suffer, I was only trying to help, you all suck, you are bullies and smell funny" as apposed to " you are correct, here is the solution I was being foolish..... ~~~~~SOLUTION~~~~~ " 
 



#321 fragtion

fragtion

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:55 PM

Posted 27 February 2014 - 11:54 AM

There simply is no solution to this, unless you have the decryption keys

 

If you think people haven't already deeply examined their hard drives with every possible method, including desperate days spent doing raw/deep scans to try and locate these remnants of the files containing the essential decryption keys, then you are sorely mistaken

 

There is no easy fix for this apart form paying the hackers, and nobody should be doing that either anyway

 

Consider your data lost for good, but also lucky to at least have a working hard drive after a format

 

If you claim to posses some simple fix/solution (impossible.) and at the same ask users who want their data to contact you directly, the obvious logic here is that you want to repeat a similar ransom scam on people who are desperate to still recover their data (except they CERTAINLY won't get anything in return for paying you) because anyone who truly understands the nature of this attack will know that there is no simple solution otherwise. Now you know why your post got deleted, and no, I had no part in deleting it, only a good laugh at your purported claim to have a solution to it


Edited by fragtion, 27 February 2014 - 03:53 PM.


#322 jwatson

jwatson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 27 February 2014 - 01:27 PM

It relies on you have shadow copies enabled - if they were, you can retrieve data, pre them getting encrypted, if you haven't then no. (and before anyone says, no not everybody would know to do this, I am a very experienced IT professional and this didn't come to my mind immediately)

 

For example, virus hit us on Sunday, however I set our shadow copies to run Mon-Fri, twice per day, so i was able to get my data from Friday.

 

No real damage done.

 

I really don't appreciate comments made by some of you when all i'm actually trying to do is help people with possibly recovering some data they deemed lost.

Problem with forums is everyone expects the worst in people and I feel like why the hell should i bother doing this sort of thing anymore, if i get comments like this.

 

Yes it made have seemed like I was doing something "dodgy", but really people, don't think the worst of someone without actually knowing them.

 

 

So Eros & Fragition, what you got to say now? If i was such a troll, surely I wouldnt then post what I did to recover my data? I am certainly no fool, nor a junior, and this will be the last time I bother trying to help anybody with IT problems.


Edited by jwatson, 27 February 2014 - 01:30 PM.


#323 SmallSupport

SmallSupport

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:55 AM

Posted 27 February 2014 - 03:21 PM

Fragtion, Is basically correct. It's all gone move on and learn. 

 

JWatson, Your solution is not a real solution as most those caught out did not have adiquate backups. Realtime shadow or mirrored backups are of no use unless they are to an isolated backup set that does not get over written as soon as a file is altered. You need the encryption keys and the order in which they were applied. If you have secure backups then you don't bother worrying about recovery of the hard drive just format, reload and configure and restore data from backup whatever you lose between last good backup and the hack is bad luck.

 

Lesson make sure that you have either archival backups of data onto separate backup sets that disconnects once the back up is complete and cannot be accessed by the external culprits and don't use the default RDP port, use a more secure VPN or Citrics for a remote solution.

 

Time to move on as painful as it might be.



#324 jwatson

jwatson

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:55 PM

Posted 27 February 2014 - 06:37 PM

Fair enough, but like i said, some people may benefit from it - as far as im aware, the shadow copies on server 2003 is done on time intervals and not real time. Mine didn't backup externally or online and i was still able to access them, all unencrypted.



#325 Joe2209

Joe2209

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:55 PM

Posted 17 April 2014 - 05:31 PM

I can't seem to send a file off to Dr.Webb using that submission form.

 

It keeps asking me to enter a valid serial number.

 

PLEASE HELP!



#326 mhijazi

mhijazi

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:55 AM

Posted 28 October 2014 - 12:19 PM

Hello Guys,

 

Looks like this subject has been dead for a while now with no solution, i have fallen a victim for this as well previously.

i managed to find the website the exe file got downloaded from and i downloaded it and made it a .daattff so it doesnt run and ruin my PC again.

 

my question here, would it help if i share this, some one could reverse engineer this and find the name of the file that holds the random passwords per pc , before it gets deleted, this way we can all recover that specific file and find the password generated for the PC infected?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users