Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All files have the Extention .LOL!


  • This topic is locked This topic is locked
1 reply to this topic

#1 thevoxhumana

thevoxhumana

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:52 AM

Posted 21 December 2015 - 04:51 PM

Looks like I am having an issue with some ransomware. All of my files on my NAS have a .LOL! extension. The NAS shared folders are networked to several computers, and I did have one system that seemed to be infected. There is also a note attached to all folders called "How to get Data", that reads as follows:

 

  JOKE
Hello boys and girls! Welcome to our high school "GPCODE"!
If you are reading this text (read this very carefully, if you can read), this means that you have missed a lesson about safety and YOUR PC HACKED !!! Dont worry guys - our school specially for you! The best teachers have the best recommendations in the world! Feedback from our students, you can read here:
1)http://forum.kaspersky.com 2)http://forum.drweb.com 3)http://forum.eset,com 4)www.forospyware.com                
As you see- we trust their training, only we have special equipment(cryptor.exe and decryptor.exe) and only here you will get an unforgettable knowledge!
The lesson costs not expensive. Calculate the time and money you spend on recovery. Time is very expensive, almost priceless.We think that it is cheaper to pay for the lesson and never repeat the mistakes.We guarantee delivery of educational benefits(decryptor.exe). First part(cryptor.exe) you have received :-)
                       SERIOUSLY
Your important files (photos, videos, documents, archives, databases, backups, etc.) which were crypted with the strongest military cipher RSA1024 and AES.No one can`t help you to restore files without our decoder. Photorec, RannohDecryptor etc repair tools are useless and can destroy your files irreversibly.
If you want to restore files - send e-mail to gpcode@gp2mail.com       with the file "how to get data.txt" and 1-2 encrypted files less than 5 MB. PLEASE USE PUBLIC MAIL LIKE YAHOO or GMAIL.
You will receive decrypted samples and our conditions how you`ll get the decoder. Follow the instructions to send payment.
P.S. Remember, we are not scammers. We don`t need your files. After one month all your files and keys will be deleted.Oops!Just send a request immediately after infection. All data will be restored absolutelly. Your warranty - decrypted samples and positive feedbacks from previous users.


====================
DAC06FAE7BC79E685F138863FBA4B181C65750F4245BBCCA714FFC5AE9860659
FBAD8435232DB93EC7E94A7466B6575228951D84636EFE42FC3E0BCBB90514DA
D4DF5617E490BA1360DBF000062989FFED2A4D4E0852AE1DA125EBEB50D8A6AA
B8D4A1A697EB5B10A34CB938BB3AC0B9AAEE784F16D69411CC0ECFB8C10C176E
155D5E5D305044D6CE5060BAB828C698C6C8747086302602E430EC7C484ECA89

 

It seems to be very rare or very new, because I can't find any info on it. Any help on making sure I am rid of the payload would be helpful.

Luckily I am backed up, but I want to make sure the data that is returned won't be encrypted.

Thanks a ton!

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:52 AM

Posted 21 December 2015 - 04:59 PM

This .LOL! ransomware infection appears to be related to Symantec's description of OMG! Trojan.Ransomcrypt.G which uses the same how to get data.txt file with a P.S. Remember, we are not scammers... and string of random characters at the end.

There is an ongoing discussion in this topic where you can ask questions and seek further assistance.Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of those topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users