Looks like I am having an issue with some ransomware. All of my files on my NAS have a .LOL! extension. The NAS shared folders are networked to several computers, and I did have one system that seemed to be infected. There is also a note attached to all folders called "How to get Data", that reads as follows:
Hello boys and girls! Welcome to our high school "GPCODE"!
If you are reading this text (read this very carefully, if you can read), this means that you have missed a lesson about safety and YOUR PC HACKED !!! Dont worry guys - our school specially for you! The best teachers have the best recommendations in the world! Feedback from our students, you can read here:
1)http://forum.kaspersky.com 2)http://forum.drweb.com 3)http://forum.eset,com 4)www.forospyware.com
As you see- we trust their training, only we have special equipment(cryptor.exe and decryptor.exe) and only here you will get an unforgettable knowledge!
The lesson costs not expensive. Calculate the time and money you spend on recovery. Time is very expensive, almost priceless.We think that it is cheaper to pay for the lesson and never repeat the mistakes.We guarantee delivery of educational benefits(decryptor.exe). First part(cryptor.exe) you have received :-)
Your important files (photos, videos, documents, archives, databases, backups, etc.) which were crypted with the strongest military cipher RSA1024 and AES.No one can`t help you to restore files without our decoder. Photorec, RannohDecryptor etc repair tools are useless and can destroy your files irreversibly.
If you want to restore files - send e-mail to email@example.com with the file "how to get data.txt" and 1-2 encrypted files less than 5 MB. PLEASE USE PUBLIC MAIL LIKE YAHOO or GMAIL.
You will receive decrypted samples and our conditions how you`ll get the decoder. Follow the instructions to send payment.
P.S. Remember, we are not scammers. We don`t need your files. After one month all your files and keys will be deleted.Oops!Just send a request immediately after infection. All data will be restored absolutelly. Your warranty - decrypted samples and positive feedbacks from previous users.
It seems to be very rare or very new, because I can't find any info on it. Any help on making sure I am rid of the payload would be helpful.
Luckily I am backed up, but I want to make sure the data that is returned won't be encrypted.
Thanks a ton!