A user opened an email attachment and the following text message named DECRYPT_YOUR_FILES.txt opened,
All your documents, photos, databases and other important personal files
were encrypted using strong RSA-1024 algorithm with a unique key.
To restore your files you have to pay 0.5 BTC (bitcoins). To do this:
1. Create Bitcoin wallet here:
2. Buy 0.5 BTC with cash, using search here:
3. Send 0.5 BTC to this Bitcoin address:
4. Send any e-mail to:
After that you will recieve e-mail with detailed instructions how to restore your files.
Remember: nobody can help you except us. It is useless to reinstall Windows, rename files, etc.
Your files will be decrypted as quick as you make payment.
After finding out about the mishap I have done the following,
- removed PC from the network
- ran Symantec Endpoint Protection, Malwarebytes, and other scanners that I don't remember the names
- Malwarebytes found the following,
- Trojan.Agent.Gen HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|load
- PUM.Optional.UserWLoad HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|load
- Trojan.Agent HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|InterPowerAgent6
- Worm.AutoRun.Gen HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msnat5fef77ff
- Worm.AutoRun.Gen HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|msnat3cbf52cf
- The only mapped drive is to the users My Documents folder on a file server. There are network shares that I setup using the Windows 7 Add Network Location Wizard
- From what I can tell no files have been encrypted, but I'd still like some guidance
I would be happy to give more info if need be.
Thank you in advance!