EDIT: Mods please move this. I realize I posted this in the wrong thread.
I am new to the forum, but been a long time user of some of the tools from bleeping comp and I must say- they are among the best AV and security related tools.
A client of mine from work, had been attacked recently( about 3 weeks ago ) and asked my assistance with this. We could not restore the data(shadow copies were not available and on top of that, the drive was 97% full(!), so Recuva/Testdisk+Photorec wasn't really much help then). Since it's important data, I have suggested they pay the ransom. Unfortunately, they took more than a week before informing me initially.
The problem is- it seems the URL is no longer valid. Below is the ransom note( I've hashed out the id ). If anyone can assist in any way with this, I would really be grateful!
$$*|*_+$ !!! IMPORTANT INFORMATION !!!! All of your files are encrypted with RSA-2048 and AES-128 ciphers. More information about the RSA and AES can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem) http://en.wikipedia.org/wiki/Advanced_Encryption_Standard Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server. To receive your private key follow one of the links: 1. http://25z5g623wpqpdwis.tor2web.org/XXXXXXXXXXXXXXXX 2. http://25z5g623wpqpdwis.onion.to/XXXXXXXXXXXXXXXX 3. http://25z5g623wpqpdwis.onion.cab/XXXXXXXXXXXXXXXX If all of this addresses are not available, follow these steps: 1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html 2. After a successful installation, run the browser and wait for initialization. 3. Type in the address bar: 25z5g623wpqpdwis.onion/XXXXXXXXXXXXXXXX 4. Follow the instructions on the site. !!! Your personal identification ID: XXXXXXXXXXXXXXXX !!! |*$-**=_=$~*~-|=_ +-~$$**__+-|~._ _++.*-_--- -- Thank you Helmuth
Edited by hkisting, 08 June 2016 - 03:09 AM.