One of our clients recently got hit with this, and I thought I'd share what we know.
Hello there.I would like to tell you first I'm sorry about that. Your documents, files, database, most are in original places or some moved to your local data. If you want to regain access to your local disk, all your files, documents, etc please send 1 BTC (Bitcoin) to this address: 15W3WjTsvx6Ao1vj9DiiYGuSTKcPHcFDqS as fast as you can and email me at email@example.com If you dont know what bitcoin is, please ask me for bitcoin website that you can buy it fast or search on google for a local Bitcoin shop or ATM and transfer 1 BTC to this address: 15W3WjTsvx6Ao1vj9DiiYGuSTKcPHcFDqSIt's not my fault if you are trying to format disk and lose all. Here are only one way to get all back and regain access to your local hard disk drive and this way is to send 1 Bitcoin to this address: 15W3WjTsvx6Ao1vj9DiiYGuSTKcPHcFDqSIt's just business not trying to get your money and then to not give to you the bitlocker password. Waiting for your reply to my email address ( firstname.lastname@example.org or email@example.com if the gmail not work ) if you wanna get the bitlocker password.Please do not hesitate to contact me should you have any questions or concerns.Thanks for your time!
Unfortunately they don't rotate their backups and all data was lost as a result.
Here's the password we were given, I'm fairly certain he uses the same one throughout: =-0987654321!@#$%^&*()_++_)(*&^%$#@!
Hopefully this helps somebody.
Forgot to mention some important details. First off, it was just an image/text file with instructions that opened automatically. The drives were actually encrypted using bitlocker, set to require a password to unlock. Due to the fact they do not have an active directory that logs recovery keys for bitlocker there was no way to unlock the drive. The data essentially shut the business down until it was encrypted, as it was critical.
Edited by thefaftek, 13 July 2016 - 01:19 PM.