I've recently had a client who looks like they got hit with a Ransomware virus but it did not change the file extensions. It simply makes them unable to open the file (says it is corrupted).
There is a readme file in the folders that are infected with instructions on how to pay for the decryption key.
I also cannot find the source PC that caused the infection. I have checked all the PCs that were on when the infection took place and see no evidence that an infection ever occured. Maybe they are getting smarter and not infecting local machines and only network drives?
Anyone else run into anything similar yet?
"what happened to your files?
All your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: wikipedia page about cryptosystem.
How did this happen?
!!! Specifically for your PC was generated personal RSA4096 key, both public and private
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of a private key and decrypt program, which is on our Secret Server
what do i do?
So, there are two ways you can choose: wait for a _miracle_ and get your PRICE DOUBLED, or start obtaining BITCOIN now! and restore your data easy!
If you have really valuable DATA, you better not WASTE YOUR TIME, because there is no other way to get your files except make a payment
Your personal ID: (It lists ID)
For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
Gives websites (removed)
If for some reasons the addresses are not availablweropie, follow these steps:
Gives instructions to download tor-browser and get to webpage.
Edited by Tech83, 11 August 2016 - 09:35 AM.