I have helped out a large handful of people with ransomware by now.
Last night, someone contacted me asking for assistance with a program that I haven't seen before.
He does not know how he got infected, he just says he went to open an Excel file to update it and the program went to town encrypting his files and a screen popped up.
Here were the instructions:
Please see step #3
We're stuck here because this is not a valid bitcoin address. It seems as if the program was coded poorly and am afraid that we will not be able to recover the files before the timer expires.
I'm trying to help this gentleman over the phone, but he seems to be extremely computer illiterate, making it difficult for me to make inquiries as to what happened.
This is the most definitive explanation that I got:
The decrypt icon is the letter I sent you the instructions. The other 2 icon created a min later n.jpg file type crypted file size 16.3 KB I couldnt open and SWSC.pdf type crypted file size 166KB. Didnt know if I should try to open this file.
Digital security is not my profession, but I suggested that because his files are already encrypted, he opens the PDF file in hopes that it generates a correct bitcoin address.
Does anyone know what ransomware this might be?
Like I said, even over the phone, it's hard to probe for anymore information because of his computer experience limitations.
Edited by tunare, 16 December 2016 - 05:46 PM.