Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Dont PAY!!!!! you will fall for victim to an extortion, like me :-(

  • Please log in to reply
6 replies to this topic

#1 Dont_Pay


  • Members
  • 2 posts
  • Local time:05:14 PM

Posted 26 December 2016 - 08:44 AM

I had to share this story, and i believe if your dealing with this situation then READ this!


We were attacked by this virus a week ago, the hacker left us an @india.com email to reach out in order to get the keys.

we sent email, and he was quick to reply with his demand ".....send me only 4 bitcoins , and i'll provide you with the program which will unlock your files...".
we were happy, only $3k (in bitcoins) and this will all "go away"

So we sent the 4 bit coins (i was so stupid to fall for this,) as soon as i submitted payment, I emailed asking for the key, the hacker then replied, "......thank you for the 1ST payment, now please send us 75 bit coins"...." i course refused, then he replied with a link to an Online Counter Clock (see picture i took http://imgur.com/a/KVs3Y) and he gave us 24 hours to pay , and from this point the nightmare started :-(

The Hacker stated he has copies of every file, database and email on the network, as proof he sent us copies of files and screenshots entire mailboxes, and if will not meet his demands he will delete or post the files and email online (what ever he feels like)

We are in the medical business, and something like that will destroy us, we are now a victim of extortion, and there is no way out of this, not the FBI, local police or anybody can help now.

All i can say is DON'T PAY, don't communicate and you will be safe! i read posts here and people say, "..pay this hacker he is trustworthy, dont pay this one he is not..."), People!!! they are all criminals and they are all NOT to be trusted, the criminal will leverage this situation as much as he can, learn from my experience and you will be safe :-( , the biggest mistake i did was to email and communicate, try find other ways to resolve it.

don't make the same mistake i did.

John :-(

BC AdBot (Login to Remove)


#2 kudoscurd


  • Members
  • 3 posts
  • Local time:11:14 PM

Posted 26 December 2016 - 08:47 AM

Sorry to hear that - 

Thanks for sharing.



#3 shadow_647


  • Banned
  • 1,430 posts
  • Gender:Male
  • Local time:02:14 PM

Posted 26 December 2016 - 08:54 AM

More or less evil, tnx for sharing.

#4 xXToffeeXx


    Bleepin' Polar Bear

  • Malware Response Instructor
  • 6,086 posts
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:10:14 PM

Posted 26 December 2016 - 09:00 AM

What extension was added, any ransom note? 



~If I am helping you and you have not had a reply from me in two days, please send me a PM~


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here


 ~Twitter~ | ~Malware Analyst at Emsisoft~

#5 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,579 posts
  • Gender:Male
  • Location:USA
  • Local time:04:14 PM

Posted 26 December 2016 - 09:11 AM

The screenshot you shared looks alot like Jigsaw, which is decryptable. Can you share a few encrypted files?


You can try my JigsawDecrypter, it supports all found variants of Jigsaw. https://download.bleepingcomputer.com/demonslay335/JigSawDecrypter.zip

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#6 gluino


  • Members
  • 4 posts
  • Local time:06:14 AM

Posted 27 December 2016 - 12:58 AM

What extension was added, any ransom note? 



Hi Dont_Pay,

Thanks for sharing.

Please tell us more.  What Operating System was it? (Win7? Win10?)

How did you receive the virus?  Did it come as a .doc with macro, in an email?

#7 Amigo-A


  • Members
  • 607 posts
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:14 AM

Posted 30 December 2016 - 04:30 AM

Text in 'Ransom-note' like from fake encryptor M4N1F3STO Ransomware.
I have seen on hacker forums stylized version of Ransomware under Jigsaw. 
Frighten victims of Jigsaw is becoming popular.

Edited by Amigo-A, 30 December 2016 - 04:39 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users