Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

btc2018@qq.com, marat20@cock.li, marat20@tutanota.com


  • Please log in to reply
3 replies to this topic

#1 F-D-E-C

F-D-E-C

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 14 May 2018 - 12:09 PM

NEVER PAY ANYTHING TO THESE HACKERS:

 

btc2018@qq.com

marat20@cock.li

marat20@tutanota.com

 

THEY WERE ONLY COMMUNICATING UNTIL WE PAID THEM.

WE HAVE NEVER RECEIVED ANY DECODER FROM THEM!


Edited by hamluis, 14 May 2018 - 12:46 PM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:38 AM

Posted 14 May 2018 - 03:41 PM

Most security experts will advise against paying the ransom demands of the malware writers because doing so only helps to finance their criminal enterprise and keep them in business. One of the reasons that folks get infected is because someone before them paid the bad guys to decrypt their data. The more people that pay the ransom, the more cyber-criminals are encouraged to keep creating ransomware for financial gain. Further, there is never a guarantee that paying the ransom will actually result in the restoration (decryption) of your files.

Some ransomware victims have reported they paid the ransom and were successful in decrypting their data. Other victims have reported paying the ransom only to discover the criminals wanted more money...demanding additional payments with threats the data would be destroyed or exposed. Still others have reported they paid but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the decryption software and/or key they received did not work, resulted in errors and in some cases caused damage to the files. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all and decryption of very large files may be unsuccessful even with the criminal's decyption tool. In some cases victims may actually be dealing with scam ransomware where the malware writers have no intention or capability of decrypting files after the ransom is paid.

Keep all this in mind if you are considering paying the ransom since there is never a guarantee decryption will be successful or that the decrypter provided by the cyber-criminals will work as they claim...and using a faulty or incorrect decryptor may damage or corrupt the files even further. The criminals may even send you something containing more malware...so why should you trust anything provided by those who infected you in the first place.

With all that said, a survey included in the Telstra Security Report 2018 indicates that four out of five victims would pay the ransom again.

BTW...Did you submit (upload) any samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 F-D-E-C

F-D-E-C
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:38 AM

Posted 14 May 2018 - 10:13 PM

Thank you for this very nice summary!

 

 

BTW...Did you submit (upload) any samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

 

Yes, of course. Both the encrypted file and the ransom note.

 

I just wanted to warn others against these particular scammers (btc2018@qq.com, marat20@cock.li, marat20@tutanota.com) who only take money and return nothing.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,482 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:38 AM

Posted 15 May 2018 - 05:17 AM

You're welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users