Virus Encrypt all your data into a BACKUP caled file

[hhddrec]

Hi Gurus!

Are you see any similar case.
I have here a drive that have been hacked by malware similar to CryptoBit.
Malware has deleted all important info from Drive and created a file called "BACKUP" 40GBs.
Virus has created a File into destop folders too that says:



Hello,
I crypted all your important data
I stored the crypted data in your hard disk.
If you want to become your data back, send me an email containing your ip adress.
Your ip xxx.xxx.xxx.xxx
e-mail : serverlock@yandex.com


Have you see this problem?
any way to resolve it?

[Jano952]

imagine that you have dynamic IP .... not very smart malware


EDIT: Oh I am idiot i just saw it saves current IP

[hhddrec]

No, not very smart you are on true

but big problem

[hhddrec]

i atach an extract about 7mb form 40GB BACKUP crypted file.

Attachments

TestBACKUP1.rar

(6.76 MiB) Downloaded 480 times

[einstein9]

This is the new Generation of viruses/malware

(ctb-locker)

Still new, no cure

[einstein9]

Forgot to mention that this new malware uses TOR network communication
which makes it DIFFICULT to trace not like the other OLDER Bitcoin Locker

so for everybody, Monitor your TOR network activity.

good luck

[hhddrec]

woult you pay extortion?

you think malwareboy will restore crypted info?

[warnerr]

Have not dealt with that version... yet. Did you try SHADOWEXPLORER? Some of the latest crypto viruses have not eliminated the shadow copies.

[hhddrec]

is win2003 no shadow avaliable

[HaQue]

How much is the extortion?
Depending on the value of data, and problems it causes for the length of time there is n o solution.. maybe some would pay it for the chance of the criminals decrypting.

But there are less malware groups actually decrypting or sending key because it is more contact (unnecessary for them) to get tracked.

Not enough is being done about this. But on the same token, what CAN be done about it? The current internet ecology favours them. We cant even shut down a C&C Server if we find it because it could easily be the local MRI XP PC at a hospital, as it could be in some scumbags basement.

[michael chiklis]

I hate those hackers bastards

[hhddrec]

How much is the extortion?

Extorsión is about 3000 sur

I think cstoer will acccet the extorsión

[warnerr]

since they copied it to a new folder any chance at all deleted copies recoverable on this version of malware?

[hhddrec]

Look like secure deletion of files after cryt data

[warnerr]

Brutal!!! They are getting better and better. Hopefully client can be patient until this version is solved. Paying a crook is certain to cause this type of crime to grow and to be discouraged.

[fzabkar]

Would this be a job for the NSA? Imagine the public relations coup if they could actually do something useful and catch a real criminal instead of spying on Faecebook traffic.

[HaQue]

I am thinking We need an elite taskforce. Make a Lair somewhere 2Km deep under the Utah Data Center ( http://en.wikipedia.org/wiki/Utah_Data_Center ) so they can run a huge pipe up to evry living souls DATA. them make a Crack team with Super Hero outfits that make Thunderbirds, X-Men or Batman envious, with members like:

Brian Krebs http://krebsonsecurity.com/ Seek and Identify
Ugene Kaspersky http://www.kaspersky.com/about/management_team Analysis and captivating scary superhero vocals
H.D. Moore - https://twitter.com/hdmoore - mass scanning and categorisation
Greg Hoglund - http://en.wikipedia.org/wiki/Greg_Hoglund - Ninja coding, Reverse Engineering, techspertise
Mikko Hypponen - http://mikko.hypponen.com/ - Experince, Coding, Public relations
Ed Skoudis - http://www.sans.org/instructors/ed-skoudis - Malware System Defense, Reverse Engineering
Lenny Zeltser - http://zeltser.com/ - Reverse engineering, cool hackery tricks
th3j35t3r (The Jester) - http://jesterscourt.cc/ - SecOps (for now) and Media Releases
Bill Gates - http://www.microsoft.co - Evil Genius type leather chair, speakerphone boss/ cashflow
Jason Bourne.. yes I know he aint real, but we need someone to actually take these slimeballs out IRL