cryptconsole Шифровальщик-вымогатель биткоинов (something_ne@india.com)

[vinny_b]

Товарищ на работе словил вышеуказанного зловреда.

Просят 0,7 биткоинов: требования:

Your files are encrypted!

Your personal ID

33372E34342E34362E3231363A33333839405345525645525C62756830313B6275683031

Discovered a serious vulnerability in your network security.

No data was stolen and no one will be able to do it while they are encrypted.

For you we have automatic decryptor and instructions for remediation.

How to get the automatic decryptor:

1) 0.7 BTC

Buy BTC on one of these sites:

https://localbitcoins.com

https://www.coinbase.com

https://xchange.cc

bitcoin adress for pay:

 

14h5cEcF6ajw6RD9h8f97GGnpaqVJKn1Ty

Send 0.7 BTC

2) Send screenshot of payment tosomething_ne@india.com. In the letter include your personal ID(look at the beginning of this document).

 

3) You will receive automatic decryptor and all files will be restored

 

* To be sure in getting the decryption, you can send one file(less than 10MB) tosomething_ne@india.com In the letter include your personal ID(look at the beginning of this document). But this action will increase the cost of the automatic decryptor on 0.1 btc...

 

Attention!

No Payment = No decryption

You really get the decryptor after payment

Do not attempt to remove the program or run the anti-virus tools

Attempts to self-decrypting files will result in the loss of your data

Decoders other users are not compatible with your data, because each user's unique encryption key

If you can't send a message, try to write with the other e-mail address, for example register mail.india.com

 

 

 

Штатным Kaspersky Small Office был обнаружен и помещен в карантин единственный зашифрованный файл в папке "C:\Confused\folder". (архив virus.zip, пароль "virus").

CollectionLog-2017.02.28-03.38.zip

Изменено 28 февраля, 2017 пользователем Sandor
Убрал подозрительный файл

[Sandor]

Здравствуйте!

 

Логи сделаны в терминальной сессии, сделайте их из консоли.

[thyrex]

+ Пришлите образцы шифрованных файлов указанных типов - ориентироваться на окончание имени файла

2E706E67 (.png)

2E646F6378 (.docx)

2E6A7067 (.jpg)