-
January 28th, 2016, 05:42 PM
#1
Registered User
Micro File
I have ran into something new I have not seen before. One of my clients became infected with a ransom ware. The difference with this one is the data files all have the correct extensions, ( IE .pdf, .doc and tec.) yet when you open them of course there is nothing but hieroglyphics. The files are classified as macro files. My question is, does anyone have an idea as to what ransom program this is? I am familiar with the cryptowall 2.0 & 3.0 but not sure what this is. Looking to find out if it is possible to recover the data. TYIA
It's not the computers that keep having problems, it's the users!!
-
February 6th, 2016, 12:34 AM
#2
Unfortunately, pay the ransom, as much as it hurts, the $500.00 plus that they ask for is minimalistic to the hours you will put in to fixing the problem. And most likely wont be able to fully recover. If your client is worried about a credit card getting hacked, go to the grocery store and buy one or those onetime cards for the amount of what that the cryptowall ransom is saying will make thing right. I speak from experience hear, I have flipped both ways, and biting the bullet and educating the crew that introduced the virus to start is the better of two paths. I wish I could provide a better solution, but have seen this hit way to many unsuspecting companies.
No matter where you go........there you are.
-
February 6th, 2016, 07:41 AM
#3
Registered User
Thank you for the input. I was able to just find out what version this ransomware was. It is actually called the Tesla/Crypto. There are 3 different versions. 1st version (Tesla/Crypto 1.0) came out around Christmas time. The second came out after Christmas. Both of these versions were found to have a way to recover the files. So on Jan 16th, a new version (Tesla/Crypto 3.0) was released into the wild with a new algorithm which to date has not been able to be decrypted. I have been advising all my clients to make sure they do backups every day using multiple drives. This way if they are hit, (in most cases the backup drive is always hit as well), they are only going to lose 1 days worth of data.
It's not the computers that keep having problems, it's the users!!
-
February 14th, 2016, 04:46 PM
#4
Registered User
The secretary at our work has some kinda BUG, Named all her documents to mpg files. pops ups with what look like paragraphs of Chinese and little windows of acts to follow, When Paragraphs appear launches it to internet. QUESTION!! would a person with exceptional abilities to edit the Registry be able to eliminate Bug entirely?
Last thing I remember, running for the door,
I had to find the passage back to the place
I was before.
-
February 14th, 2016, 07:07 PM
#5
The bug can be removed with most AV programs, the problem is that it will encrypt all the files in an algorithm that the AV cant deal with. The AV will only get rid of the host, not the trail it left behind. Like a tornado rolling through the plains. From the pop up, it should point you to the site for decryption, remember, it will also infect all mapped drives, and also the backups of those drives if not caught in time.
No matter where you go........there you are.
Similar Threads
-
By Ardavan in forum BIOS/Motherboard Drivers
Replies: 11
Last Post: May 11th, 2006, 12:02 AM
-
By HipHoper in forum Tech Lounge & Tales
Replies: 13
Last Post: October 5th, 2003, 04:43 AM
-
By delmer_1 in forum Tech-To-Tech
Replies: 4
Last Post: January 21st, 2003, 01:08 PM
-
By FORDS500 in forum BIOS/Motherboard Drivers
Replies: 10
Last Post: June 21st, 2001, 10:37 AM
-
By terry lobeck in forum Video Adapter/Monitor Drivers
Replies: 0
Last Post: February 28th, 2000, 11:24 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks