[real-eyes] New Ransomware
- From: "Jose" <crunch1@xxxxxxxxx>
- To: "real eyes list" <real-eyes@xxxxxxxxxxxxx>
- Date: Fri, 24 Aug 2007 09:03:30 -0500
this from my counter spi news letter.
Spyware VS CounterSpy
New Ransomware
We just saw this come out of an IFRAMEDOLLARS malware install. The trojan
encrypts files with the extensions txt, xls, doc, pps, ppt, docx, xlsx, pptx,
rtf, mdb, vsd, vst, csv, mpl, zip, and rar; and drops a text file called
README_ASAP.txt (we left the spelling errors intact).
Dear User,
Thank you for using our service.
We've recently inspected your system and found out many critical security
holes. It's not a joke, and it bring out clearly that we were able to crypt all
of your text files, documents, archives and data files. For your security we
did it before than someone else: hacker, virus or just stupid vandal. In world,
hijackers are hunting for your bank account, credit card information, or
something valuable. Now, even if they'll hack your computer they steal nothing,
because all of your important files are now crypted and secured. There is no
technology or scientific method to crack this kind of encrypting in near future
Unfortunatelly as like other job, our services cost money. Just only 150$ US
dollars. It is worth much less than if you loose all your files.
We accept only Western Union, and we garantee that your'll receive decrypting
program with detailed manual in less than hour after we'd received your payment.
If you need your information back, just send an email to: [SNIP] and we'll send
you further instructions in 5 minutes.
Do not worry, you'll get all back in hour after we get Western Union Transfer
details. ONLY IN ONE HOUR!!! We are sorry for your inconvenience, but better
we and less, than somebody and more.
Q. I didn't order your service and dont want to pay! I'll go to police!
A. It's up to you. If you belive they do it better, then do it.
Q. I am poor student\bankrupt\housewife. I dont have money.
A. It'a sad to hear.
Q. I've sent an email to you for a discount.
A. Sorry, but we can't answer to all our correspondents due to high load.
Q. I need my information ASAP!
A. Dont worry! You will get it in one hour after we receive your MTSN. (western
union control number)
Q. How i can trust you? Maybe you'll rip me?
A. We understand if you send money for our work-your info important for you.
And we don't want make your life worse. You'll certanly get the Decription
Program.
End of Ransom File.
We have a program that we are giving out for free that may get the data back.
Click here to see if that will do the trick.
http://www.counterspynews.com/2FFHED/070822-Ransomware
Tradecraft - True Tales of CounterSpy in Action
Decrypting Ransomed Personal Data
Regarding the trojan I just described above, we were able to obtain a decryptor
that we have been offering at no charge to people who have been infected
by this trojan. The tool un-encrypts the files affected by the trojan.
As a result, we've had a number of people stumble upon our blog posting and
reach out to us. Using this tool, we have been able to help these victims get
most, if not all, of their data back. Here's a letter we received today in
thanks:
It worked! You have no idea the relief when I opened the first file that was
fixed. You can't imagine the heartache you've helped me avoid!! I had years
worth of journals, diet logs, movie reviews, etc that I most likely would never
have gotten back without your decrypting tool. That'll teach me not to
keep putting off backing everything up!! Thank you so much! Do you accept any
sort of donations to your company or your cause?? I'd be more than happy
to donate to help continue your work! Thanks again and I hope your tools help
others in the future!!
Just in case you're interested, basically what happened to me is yesterday, an
alert popped up on Norton Antivirus saying there was some sort of Backdoor
Trojan infecting my computer, but that it couldn't do anything to resolve it. I
rebooted in Safe Mode, did a full scan with Norton, AdAware, and Spybot
and it found NOTHING! So this morning I made the mistake of leaving my computer
on when I went to class and when I returned, there was the infamous text
document opened up on my desktop asking for $150 (mine was called ASAP.txt) and
saying to write to [redacted] for more information on how to proceed. Honestly
my first instinct was to take a chance and consider paying them to get my
documents decrypted, but I was lucky enough to happen upon your site. Again,
let me know if your company accepts donations and where to send them! THANKS!
To this user: Your letter itself is payment enough.
Hot Zone - Cool Products & Other Stuff
From Jose
"I will instruct you and teach you in the way which you should go; I will
counsel you with My eye upon you."
Psalm 32:8
Backup not found! A)bort, R)etry or P)anic?
To subscribe or to leave the list, or to set other subscription options, go to
www.freelists.org/list/real-eyes
Other related posts:
- » [real-eyes] New Ransomware
