I need some help brothers.
A family friend got hit by some ransomware and now needs to pay in BC to get their stuff released.
As the resident "IT guy" it falls to me to get it sorted, but I know next to nothing about bitcoin, TOR etc.
Where do i start? How do i proceed? Help me out, please.
anything important that's not backed up?
how'd you get it?
you'll lose both your money and your files if you pay
>>1018134
this
DO **NOT** FUCKING PAY IT WILL NOT REMOVE IT
This forum will not help you remove it, Google search the virus and see if you can find some solutions
>>1018131
All his work related stuff got encrypted. The source files he was working on are easily worth more than the ransom. The backups he has are over 2 months old.
He has no idea how he got it, says the PC has no email client and isn't ever used for anything other than testing of software.
>>1018136
Thats the first thing I did. He was hit by "CryptoWall" and apparently there is no way to decrypt the files without the key.
>>1018151
Yep he pays it and thr program will just ask for more. His bullshitiing he mustve opening something
>>1018163
I know, but this isn't about his security practices, he's gonna get schooled on that soon.
I've thought about it being a scam too, but he seems willing to go ahead with it, and since it's not my money on the line I won't object.
I set up a wallet (Bitcoin Core) for him and it's currently catching up to the network (whatever that means). What's the next step? How does one add bitcoins to a wallet? Anyone wanna recommend a BC vendor?
There's no way this computer is getting saved, even if you comply with all payments.
Why the fuck are you guys spouting shit? Where is the incentive to pay if it would just erase your files by doing so? The authors make money by extorting the equivalent of $100 or any sensible amount to unlock their files. If it would just keep them locked no one would pay and they would be left with nothing.
A five second search on google on crypto virus would tell you to fucking pay, keep regular backups instead of once every half year, not opening retarded emails or visiting stupid ass websites.
>>1018180
Go get him a Circle account. His own circle account.
>>1018127
>oh my god, the burgers again
If you pay them, you'll do shit, they have no keys, no sane person would even think of making those.
I once had that, I desinfected the computer, and opened the shadow version of my disk, apparently the fucker deletes the shortcut, however after three days I rebooted it again, and it worked. got my files back.
>>1018151
what about hardware?
there have been reports of some cameras being shipped with infected firmware that installs that shit upon being plugged in.
regardless of how, he is full of shit and went somewhere or opened something that caused it.
Nobody actually knows how to buy bitcoin. I've asked before too and no one could help me. Tried looking online, couldn't find a guide that made any sense. I made two threads on here, one on /g/ and one on /b/, no one could explain to me in simple terms how to do it.
https://blog.kaspersky.com/coinvault-ransomware-removal-instruction/8363/
Tried booting in safe mode?
>>1018982
This.
There is no way to decrypt files without paying. If files are important and op (or his buddy) has to pay.
There are many recorded cases (googe away) where users paid and files got decrypted.
>>1018127
tell your buddy to keep offsite backups for fucks sake
>>1018127
>you need to pay 300 USD/ 300 EUR
I pick Euros.
>>1018127
>Gets hit with ransomware due to his own stupidity
>actually gives the Russian fucks money
Fuck you and your friend for keeping this shit going by giving them what they want.
>>1020241
>500 rubles
Kek is that like 3$ or smth
>>1018127
wipe the drive and suck it up
paying will only encourage more attacks in the future
>>1018127
buy bitcoins here: https://btc-e.com/exchange
You have to add funds to that website wallet, buy them, then send the coins to whatever address they tell you to.
>>1018127
Ask the gents at /sci/ for help. Some of those guys are cyrpto guys and they often know more about computer science/engineering than /g/.
>>1019916
LOL
>>1018127
OP... seriously ... Just buy them on localbitcoins. You don't even need to make a wallet as you could redirect the money from your localbitcoins account directly to the account of the ransomware. As for downloading bitcoin core and downloading the whole damn blockchain ("catching up") on a computer just to hold bitcoins for 5 minutes, you're doing it wrong. Then you came to the worst place for advice.
You can't legally negotiate with terrorists.
They're still going to cut off his head.
>>1018127
i doubt the files are ALL encrypted.
have you tried to pull the harddisk, and load into another pc with internet disabled and recover the files in hdd? if its locked, have you tried getbackdata portable or similar? you can use hirenbootcd if you're too lazy to get into another pc
>>1018136
This
Get rekt OP.
Make sure this version of cryptolocker actually releases your files afterwards. Some don't.
Also it's unlikely that anything actually NECESSARY was encrypted, it only does a few documents. Maybe you lost some pics but. Any important stuff should be backed up. Let this be a lesson to your buddy.
Look up how to use Circle to buy bitcoins (it's an app but very convenient for non-tech savvy "IT guys" like you) if you REALLY NEED TO. Otherwise tell this person to eat shit and not be retarded, and then factory wipe his pc after saving his important stuff.
Also
>using tor for non illegal activities
I seriously hope
PS I heard there was some sort of cool method to somehow bring back old versions of the files before they were encrypted by bryptoclocker but I forget what it was/if it worked
>>1018127
>how do I get started
fucking lol
>>1019916
The one time I bought bitcoin I went through fucking Second Life's currency, since there's not the same retarded regulations against buying that
Yeah you will have to pay, and yes they generally do release the key ive heard of similar cases.
You can buy btc so easily and keep it in a webwallet no need for any downloading
I am interested in hearing how this all plays out op, so if its not a total troll, let us know how you solved it
>>1020370
no you didnt.
>>1020438
>Yeah you will have to pay, and yes they generally do release the key ive heard of similar cases.
fucking nigger sending cryptowalls to others then shilling it, I would report you you piece of shit, but I respect your enthusiasm making a dishonest buck
>>1020951
Are you suggesting he doesnt pay? How will he decrypt his harddrive? Its mathematically impossible to do. Just pay is the only way. Pay, then backup all your important files, throw your computer in the trash and get a new one
