Very Bad Ransom Virus Warning! Please Read And Beware!

W

Wyatt Burp

Member
Joined
Dec 9, 2008
Messages
6,777
Reaction score
17,709
Location
Northern California
Our computer was really acting up and our computer guy instantly saw this scam virus that scrambled all our downloads, pictures, etc. They scramble everything you have that is in your computer only and hold it ransom for the "key" to get your stuff back. How do they scam you? a fake "Adobe Flash Update" pops up and it's not really Adobe. Do not respond to this or any updates without caution! We had no backup and lost pictures, documents and some downloads. It's not stressing us out because it's not extremely extensive and some is still on our old computer hard drive that we can transfer over easily. Just do not update ANYTHING now unless you are positive it's really from who it says it is. The kidnapper icon was a "W" with decrypt instructions how to pay the ransom. I'm computer illiterate and might be telling the obvious, but just in case, watch those supposedly common updates. Go to "Adobe's" website, for example and do it there. Apparently anti virus systems can miss new attacks at first. And yes, we are getting backup now which was a no brainer that we didn't use our brains about.
 
Register to hide this ad
Wyatt -

I saw your post (subject as above) on the Colt forum and would just like to thank you and say that this is very much for real. I've received 2 notices that I needed to upgrade Adobe, and am thankful that I ignored them.
 
Sounds like CryptoWall or CryptoLocker. Had a dealer (I do phone IT phone support for a major motor company) call in with CryptoWall on her laptop yesterday.

The good news is that there is at least a partial remedy to CryptoLocker, a similar piece of ransomware. Google "CryptoLocker fix", and you'll find a company which, if you send them an encrypted file will analyze it and probably be able to give you a decryption key to decrypt the rest of your files. I don't know if there's a similar fix for CryptoWall.
 
Wyatt Burp said:
Our computer was really acting up and our computer guy instantly saw this scam virus that scrambled all our downloads, pictures, etc. They scramble everything you have that is in your computer only and hold it ransom for the "key" to get your stuff back. How do they scam you? a fake "Adobe Flash Update" pops up and it's not really Adobe. Do not respond to this or any updates without caution! We had no backup and lost pictures, documents and some downloads. It's not stressing us out because it's not extremely extensive and some is still on our old computer hard drive that we can transfer over easily. Just do not update ANYTHING now unless you are positive it's really from who it says it is. The kidnapper icon was a "W" with decrypt instructions how to pay the ransom. I'm computer illiterate and might be telling the obvious, but just in case, watch those supposedly common updates. Go to "Adobe's" website, for example and do it there. Apparently anti virus systems can miss new attacks at first. And yes, we are getting backup now which was a no brainer that we didn't use our brains about.
Click to expand...

Back up your stuff. It's cheap insurance.
 
Absolutely never download Adobe Flash Player from any source other than Adobe's web site. I am surprised this is still an issue since this problem has been known for at least a year. A Mac will not allow you to download anything without your permission. The problem is most people give their permission thinking they are actually downloading from Adobe.
 
Cryptolocker is bad and the sooner you deal with it the better.

Unfortunately Adobe products and Java do have legitimate updates very frequently so it is all too easy to get fooled. If you have a pop up your task tray that is one thing but if it shows up on a website that is different.

Just like not clicking on a link in an email it is good advice to open a new browser windows and go directly to the correct site.
 
We have a $10 yard computer that's not connected to the internet and we store stuff there.
We also put everything on a thumb drive and our pictures are all stored in 3 different places including Photo Bucket.
 
Sorry you lost your files, etc. These people that do that are not nice..........
Backup often, then be sure to disconnect the backup device (especially if USB). If the backup device is connected and on, the virus will get that too.

I use Linux Mint at home but Windows at wotk.

wyo-man
 
Re: Wyatt's Post

Even if you pay the ransom, there's likely a good chance you computer still wont get fixed.............they'll just take the money and run. :mad:
 
I got caught by that about a year ago. Then you could press pf12 while booting up and start in safe mode to fix the problem. The hackers might have changed that by now.
 
Flash players....

Flash players are always asking to update. One think you don't want to get isn't harmful, but really aggravating. 'Jucheck.exe" is supposed to be a Java Update but it may be malware because it constantly asks you to update Java. You can't get rid of it by uninstalling it.:mad:

Thanks for the info!!!
 
Probably the most common cause of this virus is that people don't keep their anti-virus software up to date and don't apply updates to their operating systems.

This virus does encrypt your files but, only the first 512 bytes -- not the entire file. Not that it matters because most files won't open if the headers are corrupt.

Beware of Internet offers to fix this. If they have a DECRYPT removal tool, avoid it!!! Most of these just install another Trojan Horse and leave you in worse shape than before. If you see a HowDecrypt.gif or HowDecrypt.txt or other such file in any directory, DO NOT follow their instructions. You're just throwing money away. There are instructions which do use system recovery methods to help you clean up the mess. Expect it to take a lot of time. Start with info at MalWare Bytes site. Another site is MalWareRemovalGuides.info.

If you don't already have it, get MalWare Bytes and install it on every computer in the office. Also get a good Anti-virus kit and install it too. While you're at it, get SpyBot Search & Destroy and immunize your systems. Put these three packages on a USB flash drive and disconnect your systems from the internet. Install and run the programs from the flash drive. Once done, connect the PC back on the net, get the updates and run them again.

Seek professional help if this is work related stuff. You may not be able to decrypt the files. This is why backups are essential.

Excellent free antivirus is available (AVG, Avast, etc.), MalWare Bytes, Spybot Search & Destroy and LavaSoft's Ad Aware will all try and help you stay clean but, they don't help if you don't keep them up to date.

Karens Replicator is a great way to back up everything. It just copies whatever you have to a USB or Network Drive. After the backup, disconnect it and you're fairly safe.
 
Ματθιας;138212584 said:
Back up your stuff. It's cheap insurance.
Click to expand...
But back it up to OFFLINE storage, like a DVD, flash drive or hard drive which is kept DISCONNECTED when not in use.

CryptoLocker and CryptoWall search out attached and network drives (including GoogleDrive).
 
You must log in or register to reply here.

Similar threads

8shot
  • Locked
Beware of Gunbroker
2
Replies
38
Views
1K
murphydog
murphydog
Lee Barner
Valentine's Scam-Beware
Replies
8
Views
732
jeff85
jeff85
pantannojack
Beware the finders of lost friends
Replies
16
Views
833
CalifEd
C
H Richard
Very sad, range closed
Replies
17
Views
662
Narragansett
Narragansett
quikdraw67
Very High Wind
Replies
7
Views
373
LVSteve
LVSteve

Latest posts

Back
Top