More viruses and ransomware

More viruses doing the rounds.

It’s another week and new virus has been infecting people.  This one is a very nasty virus which encrypts your documents with no way of getting them back.  It is called Anti Child Porn Spam Protection.

 

This is called ransomware as it holds your files to ransom.  However it is not work parting with your many as despite what it says there is no way to get them back.  The hacker even went on to a computer forum discussing this virus and said

Im the author.

Guys, I have considered my previous mistakes and wrote new unbleepable version.

and im answer for some your questions:

>Unfortunately, at this time there is no method to create the passcodes, though one may be created in the future.

 

Yes, may be in the future, after

~66,282,862,563,751,221,625,826,507,369,649,000,000,000,000,000,000,000,000 years

Now password wich has been sended to us has been deleted using sdelete (in previsious using simple delete and you can recover it in some cases and then generated passcode to decrypt).

To decrypt second part of files (minimal part) here is using another password (yes, Fabian can make

generated it, but it cant help)

Trying to catch password from process monitor?  Yes, you can but it will be second password for

minimal part of files. First Password are succesefully sended to us and SDELETED. You cant catch it

using procmon because your screen locked  Locker is used for protect this  After screen unlocked

there is another password (it sdelete original password after decrypt majority files, you cant catch

this moment NEVER, beacause it sdeleted from HDD before reboot(it does not matter is this cold or hot reboot) (password is in memory when decrypting files) and to delete screen locker you must reboot in any ways).

Also first password is generated randomly. Unable to generate same in any ways.

sample of first password: s#u_1kEWt=dGo4qLf*vkEDPdOvkvTSVHu_1rWnd2ah=TSd&(Tu

sample of second password: Fww*wrFwVFwwL$wqr*FwwL$wqr*

Your files wich has been encrypted has been deleted using Sdelete also. (and backups has been deleted

using Sdelete also).

SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever.

read official doc here: http://technet.microsoft.com/en-us/sysinternals/bb897443

Im interesting how do you going to get this password? This is UNREAL

The password is 50 characters long using 77 sybmols including letters,numbers and special symbols.

This is 77 to 50 degrees and this is 211123345230697322404794315881e+94 combinations.

To bruteforce if your brute software brute 10000 passwords per second it will be take up to:

65687022485656026733869199236174e+86 years.

Use your brain and calc.exe if you dont believe me.

Possible when the aliens arrive, they decipher your files using the blasters

About: these files are not actually encrypted but are password protected RAR files.

And what encrytion using winrar? – Answer: AES. Google it.

 

If you think you have this or any other virus shut your computer down immediately.

The best way is to backup your data regularly and make sure your backup has run.  There is nothing worse than thinking your data is backed up when it is not.

 

Next week I will be writing some tips on how to reduce your risk of getting a virus