DHL emails with virus | ransomware | encrypted files

dagwood4455

Active Member
Joined
Oct 13, 2010
Messages
81
Reaction score
0
I have been receiving a lot of emails claiming to be from DHL. Someone opened the Zip file attached to such an email and now their files are encrypted.

Anybody else experienced the same today?
 
Yup. Had a client last week. It's Cryptowall. It's doing the rounds. Encrypts all pics and docs. Nasty. Binned the Hard drive. No chance of recovery from that.
 
Yup. Had a client last week. It's Cryptowall. It's doing the rounds. Encrypts all pics and docs. Nasty. Binned the Hard drive. No chance of recovery from that.

Why bin the drive when you can format and reuse it?
 
Why bin the drive when you can format and reuse it?

It was an old (over 10 years) 40 Gb seagate barracuda. Didn't want to install win 7 on it only to have the client come back in a month when the drive dies. And he also had some sort of hope he could send it to his mate who could retrieve the files. So, yeah, sorry, "bin" wasn't quite the right word... :)
 
One of my clients phoned me late last year saying that he was receiving accounts from people he didn't know, so I told him that he should ignore them if they aren't addressed to him personally and don't mention him by name.

He called me 5 minutes later to say that he was receiving a "Malware Detected" message. (He was running Windows Defender, which his previous IT guy convinced him was adequate). I told him to turn off his PC until I got there.

I rushed over there, equipped with my virus removal tools. Thankfully I ran a rescue disk first, as it turns out he had picked up some nasty ransomware cryptolocker. It had already encrypted all documents on his drive up until the letter "M" in his root directory folders, but fortunately all of his documents were stored under "Users/username/Documents" so his important documents were safe.

I ran a Malwarebytes scan to finish the job.

The next day I went back to install a Bitdefender Internet Security 1 year licence for him.

In hindsight, I'm glad I made the calls that I did. It turned out that the Ransomware he'd picked up was brand new and still undecryptable. I for get what the file extension was, but I think it was something like .vvv or similar.
 
I see the .vvv ransomware can now be decrypted as well. It seems many these decryptors rely heavily on a registry key from the infected systems in order to decrypt successfully though.

.TTT, .XXX, and .MICRO are the latest currently undecryptable ransomware extensions.
 
All my clients files had the .micro extension. He just shrugged and said "@#$% happens...."
 
Also getting quite a lot of these (especially with publicly listed ones, of course) picked up lately that they spoofing email address pretending to be copier and mfp @ your domain .co.za

This is a common setup for MFP's from companies like Nashua, Xerox, Canon, Konica to have a email address "copier/mfp" etc setup on the device so can imagine they will get quite a few successes with this approach.
 
Top
Sign up to the MyBroadband newsletter
X