Ransomware

Greglsh

Greglsh

Senior Member
Joined
Dec 27, 2009
Messages
921
Reaction score
142
Location
Durban
Had a day from hell yesterday. Had 2 of our clients old sbs2003 infected with a new variant of ransomware called Child porn spam protection 2.0. As soon as you boot and login, a banner covers the whole screen saying if you want your data back you must pay $3000. What it does is zips some of your critical data and then password protects the zip with a 50 digit password.
 
Terrible! I wanted to take my food, but as soon as I wanted they demanded I pay first :mad:
 
You might be able to use some sort of file recovery program to get back the original files.
Also depending on the version of zip being used you might be able to crack it.
 
They use the rar zip format with 128 bit encryption so no way to brute force crack it. We have been telling the clients to upgrade but the usual "now is not a good time".

Sl33py it is a huge pain. Have you noticed it takes like +_ 45 min to boot to the login screen. We have the server connected to the network but still takes long. What did you use to remove the ransomware virus files?
 
i can just imagine logging into one of my debian boxes and having... well... none of this... why microsnot is still used for business critical servers is beyond me.

Yet.. sorry to hear about your predicament OP... but you are not going to brute force a 50-byte (probably randomized) encrypted zip any time this millenium.
 
i can just imagine logging into one of my debian boxes and having... well... none of this... why microsnot is still used for business critical servers is beyond me.

Yet.. sorry to hear about your predicament OP... but you are not going to brute force a 50-byte (probably randomized) encrypted zip any time this millenium.
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X