пятница, 10 июня 2016 г.

MM Locker

MM Locker Ransomware


   Этот крипто-вымогатель шифрует данные с помощью AES-256, а затем требует от 0.501049 до 1.011 биткоина (или $200), чтобы вернуть файлы обратно. На уплату выкупа пострадавшим даётся 72 часа. 

© Генеалогия: EDA2 >> Pompous (SkidLocker) >> MM Locker

 По всему видно, что MM Locker является дальнейшим развитием Pompous (SkidLocker). 

Ко всем зашифрованным файлам добавляется расширение .locked

 Записка с требованием выкупа называется READ_IT.txt. Обои заменяются изображением вымогателя ransom.jpg.

Содержание этой довольно обширной записки о выкупе: 
(If you are in Notepad, please click the Format menu above ^^^^ and click Word Wrap)
Uh oh.  It looks like your data has been the victim of the encryption thief.  Your files have been encrypted with AES.  Go look it up if you like, it is some impressive technology.  Unfortunately you're going to have to pay some money to get your data back and your fee is approximately $400.  I'll get right to the gory details for that:
     * You have 72 hours to make this happen.  Otherwise, your data is effectively lost for good.  One keystroke will remove the necessary password for all time, and I don't even have to revisit your machine to do it.
     * You will be paying by bitcoin.  Your fee is 1.011.  Pay this amount precisely, or I might not know who it was that paid in order to rescue them.
     * You'll be using LocalBitcoins.com.  There are numerous ways to pay for my bitcoins on there, and most importantly, it is fast.  Did I mention you have 72 hours?
     * The address you will be sending the bitcoins to is [Redacted].
     * Then you will wait for me to get the unlock code for you.  Your code will be shown here, [hxxp://let-me-help-you-with-that.webnode.com/], under the amount you paid.  This may take a day or so: you are on my schedule now :P
     * Once you have the code, you can unlock your data as follows:
           *** Go to your Start Menu
           *** In the search field, type "cmd".
           *** Right click the cmd program.
           *** Click Run As Administrator
           *** Click Yes to allow it to run like that.
           *** Type "cd /Users/[user]/"
                     *** Type "Decrypter.exe <Your Code>
           *** Other people's codes will not work for you, obviously.
           That is basically it.  The rest of this document is a mini encouragement to get you to pay, so you can read it or not.  F*** [redacted by editor] if I care.
     * You'll never be able to find me.  Police will never be able to find me.  Go ahead and try them if you like, but don't expect your data back. They will be concerned about helping the community, not with helping you meet your deadline. If they say they need to keep your desktop for a few days, well lol, you probably won't be seeing your machine again soon, let alone your data.  Certain things my look like they would be easy to trace back to me, but believe me, they aren't. I've been doing this for five years now and haven't been caught yet.
     * Best Buy will have no ability to undo the encryption.  Hell, even the NSA probably couldn't undo it. Well maybe they could, but I suspect you won't be a high priority for their computation clusters for at least a couple of years.
     * In 72 hours, I will consider you lost.  Hell, I may even visit you again and delete the encrypted versions just for kicks.
So just be thankful that it wasn't worse. I could have asked for more money.  I could be working for ISIS and saving that money to behead children.  I 
could be a mean SOB and just destroy your data outright.  Am I those things?  No.  I just need the money to live off of (true story) and don't give a f*** 
[redacted] about the hacker "community".  So there isn't anyone you will be protecting by sacrificing yourself. I'll just encrypt more people's data to make up for the loss.
So you have your instructions. I'll even tell you how you could have prevented this:
     * Install a good antivirus and keep it up to date.  This is basically where you fell down.
     * Don't click on any file from the internet that isn't a piece of data like (jpg, txt, doc) or you better really know where that file came from.
     * Back up your data in case the encryption thief visits you :P          
Better luck to you in the future.

 Неполный список файловых расширений, подвергающихся шифрованию: 
.txt, .doc, .docx, .xls, .xlsx, .pdf, .pps, .ppt, .pptx, .odt, .gif, .jpg, .png, .db, .csv, .sql, .mdb, .sln, .php, .asp, .aspx, .html, .xml, .psd, .frm, .myd, .myi, .dbf, .mp3, .mp4, .avi, .mov, .mpg, .rm, .wmv, .m4a, .mpa, .wav, .sav, .gam, .log, .ged, .msg, .myo, .tax, .ynab, .ifx, .ofx, .qfx, .qif, .qdf, .tax2013, .tax2014, .tax2015, .box, .ncf, .nsf, .ntf, .lwp (59 расширений). 

См. также технические подробности в Pompous (SkidLocker) Ransomware

Степень распространённости: низкая.
Подробные сведения собираются. 

Комментариев нет:

Отправить комментарий

Новые комментарии модерируются. Всё, кроме спама, вскоре будет опубликовано. Чтобы написать комментарий, вы должны иметь аккаунт Google.

Новыя каментары мадэруюцца. Усё, акрамя спаму, неўзабаве будзе апублікавана. Каб напісаць каментар, вы павінны мець аккаунт Google.

Нові коментарі модеруються. Все, крім спаму, незабаром буде опубліковано. Щоб написати коментар, ви повинні мати акаунт Google.

Нови коментари су модерирани. Све, осим спама, ускоро ће бити објављено. Да бисте напишете коментар, морате да имате Google рачун.

Жаңа пікірлер модерацияланған. Жақын арада спамнан басқа, барлығы да жарияланатын болады. Пікір жазу үшін сізге google тіркелгісі болуы керек.

Your new comment will be moderated. Do not repeat its, please. Spam will be deleted. To write here a comment, you must have a Google account.

Ihr neuer Kommentar wird moderiert. Wiederhole es bitte nicht. Spam wird gelöscht. Um hier einen Kommentar zu schreiben, benötigen Sie ein Google-Konto.

Votre nouveau commentaire sera modéré. Ne répétez pas le, s'il vous plaît. Le spam sera supprimé.

Tu nuevo comentario será moderado. No lo repitas, por favor. El spam se eliminará.

Seu novo comentário será moderado. Não repita, por favor. O spam será excluído.

Il tuo nuovo commento verrà moderato. Non ripeterlo, per favore. Lo spam verrà eliminato.

Via nova komento estos moderata. Ne ripetu ĝin, bonvolu. Spam estos forigita.

Yorumunuz moderatör tarafından kontrol edilecektir. Tekrar etmeyin lütfen. Spam silinecek.

इसे पढ़ें !!!
आपकी नई टिप्पणी को नियंत्रित किया जाएगा। कृपया इसे दोहराना न करें। स्पैम हटा दिया जाएगा।

এটা পড়ুন !!!
আপনার নতুন মন্তব্য সংযত করা হবে। এটা পুনরাবৃত্তি করবেন না দয়া করে। স্প্যাম মুছে ফেলা হবে।

سيتم الإشراف على تعليقاتك الجديدة. لا تكررها من فضلك. سيتم حذف الرسائل غير المرغوب فيها.

Komentar baru Anda akan dimoderasi. Jangan mengulanginya, tolong. Spam akan dihapus.

Pansin !!!
Ang mga bagong komento ay sinusuri ng moderator. Huwag ulitin ito, mangyaring. Tatanggalin ang spam.

您的新评论将被审核。 请不要重复它。 垃圾邮件将被删除。

あなたの新しいコメントはモデレートされます。 それを繰り返さないでください。 スパムは削除されます。

새 댓글이 검토 될 것입니다. 그것을 복제하지 마십시오. 스팸이 삭제됩니다.

Постоянные читатели

Получать письма / Follow by E-mail

Форма для связи / Contact


Электронная почта *

Сообщение *

Norton Internet Security - комплексная антивирусная защита

Norton Internet Security - комплексная антивирусная защита
Клуб Norton: Ежедневная помощь по продуктам Norton