Da poco in circolazione questa variante di Cryptolocker agisce esattamente nello stesso modo, crittografando tutti i vostri files con l’estensione .XXX, .TTT e .MICRO.
Vi potrebbe arrivare un’email avente come oggetto il nome del mittente o la data e l’ora d’invio. Nell’email non c’è testo nella mail, se non magari la data d’invio della mail riportata per esteso, spesso identica a quella dell’oggetto.
Le mail hanno un’allegato, .zip che contiene un file con estensione .js e un nome tipo invoice_scan_jWNWc3.js o invoice_DjzkX0.js. Se aprite il file .zip e cliccate sul file in esso contenuto, il virus vero e proprio verrà scaricato e comincerà l’infezione. Se non si clicca sul file non succederà nulla quindi la sola visualizzazione dell’email non provoca alcun danno.
Se siete stati infettati alla fine vi apparirà questo messaggio
NOT YOUR LANGUAGE? USE Google Translate
What happened to your files?
All of your files were protected by a strong encryption with RSA
More information about the encryption RSA can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)What does this mean?
This means that the structure and data within your files have been irrevocably changed, you will not be able to work with them, read them or see them, it is the same thing as losing them forever, but with our help, you can restore them.How did this happen?
Especially for you, on our SERVER was generated the secret keypair RSA – public and private.
All your files were encrypted with the public key, which has been transferred to your computer via the Internet.
Decrypting of YOUR FILES is only possible with the help of the private key and decrypt program, which is on our Secret Server!!!What do I do?
Alas, if you do not take the necessary measures for the specified time then the conditions for obtaining the private key will be changed
If you really need your data, then we suggest you do not waste valuable time searching for other solutions becausen they do not exist.For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below: 1.http://l4rdnvb5jskjb45sdfb.mayofish.com/9D554BE53C921410
2.http://hawdahbmfsm4sdf.brinystylo.com/9D554BE53C921410
3.http://p47kjndfbj8hsdfsd3e.sifetsere.com/9D554BE53C921410If for some reasons the addresses are not available, follow these steps: 1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser and wait for initialization.
3. Type in the tor-browser address bar: wbozgklno6x2vfrk.onion/9D554BE53C921410
4. Follow the instructions on the site.
!!! IMPORTANT INFORMATION:
Your Personal PAGES:
http://l4rdnvb5jskjb45sdfb.mayofish.com/9D554BE53C921410
http://hawdahbmfsm4sdf.brinystylo.com/9D554BE53C921410
http://p47kjndfbj8hsdfsd3e.sifetsere.com/9D554BE53C921410
Your Personal TOR-Browser page : wbozgklno6x2vfrk.onion/9D554BE53C921410
Your personal ID (if you open the site directly): 9D554BE53C921410
Se non avete backup tutti i vostri files sono persi, a meno che non paghiate il riscatto senza alcuna garanzia ovviamente. Ripristinate il tutto da un backup e formattate la macchina.
A questo proposito vi consigliamo il nostro sistema di backup automatico che vi permette di tenere al sicuro tutti i vostri dati indipendentemente da dove questi sono conservati.
Questo ransomware funziona solo su macchine Windows; linux e OSX ne sono immuni.
Max
Hi, someone has already dealt with this cryptolocker ?
It created the file extension
es .gamma01.xla.encrypted
Thank you