Jump to content

Teachkids

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Hi Yoan, Just thought I would check in and see if you have any update, ideas from your colleagues, or suggestions on next steps. At somepoint fairly soon, I need to return this workstation to production. Thanks, Rob
  2. Yoan, Thank you for your help. Would you suggest that I wait to see if one of your colleagues have a solution, go ahead and format the PC/start over, pay the ransom, or take some other action? Should I make a backup copy of this PC's data in case a key is found in the future or once moved is that worthless? The computer had 2 mapped drives to a NAS. Those files are also encrypted, which I have stopped sharing them and have restored to new shares on the NAS (yet maintained those encrypted files). I am guessing the action you tell me above regarding the PC is the same action to take on the NAS data. Last, if I reformat the PC, what is the best way to obtain and re-use the Windows Office 2016 key? I purchased 5 licenses and am struggling to determine which one is assigned to this PC. Thank you for your help! Rob
  3. From: Theresa Redfield <983103c36b6e31fd87d23bdc613b28fb@reply.craigslist.org>Sent: Thursday, March 8, 2018 11:37 PMTo: q5b7p-6490603464@comm.craigslist.orgSubject: Not AV Scanned: Free ACT/SAT Practice Test - general community Hey I would like to express my interest in your posting "Free ACT/SAT Practice Test - general community" but I have a few questions. Please call me ASAP, my contact information are in attachment. Password to view the file is 5558. Take care Kendra Original craigslist post:https://bn.craigslist.org/com/6490603464.htmlAbout craigslist mail:https://craigslist.org/about/help/email-relayPlease flag unwanted messages (spam, scam, other):https://craigslist.org/mf/65910d29f30fcffa08f943a38cd88bf6606ed2e4.1 Not_AV_Scanned%3a_Free_ACT%2fSAT_Practice_Test_-_general_community.zip
  4. also went to id-ransomware.malwarehunterteam.com and uploaded the readme.html. It returned the following: Sigma This ransomware is still under analysis. Please refer to the appropriate topic for more information. Samples of encrypted files and suspicious files may be needed for continued investigation. Identified by ransomnote_url: http://yowl2ugopitfzzwb.onion/ Click here for more information about Sigma
  5. Yesterday one of our team members received what looked to be a legitimate email from Craigslist, so she opened the attachment and entered the password. The Sigma Ransomware was deployed. This looks like the same issue that david0729 is having that Aura is working on with him. What a crazy thing these criminals do. I have followed that thread All files have been encrypted and cannot be opened. I don't want to get too far ahead. So will stop here. Would love to be able to access our files again. I have a backup from a few days ago, but only the network files not the local machine files. Thanks Rob Addition.txt FRST.txt malwarebyteslog.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.