rhinosys Posted May 17, 2017 ID:1125796 Share Posted May 17, 2017 (edited) I'm also having this issue. on May 16th, 2017 almost all the files on my computer (seems like all, but *.exe, files in c:\Users\joel\AppData ), were renamed to <some-number>.onion example of a "lnk" file renamed: was "business - Shortcut.lnk" now: "business - Shortcut.lnk.id_3642933650_fgb45ft3pqamyji7.onion" I ran malwarebytes, but it didn't detect it. I've done lots of google-searching, and I think it's called "Nemesis Ransomeware", "Cry128" or ".Onion Dharma Ransomware" (not sure which at this point). I tried mcafee interceptor but it didn't detect anything (but perhaps it only detects new attacks, not infected files)....I'm in the process of running "AVG" right now to see if that can fix it... I just found a ransom-ware note, in c:\Users\joel\AppData\Roaming\Google\Chrome\UserData\-DECRYPT-MY-FILES.txt Quote *** ALL YOUR WORK AND PERSONAL FILES HAVE BEEN ENCRYPTED *** To decrypt your files you need to buy the special software. To recover data, follow the instructions! You can find out the details/ask questions in the chat:link removed (not need Tor)link removed (not need Tor)link removed (not need Tor) You ID: 364293650 If the resource is not available for a long time, install and use the Tor-browser: 1. Run your Internet-browser 2. Enter or copy the address https://www.torproject.org/download/download-easy.html in the address bar of your browser and press key ENTER 3. On the site will be offered to download the Tor-browser, download and install it. Run. 4. Connect with the button "Connect" (if you use the English version) 5. After connection, the usual Tor-browser window will open 6. Enter or copy the address link removed in the address bar of Tor-browser and press key ENTER 7. Wait for the site to load If you have any problems installing or using, please visit the video tutorial https://www.youtube.com/watch?v=gOgh3ABju6Q please help...I appreciate it! Thanks! Edited May 17, 2017 by exile360 Potentially malicious links removed for safety Link to post Share on other sites More sharing options...
rhinosys Posted May 23, 2017 Author ID:1129415 Share Posted May 23, 2017 Anyone... ? please help! Link to post Share on other sites More sharing options...
Aura Posted June 14, 2017 ID:1135584 Share Posted June 14, 2017 Hi rhinosys, Sorry for the late reply. Do you still need assistance with this issue? If so, can you upload an encrypted file and a ransom note to ID-Ransomware and copy/paste the result that is returned? https://id-ransomware.malwarehunterteam.com/ Link to post Share on other sites More sharing options...
Aura Posted June 18, 2017 ID:1136570 Share Posted June 18, 2017 Hi rhinosys, Are you still with me? Link to post Share on other sites More sharing options...
Aura Posted June 20, 2017 ID:1137070 Share Posted June 20, 2017 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts