IT Support Solutions

Home and Business

Server and Networking Solutions

Business Continuity / Disaster Recovery

Free Call Out & Evaluation of Problems

Feel free to Call For Advice
Same Day Repair

Malware and Virus Removal

Slow PC or Laptop?

Wifi Issues sorted - Business and Home

Smart TV, Smart Box, YouView

Monday, July 24, 2017
We have 30 guests online

Latest News

PDF Print

Have you become a victim of the encryption virus's around that will go through your entire file structure on your drives, encrypt and password protect each file, making them inaccessible?

We have see evidence of this, below is the details:-

Customer called with machine locked out (would not boot) and no access to shared files

After getting the server back up and running, we noticed that all the files in the shares were compressed and associated with WinRAR, each file had been renamed to contain a email id, and an email to contact:-

uksechelp@gmail.com

This scam is designed to lock your machine, (does not work on servers, just stops them booting correctly)

and then you are asked to contact them, pay a fee and in turn receive a password to decrypt your files.

 

 The virus is pretty easy to remove and repair, the files that have been encrypted, can not be brute forced and potentially only be retrieved using other methods (please contact us for details)

 

We took the opportunity to contact this email (using a fake email address), and received two replies (one of which will be automated) from uksechelp@gmail.com, with a name of Alex Smith on it.

The automated reply of the email is at the bottom of this document for your reference.

 

The second email was this:-

 

I will send you instructions.
If not please check spam/junk folder.
Thanks.

Both emails arrived 11 minutes after asking for help.

If you need help removing this type of virus, and securing your machine/server please contact us

 

Below is the automated email from uksechelp@gmail.com

 

Hello!

Have you already see that your files are encrypted and desktop locked?

Please don't panic and send us angry emails or scare us to send claims in police, fbi or others - this is useless.

Please read this instruction carefully, then you will get answers to most of your questions (You will read in this

instructions about PAYMENT, OUR GUARANTEES, AND INFO HOWTO GET YOUR FILES BACK).

You need to buy Liberty Reserve. 5000 Liberty Reserve USD ( this means 5000 US Dollars ) is a minimal price and cannot

be less, no any discounts even if you need only 1 file. When we get payment we will send you passwords and decryption

tool to unlock all your files.

You can send files or your computer to any experts or antivirus companies, recovery companies but you just lose your

time, money and nerves (You can read on forums from what time experts try to decrypt files crypted by our software or

try to catch password - and all attempts are not successful - this is about 12 month and no results).

If you don't believe me look at this posts:

http://www.bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection/page-

8#entry2774760

http://www.bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection/page-

8#entry2779804

http://www.bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection/page-

10#entry2841913

http://www.bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection/page-

11#entry2882513

http://www.bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection/page-

11#entry2889757

You can go to the police or fbi or other departments - but this is will not help you, we are working about 12 month and

noone can trace us, because we are working using chain of servers in different countries and using only Liberty Reserve

as payment method (this is offshore payment system ) and withdrawal money using anonymous offshore bank accounts and ATM

cards belong to other people.

---------------------------------------------------------------------------------------------

OUR GUARANTEES:

You can send one encrypted file (jpg or bmp or other picture, no a document or not any important file for you) to us and

as soon as we decrypt them we send them to you and it will proof that we are able to decrypt them all. Please don't send

us important data like databases etc. to decrypt, because if we will decrypt it and send to you - you will pay us 0$.

We had decrypt databases files to some people and after this they did not pay us any money.
After you will pay us, sure we give you passwords and decrypt tool and of course you can decrypt all your files

including databases files.

To send file to us better use sendspace.com (just upload and send link to us) because gmail can block any .exe

extensions.

Our guarantee is your decrypting file. Also if you don't believe me look at

http://www.bleepingcomputer.com/forums/t/449398/new-ransomware-called-anti-child-porn-spam-protection/page-

7#entry2760118 this post from admin "Yes, from what we understand the malware writer does send the password. I would

only do it if you have absolutely no choice though. "

We have some positive posts from users who got passwords, but admin just delete this posts ofc. So anyway you can read

this forum about us.

Also we have positive post who paid us on this forum: http://www.intruderalert.com/cafe/index.cfm?

page=topic&topicID=214282&start=21

So we dont need to lock your files forever, we just need a money for our work.

Also send us your ID number.

----------------------------------------------------------------------------------------------

ABOUT PAYMENT:

You must buy LR (Liberty Reserve) The amount to buy is how we write in our instructions.

1) You need to register on www.libertyreserve.com and make your own account there.

2) Register on exhere.com (this is exchanger who pickup your money via Western Union and transfer your money on your

liberty reserve account)

3) You need send some scan copies of your documents to verify your account on exhere or any other exchanger (photo ID,

utility bill).

4) Make a new order on exhere.com and put in your LR account info, after this they give you info for WU transfer, now

you need go to the bank and make Western Union transfer.

5) Now you need back to exhere.com and log in your account and update your order with MTCN number you got from Western

Union. ( without this number they cant get money from you. )

6) Waiting about 12 hours for process your order and when you got money on your libertyreserve account you will send

this money on our liberty reserve account (We  will give you our Liberty Reserve account number when you will have money

on your Liberty Reserve account).

Thats all, this is easy, you just need to read and register on this websites.

All Liberty Reserve exchangers need some documents to verify, exchanger this is 3rd party person who will only exchange

money to your LR account and then you will transfer it to our Liberty Reserve account.

We can accept ONLY Liberty Reserve. Sorry, but all other payment methods are not secure for us.

Btw exhere.com is exchanger from Liberty Reserve https://www.libertyreserve.com/en/exchangers approved list.

----------------------------------------------------------------------------------------------

HOWTO GET YOUR DATA BACK:

You have already see files like for example database.mdb(!! to decrypt email id 1111111 to ouremail@gmail.com !!).exe
This is about 50 symbols password protected AES archive contains your file.

You just need password to decrypt it and get your original file from this archive.

How encrypt process working:

1. For example database.mdb is source file wich will encrypted to database.mdb(!! to decrypt email id 1111111 to

ouremail@gmail.com !!).exe

2. Then original file database.mdb secure deleted from your disk drive using sectors owerwriting.

3. Original file database.mdb now in AES password protected archive.

This is impossible to crack archive with password like this (this is NOT 6-8 symbols simple password, and have trillions

combinations to bruteforce and 1000000's years to brute it).

This passwords is unique and randomly generated for each computer.

We also take care to secure delete password from your system, previously had copy password to our database of course.

After payment (and once again, ONLY after payment) we will get you passwords and decrypt tool, so you will not need to

decrypt each file manualy. Just run it on your server and your files will be decrypted on all disk drives.

How decrypt process working:

1. You will put 2 passwords given by us in decrypt tool and start it.

2. Our decrypt tool scan your disk drives for files like database.mdb(!! to decrypt email id 1111111 to

ouremail@gmail.com !!).exe

3. Encrypt files like database.mdb(!! to decrypt email id 1111111 to ouremail@gmail.com !!).exe, so you will get

unencypted original file database.mdb

4. Delete decrypted database.mdb(!! to decrypt email id 1111111 to ouremail@gmail.com !!).exe because you will not need

more decrypted file, you will have your original source file database.mdb

Also we will get you desktop unlock code and you can run decrypt tool.

Thank You.