interesting topic, as is this http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt-broken
On Fri, Mar 21, 2014 at 9:38 PM, James Pogue <[email protected]> wrote: > My eyes are failing me in my old age..... We had the Crypto locker virus > not the BitCrypt. > > > > Thanks again, > > > > *From:* [email protected] [mailto: > [email protected]] *On Behalf Of *James Pogue > *Sent:* Friday, March 21, 2014 3:36 PM > > *To:* [email protected] > *Subject:* RE: [mssms] System infected with Bitcrypt virus > > > > My company had the same Virus / Ransomware. It uses what appears to be a > windows exploit, but elevating permissions to run and doesn't trigger UAC. > It's disguised as a hidden system file and no AV that I have tested can > detect it if all the system files are hidden. However the AV's that I > tested would find it with the system files un hidden. > > > > This of course is not best practice for any environment so we had to find > another solution. We found that Malware Bytes will catch it no matter how > it's executed. > > > > It will run through and Encrypt everything including mapped drives. We > did find that it leaves a trail of its destruction in the registry and you > can export the files it's encrypted using a power shell script. > > > > Lastly, our backup system had failed for the drives we needed to restore > so rather than losing almost 6 months of work we took a chance and paid for > the decryption key, and it worked. The biggest struggle if getting a > BitCoin, because they don't seem to be allowing the Green Dot cards anymore. > > > > That's my two cent's hope it helps! > > > > Thanks again, > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *[email protected] > *Sent:* Friday, March 21, 2014 2:51 PM > *To:* [email protected] > *Subject:* RE: [mssms] System infected with Bitcrypt virus > > > > Odds are, your screwed. > > > > Hope you have a good backup of the data. > > > > *Christopher Catlett* > > Consultant | Detroit > > *[image: MCTS_2013_small]* > > > > *Sogeti USA* > > Office 248-876-9738 |Fax 877.406.9647 > > 26957 Northwestern Highway, Suite 130, Southfield, MI 48033-8456 > > www.us.sogeti.com > > > > *From:* [email protected] [ > mailto:[email protected] <[email protected]>] *On > Behalf Of *Rajan Hotmail > *Sent:* Friday, March 21, 2014 3:06 PM > *To:* [email protected]; [email protected] > *Subject:* [mssms] System infected with Bitcrypt virus > > > > Dear, > > > > > > One of my PC is infected with Virus with Bitcrypt virus. > Anyone have idea about this Virus and the how decrypt the all files? > > > > Regards > > Rajan > > > > > > > MiTek Holdings, Inc., 2011-2014, All Rights Reserved > ------------------------------ > > This communication (including any attachments) contains information which > is confidential and may also be privileged. It is for the exclusive use of > the intended recipient(s). If you are not the intended recipient(s), please > note that any distribution, copying, or use of this communication or the > information in it is strictly prohibited. If you have received this > communication in error, please notify the sender immediately and then > destroy any copies of it. > > > >
<<inline: image001.jpg>>
