Possibly TeslaCrypt, which is a CryptoLocker variant. https://securelist.com/blog/research/71371/teslacrypt-2-0-disguised-as-cryptowall/
-- Alan Bourke alanpbourke (at) fastmail (dot) fm On Wed, 7 Oct 2015, at 08:52 AM, Paul Hill wrote: > Hi All, > > I found possible new ransomware at a site today. > > There were many dbf files that had been renamed. For example: > > HS_0WIN.DBF > > was renamed to: > > [email protected] > > I tried renaming this file back but it was corrupt. Looking in the > file it seemed scrambled (probably encrypted?). > > I found these all over the place. Did not find a ransom note. > I'm guessing 'hairullah' wants money to decrypt these. > > Luckily this site had a backup only a few hours old. > > -- > Paul > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/1444210033.3045746.403583889.6d311...@webmail.messagingengine.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
