Just had a customer hit with similar - mentioning 'decryptfiles.com' in the renamed file.
Which looks like another CryptoLocker variant. -- Alan Bourke alanpbourke (at) fastmail (dot) fm On Wed, 7 Oct 2015, at 11:54 AM, Michael Madigan wrote: > A gazillion man hours wasted across the world and no punishment for the > perp. > From: Paul Hill <[email protected]> > To: ProFox Email List <[email protected]> > Sent: Wednesday, October 7, 2015 3:52 AM > Subject: Another new ransomware > > Hi All, > > I found possible new ransomware at a site today. > > There were many dbf files that had been renamed. For example: > > HS_0WIN.DBF > > was renamed to: > > [email protected] > > I tried renaming this file back but it was corrupt. Looking in the > file it seemed scrambled (probably encrypted?). > > I found these all over the place. Did not find a ransom note. > I'm guessing 'hairullah' wants money to decrypt these. > > Luckily this site had a backup only a few hours old. > > -- > Paul > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/1444218949.3092600.403693881.3f3e8...@webmail.messagingengine.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
