I had the same client hit with some Cryptlocker variant for at least the 3rd time yesterday. I don't understand why their IT director still has a job.
-- rk -----Original Message----- From: ProfoxTech [mailto:[email protected]] On Behalf Of Alan Bourke Sent: Wednesday, October 07, 2015 7:56 AM To: [email protected] Subject: Re: Another new ransomware Just had a customer hit with similar - mentioning 'decryptfiles.com' in the renamed file. Which looks like another CryptoLocker variant. -- Alan Bourke alanpbourke (at) fastmail (dot) fm On Wed, 7 Oct 2015, at 11:54 AM, Michael Madigan wrote: > A gazillion man hours wasted across the world and no punishment for > the perp. > From: Paul Hill <[email protected]> > To: ProFox Email List <[email protected]> > Sent: Wednesday, October 7, 2015 3:52 AM > Subject: Another new ransomware > > Hi All, > > I found possible new ransomware at a site today. > > There were many dbf files that had been renamed. For example: > > HS_0WIN.DBF > > was renamed to: > > [email protected] > > I tried renaming this file back but it was corrupt. Looking in the > file it seemed scrambled (probably encrypted?). > > I found these all over the place. Did not find a ransom note. > I'm guessing 'hairullah' wants money to decrypt these. > > Luckily this site had a backup only a few hours old. > > -- > Paul > [excessive quoting removed by server] _______________________________________________ Post Messages to: [email protected] Subscription Maintenance: http://mail.leafe.com/mailman/listinfo/profox OT-free version of this list: http://mail.leafe.com/mailman/listinfo/profoxtech Searchable Archive: http://leafe.com/archives/search/profox This message: http://leafe.com/archives/byMID/profox/sn1pr10mb09289a9781b8ffc8d41b0994d2...@sn1pr10mb0928.namprd10.prod.outlook.com ** All postings, unless explicitly stated otherwise, are the opinions of the author, and do not constitute legal or medical advice. This statement is added to the messages for those lawyers who are too stupid to see the obvious.
