[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Going by instructions from somebody, probably microsoft or Mozilla or both

Hi Jerry

Bad news I'm afraid. From that email you posted it looks like your computer has been hijacked by ransomware and all (or most of your files) are encrypted and will only be unlocked if you pay a ransom to the criminal gang.

This is a very common thing (search google for 'ransomeware' or whatever). It's a big problem. In the past the gangs had made technical mistakes and there were some solutions posted on the net as to how to unlock the files. Sadly the recent round of ransomware tends to be good enough such that there is no real solution other than:

(1) Paying the ransom and getting the key to unlock your files

(2) Not paying the ransom, wiping your computer and restoring from a safe backup

Even police departments have been nailed by this, and yes, they paid the ransom to the criminal game


This has nothing to do with Microsoft, Mozilla or even this mailing list (Tor).

You were directed to Tor because the one of the websites the criminals want you to connect (the one ending in ".onion") is only visible as a hidden service on the Tor network

All of this happened because you let malware on your computer and it was able to take over (again, not necessarily your fault depending on the attack vector ...) . This may not be the only thing you should be afraid of - as these criminals often install other software on the system including software that may be monitoring what you type (to steal passwords) or other personal info.

There are no easy answers or painless solutions if the email is real and your files are locked by ransomeware. You either need to pay the criminals or accept the lost of your files (and then wipe and rebuild your computer with a higher level of security)

Jerry McMichael <mailto:jerryvmc@xxxxxxxxx>
January 29, 2016 at 4:22 PM
Okay as you said, signed up; now can someone help with what is going on
with the following Notebook message received as my Mozilla browser was
opened, and especially is that the correct solution to getting rid of all
the .mico s that were added when this all happened to my desktop files.
xxxx.txt.micro and xxxx.pdf.micro and does micro stand for microsoft so
that microsoft is telling me the solution for all those encrypted files?

The Message:

NOT YOUR LANGUAGE? USE https://translate.google.com
What happened to your files ?
All of your files were protected by a strong encryption with RSA-4096.
More information about the encryption keys using RSA-4096 can be found
here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
How did this happen ?
!!! Specially for your PC was generated personal RSA-4096 KEY, both public
and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been
transferred to your computer via the Internet.
Decrypting of your files is only possible with the help of the private key
and decrypt program, which is on our secret server.
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your
price doubled, or start obtaining BTC NOW, and restore your data easy way.
If You have really valuable data, you better not waste your time, because
there is no other way to get your files, except make a payment.
For more specific instructions, please visit your personal home page,
there are a few different addresses pointing to your page below:
1. http://q5ndhhtnk345urs.baungam.com/48ADED8F7554BC7
2. http://y5bsdmnfb254fsh.nomaalkyl.com/48ADED8F7554BC7
3. http://e3mvjm8fn5jfnks.gregorole.com/48ADED8F7554BC7
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser:
2. After a successful installation, run the browser and wait for
3. Type in the address bar: wbozgklno6x2vfrk.onion/48ADED8F7554BC7
4. Follow the instructions on the site.
!!! Your personal pages:
!!! Your personal page in TOR Browser:
!!! Your personal identification ID: 48ADED8F7554BC7

And since it might help I attached the Mozilla html copy.

thank you,

Jerry McMichael

By the way, did I tell you that I followed the instructions, went to your
TOR website, joined, and sent as per instructions the 7 messages. However,
what I am worried about is being able to read some of my many passwords
that are now in notepad on desktop is some kind of .micro encrypted

Hope that is enough info.


tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to