[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Going by instructions from somebody, probably microsoft or Mozilla or both

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] Going by instructions from somebody, probably microsoft or Mozilla or both
From: aka <akademiker1@xxxxxxxxxxxxxx>
Date: Sun, 31 Jan 2016 00:53:22 +0100
Delivered-to: archiver@xxxxxxxx
Delivery-date: Sat, 30 Jan 2016 18:53:48 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=from:subject:to:references:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=HXnmH9S516ErS/OCeSGYEsgeqFyPzd/5F30SfZVmAuw=; b=D3krtu8uVFSequ/FwMm7JSGUQsIEpM7TtfTpX8/salAbBTuQJmEr+tDzolWZBnAYVZ sao8nesQDzioaDsmKjXwL3DE4nacN2Q9QsH3n6er02AAmlpBulkKbFoK05h5YGReIcrv FB89F8IHiUKxsJFVtMPS0xJLNa+VmuaR6gEBkvOiKcc0PSF76TP3bpQtIr5rXQdQPZk6 N7nnrm89zosHVjFBR4grYj1tnIKhSOBagLfL6I8XOH6ZxefnLBIqbSmgEPFHN+8QuJU7 5Mk+GUasrxJe1DZ9Q6sBVIqTAtUp1WVhdMcPj+wRHKmbxLqrlnZKN0bbdutT/di+pEx8 fyTA==
In-reply-to: <56ABDC18.1010803@xxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <9586cb3256694477bf3611a27b1db891@xxxxxxxxx> <56ABDC18.1010803@xxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0

You should also check if you have multiple instances of ransomware on
your computer. If it happens to be so, the ransomwares encrypted each
other and you won't be able to recover the files, even if you pay both
ransoms. Cryptolockers are truly destructive.

Chris Dagdigian:
> Hi Jerry
> 
> Bad news I'm afraid. From that email you posted it looks like your
> computer has been hijacked by ransomware and all (or most of your files)
> are encrypted and will only be unlocked if you pay a ransom to the
> criminal gang.
> 
> This is a very common thing (search google for 'ransomeware' or
> whatever). It's a big problem.  In the past the gangs had made technical
> mistakes and there were some solutions posted on the net as to how to
> unlock the files. Sadly the recent round of ransomware tends to be good
> enough such that there is no real solution other than:
> 
> (1) Paying the ransom and getting the key to unlock your files
> 
> (2) Not paying the ransom, wiping your computer and restoring from a
> safe backup
> 
> Even police departments have been nailed by this, and yes, they paid the
> ransom to the criminal game
> 
> NOTE:
> 
> ***
> This has nothing to do with Microsoft, Mozilla or even this mailing list
> (Tor).
> ***
> 
> You were directed to Tor because the one of the websites the criminals
> want you to connect (the one ending in ".onion") is  only visible as a
> hidden service on the  Tor network
> 
> All of this happened because you let malware on your computer and it was
> able to take over (again, not necessarily your fault depending on the
> attack vector ...) . This may not be the only thing you should be afraid
> of - as these criminals often install other software on the system
> including software that may be monitoring what you type (to steal
> passwords) or other personal info.
> 
> There are no easy answers or painless solutions if the email is real and
> your files are locked by ransomeware. You either need to pay the
> criminals or accept the lost of your files (and then wipe and rebuild
> your computer with a higher level of security)
> 
> 
> 
> 
>> Jerry McMichael <mailto:jerryvmc@xxxxxxxxx>
>> January 29, 2016 at 4:22 PM
>> Okay as you said, signed up; now can someone help with what is going on
>> with the following Notebook message received as my Mozilla browser was
>> opened, and especially is that the correct solution to getting rid of all
>> the .mico s that were added when this all happened to my desktop files.
>> xxxx.txt.micro and xxxx.pdf.micro and does micro stand for microsoft so
>> that microsoft is telling me the solution for all those encrypted files?
>>
>> The Message:
>>
>> __!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@
>>
>> #!@#!__!@#!@#!
>> NOT YOUR LANGUAGE? USE https://translate.google.com
>> What happened to your files ?
>> All of your files were protected by a strong encryption with RSA-4096.
>> More information about the encryption keys using RSA-4096 can be found
>> here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
>> How did this happen ?
>> !!! Specially for your PC was generated personal RSA-4096 KEY, both
>> public
>> and private.
>> !!! ALL YOUR FILES were encrypted with the public key, which has been
>> transferred to your computer via the Internet.
>> Decrypting of your files is only possible with the help of the private
>> key
>> and decrypt program, which is on our secret server.
>> What do I do ?
>> So, there are two ways you can choose: wait for a miracle and get your
>> price doubled, or start obtaining BTC NOW, and restore your data easy
>> way.
>> If You have really valuable data, you better not waste your time, because
>> there is no other way to get your files, except make a payment.
>> For more specific instructions, please visit your personal home page,
>> there are a few different addresses pointing to your page below:
>> 1. http://q5ndhhtnk345urs.baungam.com/48ADED8F7554BC7
>> 2. http://y5bsdmnfb254fsh.nomaalkyl.com/48ADED8F7554BC7
>> 3. http://e3mvjm8fn5jfnks.gregorole.com/48ADED8F7554BC7
>> If for some reasons the addresses are not available, follow these steps:
>> 1. Download and install tor-browser:
>> http://www.torproject.org/projects/torbrowser.html.en
>> 2. After a successful installation, run the browser and wait for
>> initialization.
>> 3. Type in the address bar: wbozgklno6x2vfrk.onion/48ADED8F7554BC7
>> 4. Follow the instructions on the site.
>> !!! IMPORTANT INFORMATION:
>> !!! Your personal pages:
>> http://q5ndhhtnk345urs.baungam.com/48ADED8F7554BC7
>> http://y5bsdmnfb254fsh.nomaalkyl.com/48ADED8F7554BC7
>> http://e3mvjm8fn5jfnks.gregorole.com/48ADED8F7554BC7
>> !!! Your personal page in TOR Browser:
>> wbozgklno6x2vfrk.onion/48ADED8F7554BC7
>> !!! Your personal identification ID: 48ADED8F7554BC7
>> ----------------------------------------------------------------------------
>>
>> ----------------------------
>>
>> And since it might help I attached the Mozilla html copy.
>>
>> thank you,
>>
>> Jerry McMichael
>>
>> By the way, did I tell you that I followed the instructions, went to your
>> TOR website, joined, and sent as per instructions the 7 messages.
>> However,
>> what I am worried about is being able to read some of my many passwords
>> that are now in notepad on desktop is some kind of .micro encrypted
>> format.
>>
>> Hope that is enough info.
>>
>> "
>>
>>
>>
> 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] Going by instructions from somebody, probably microsoft or Mozilla or both
  - From: Jerry McMichael
- Re: [tor-talk] Going by instructions from somebody, probably microsoft or Mozilla or both
  - From: Chris Dagdigian

Prev by Author: Re: [tor-talk] Using VPN less safe?
Next by Author: Re: [tor-talk] Danish data retention on steroids
Previous by thread: Re: [tor-talk] Going by instructions from somebody, probably microsoft or Mozilla or both
Next by thread: [tor-talk] message disappeared on smartermail {dumber} server
Index(es):
- Author
- Thread