Re: [tor-talk] Going by instructions from somebody, probably microsoft or Mozilla or both

[Chris Dagdigian <dag@xxxxxxxxxxxx>]

Hi Jerry

Bad news I'm afraid. From that email you posted it looks like your 
computer has been hijacked by ransomware and all (or most of your files) 
are encrypted and will only be unlocked if you pay a ransom to the 
criminal gang.

This is a very common thing (search google for 'ransomeware' or 
whatever). It's a big problem.  In the past the gangs had made technical 
mistakes and there were some solutions posted on the net as to how to 
unlock the files. Sadly the recent round of ransomware tends to be good 
enough such that there is no real solution other than:

(1) Paying the ransom and getting the key to unlock your files

(2) Not paying the ransom, wiping your computer and restoring from a 
safe backup

Even police departments have been nailed by this, and yes, they paid the 
ransom to the criminal game

NOTE:

***
This has nothing to do with Microsoft, Mozilla or even this mailing list 
(Tor).
***

You were directed to Tor because the one of the websites the criminals 
want you to connect (the one ending in ".onion") is  only visible as a 
hidden service on the  Tor network

All of this happened because you let malware on your computer and it was 
able to take over (again, not necessarily your fault depending on the 
attack vector ...) . This may not be the only thing you should be afraid 
of - as these criminals often install other software on the system 
including software that may be monitoring what you type (to steal 
passwords) or other personal info.

There are no easy answers or painless solutions if the email is real and 
your files are locked by ransomeware. You either need to pay the 
criminals or accept the lost of your files (and then wipe and rebuild 
your computer with a higher level of security)




> Jerry McMichael <mailto:jerryvmc@xxxxxxxxx>
> January 29, 2016 at 4:22 PM
> Okay as you said, signed up; now can someone help with what is going on
> with the following Notebook message received as my Mozilla browser was
> opened, and especially is that the correct solution to getting rid of all
> the .mico s that were added when this all happened to my desktop files.
> xxxx.txt.micro and xxxx.pdf.micro and does micro stand for microsoft so
> that microsoft is telling me the solution for all those encrypted files?
>
> The Message:
>
> __!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@#!@#!__!@
> #!@#!__!@#!@#!
> NOT YOUR LANGUAGE? USE https://translate.google.com
> What happened to your files ?
> All of your files were protected by a strong encryption with RSA-4096.
> More information about the encryption keys using RSA-4096 can be found
> here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)
> How did this happen ?
> !!! Specially for your PC was generated personal RSA-4096 KEY, both 
> public
> and private.
> !!! ALL YOUR FILES were encrypted with the public key, which has been
> transferred to your computer via the Internet.
> Decrypting of your files is only possible with the help of the private 
> key
> and decrypt program, which is on our secret server.
> What do I do ?
> So, there are two ways you can choose: wait for a miracle and get your
> price doubled, or start obtaining BTC NOW, and restore your data easy way.
> If You have really valuable data, you better not waste your time, because
> there is no other way to get your files, except make a payment.
> For more specific instructions, please visit your personal home page,
> there are a few different addresses pointing to your page below:
> 1. http://q5ndhhtnk345urs.baungam.com/48ADED8F7554BC7
> 2. http://y5bsdmnfb254fsh.nomaalkyl.com/48ADED8F7554BC7
> 3. http://e3mvjm8fn5jfnks.gregorole.com/48ADED8F7554BC7
> If for some reasons the addresses are not available, follow these steps:
> 1. Download and install tor-browser:
> http://www.torproject.org/projects/torbrowser.html.en
> 2. After a successful installation, run the browser and wait for
> initialization.
> 3. Type in the address bar: wbozgklno6x2vfrk.onion/48ADED8F7554BC7
> 4. Follow the instructions on the site.
> !!! IMPORTANT INFORMATION:
> !!! Your personal pages:
> http://q5ndhhtnk345urs.baungam.com/48ADED8F7554BC7
> http://y5bsdmnfb254fsh.nomaalkyl.com/48ADED8F7554BC7
> http://e3mvjm8fn5jfnks.gregorole.com/48ADED8F7554BC7
> !!! Your personal page in TOR Browser:
> wbozgklno6x2vfrk.onion/48ADED8F7554BC7
> !!! Your personal identification ID: 48ADED8F7554BC7
> ----------------------------------------------------------------------------
> ----------------------------
>
> And since it might help I attached the Mozilla html copy.
>
> thank you,
>
> Jerry McMichael
>
> By the way, did I tell you that I followed the instructions, went to your
> TOR website, joined, and sent as per instructions the 7 messages. 
> However,
> what I am worried about is being able to read some of my many passwords
> that are now in notepad on desktop is some kind of .micro encrypted
> format.
>
> Hope that is enough info.
>
> "

--
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk