Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Microsoft just killed the Windows 10 Beta Channel again

Featured Deal: Study ethical hacking in this comprehensive $40 course bundle deal

Latest Buyer's Guide: PureVPN review: How good is it in 2024?

PSAUX/EJECT

Started by tininek19 , Aug 06 2024 03:57 PM

Please log in to reply

2 replies to this topic

#1 tininek19

Members
2 posts
OFFLINE

Local time:02:00 PM

Posted 06 August 2024 - 03:57 PM

I had some idiots somehow gain access to my virtual machine on dedicated server no one knew about it as have only set it up to test.

after that they did encryption with eject i didnt care too much about it as there was nothing there.

but after few weeks they gained access to my main dedicated server where i had some files i needed they not that important but it would save me time if i could get it back

Files end with .psaux

Note on ssh left

You have been hacked by PSAUX

All your files have been encrypted.

To restore access, you can contact us in two ways:

1. Telegram: @psauxsec

2. Session: Download the Session application and contact us with

3. Session ID: telegram.

Payment must be made in cryptocurrency.

The price for decryption is 400 dollars.

If our Telegram account is banned, please use Session to contact us.

After payment, you will receive a key to run the decrypter script

on your system to restore your files.

All your database is downloaded and if you are not going to pay in next 3 days

its going to be published in darknet. Best Regards!

Download Session: http://getsession.org/download/

Ransomware Made by Cat

thank you

Back to top

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 quietman7

Bleepin' Gumshoe

Global Moderator
62,740 posts
ONLINE

Gender:Male
Location:Virginia, USA
Local time:09:00 AM

Posted 06 August 2024 - 04:23 PM

The .eject extension has been used by Phobos but it will have an <ID>-<victim id*** random 8 hex char>.[<email>] or <id>-<victim id*** random 8 hex char-4 numbers>.[<email>] followed by the extension.

.id[7A702A1B-2846].[helpyoubus11@tutanota.com].eject

but after few weeks they gained access to my main dedicated serve...Files end with .psaux

What is the actual name of the ransom note?

Please attach the original (unedited) ransom note and several samples of encrypted files (different formats - doc, png, jpg) AND its original (unencrypted) file for comparison so our crypto malware experts can manually inspect them and possibly identify/confirm the infection if they see this topic. To attach sample encrypted files, they must be submitted in a "zip file" format. After that, click the More Reply Options button in the bottom right corner of the Board Editor, then click the Choose File button under Attach Files.

.
.
Microsoft MVP Alumni 2023, Windows Insider MVP 2017-2020, MVP Reconnect 2016-2023

Microsoft MVP Consumer Security 2007-2015
Member of UNITE, Unified Network of Instructors and Trusted Eliminators
Retired Police Officer, Federal Agent and Coast Guard Chief

If I have been helpful & you'd like to consider a donation, click