New ransomware called Anti-Child Porn Spam Protection or ACCDFISA

I have NOTHING in my inbox from you. I replied to someone called Ice and someone called Nelson Lopez.

So don't go calling me a liar when i have cooperated with everybody that has messaged me. That includes two mods on here.

So how about you get your facts right before calling me a liar?

Idiot.

Relax Jamie, the quote that I posted is a forwarding of the mail that I sent you

You called me a liar and now you edited the message.

Yes, I edited my message, where's the problem? I called you a liar, and I retired. 

So, you know the solution to the accdfisa decryption?

Edited by soporte, 27 February 2014 - 11:26 AM.

This is simple ladies and gentlemen.

Mr jwatson claims he has a solution to this virus but refuses to post it on the forum as he is so concerned that the real perpetrators might be reading this forum whilst raking in their millions. Obviously they would never dare pretend to be a helpless victim and email him themselves ( no-one would expect them to be smarter than jwatson of course ). Nor would anyone that has suffered from this virus think to email jwatson and then post it on here anyway... The fact remains that no solution has been presented for peer review and scrutiny which indicates that there is no such solution and thus we are dealing with a delinquent troll. 

*TIP* if you don't feed the troll... they die!!

Peace and Love!   

P.S. expect a retort that goes something like " Fine, Be like that, I wont give the solution, you can all just suffer, I was only trying to help, you all suck, you are bullies and smell funny" as apposed to " you are correct, here is the solution I was being foolish..... ~~~~~SOLUTION~~~~~ " 
 

There simply is no solution to this, unless you have the decryption keys

If you think people haven't already deeply examined their hard drives with every possible method, including desperate days spent doing raw/deep scans to try and locate these remnants of the files containing the essential decryption keys, then you are sorely mistaken

There is no easy fix for this apart form paying the hackers, and nobody should be doing that either anyway

Consider your data lost for good, but also lucky to at least have a working hard drive after a format

If you claim to posses some simple fix/solution (impossible.) and at the same ask users who want their data to contact you directly, the obvious logic here is that you want to repeat a similar ransom scam on people who are desperate to still recover their data (except they CERTAINLY won't get anything in return for paying you) because anyone who truly understands the nature of this attack will know that there is no simple solution otherwise. Now you know why your post got deleted, and no, I had no part in deleting it, only a good laugh at your purported claim to have a solution to it

Edited by fragtion, 27 February 2014 - 03:53 PM.

It relies on you have shadow copies enabled - if they were, you can retrieve data, pre them getting encrypted, if you haven't then no. (and before anyone says, no not everybody would know to do this, I am a very experienced IT professional and this didn't come to my mind immediately)

For example, virus hit us on Sunday, however I set our shadow copies to run Mon-Fri, twice per day, so i was able to get my data from Friday.

No real damage done.

I really don't appreciate comments made by some of you when all i'm actually trying to do is help people with possibly recovering some data they deemed lost.

Problem with forums is everyone expects the worst in people and I feel like why the hell should i bother doing this sort of thing anymore, if i get comments like this.

Yes it made have seemed like I was doing something "dodgy", but really people, don't think the worst of someone without actually knowing them.

So Eros & Fragition, what you got to say now? If i was such a troll, surely I wouldnt then post what I did to recover my data? I am certainly no fool, nor a junior, and this will be the last time I bother trying to help anybody with IT problems.

Edited by jwatson, 27 February 2014 - 01:30 PM.

Fragtion, Is basically correct. It's all gone move on and learn. 

JWatson, Your solution is not a real solution as most those caught out did not have adiquate backups. Realtime shadow or mirrored backups are of no use unless they are to an isolated backup set that does not get over written as soon as a file is altered. You need the encryption keys and the order in which they were applied. If you have secure backups then you don't bother worrying about recovery of the hard drive just format, reload and configure and restore data from backup whatever you lose between last good backup and the hack is bad luck.

Lesson make sure that you have either archival backups of data onto separate backup sets that disconnects once the back up is complete and cannot be accessed by the external culprits and don't use the default RDP port, use a more secure VPN or Citrics for a remote solution.

Time to move on as painful as it might be.

Fair enough, but like i said, some people may benefit from it - as far as im aware, the shadow copies on server 2003 is done on time intervals and not real time. Mine didn't backup externally or online and i was still able to access them, all unencrypted.

I can't seem to send a file off to Dr.Webb using that submission form.

It keeps asking me to enter a valid serial number.

PLEASE HELP!

Hello Guys,

Looks like this subject has been dead for a while now with no solution, i have fallen a victim for this as well previously.

i managed to find the website the exe file got downloaded from and i downloaded it and made it a .daattff so it doesnt run and ruin my PC again.

my question here, would it help if i share this, some one could reverse engineer this and find the name of the file that holds the random passwords per pc , before it gets deleted, this way we can all recover that specific file and find the password generated for the PC infected?

hello i'm need a captured virus ramsonware 2.0 for infect an virtual machine and investigate the virus

thanks

hello i'm need a captured virus ramsonware 2.0 for infect an virtual machine and investigate the virus

thanks

Hi. You got it! Just rename to rar extension. Enjoy it!

Ransomware 2.0 = https://wsi.li/PS8m3owDc1eU

Hello,

My db server is infeced, I am completely blocked. Heeelp me is there any suggestions?