.1btc Ransomware attack #Lockcrypt Family

Discussion in 'Forum News and Updates' started by Lunarpole, Feb 20, 2018.

  1. Lunarpole

    Lunarpole Platinum Record

    Joined:
    May 5, 2016
    Messages:
    264
    Likes Received:
    209
    Hi guys 1 of my server system is got encrypted with ransomware with extension .1btc

    If you guys have any idea that if there is any decryptor is available do let me know.

    The ID of ransomware is ID R8W2RM4578DXTX48

    As per my knowledge this ransomware is from Lockcrypt family.
     
  2.  
  3. loCurnus

    loCurnus Ultrasonic

    Joined:
    Oct 23, 2011
    Messages:
    91
    Likes Received:
    26
    Location:
    Smallville
  4. Olymoon

    Olymoon MODERATOR Staff Member

    Joined:
    Jan 31, 2012
    Messages:
    5,808
    Likes Received:
    4,456
    F** Mofos ... Cowards stilling from the poors .. :knock:
     
    • Like Like x 2
    • Love it! Love it! x 1
    • List
  5. Lunarpole

    Lunarpole Platinum Record

    Joined:
    May 5, 2016
    Messages:
    264
    Likes Received:
    209
    Yeah they are asking for 2 bitcoins which is around 10000 $ i think
     
  6. Do you know how the virus got in to your system? Doesn't help you much, but may save someone else.
     
  7. Lunarpole

    Lunarpole Platinum Record

    Joined:
    May 5, 2016
    Messages:
    264
    Likes Received:
    209
    it came from Brute RDP which is windows remote desktop protocol. RDP usually used to remotely access your server machines with port 3389 but i dont know how they are exploiting RDP
    some ransomware exploits some email ports to enter your system but this .1BTC ransomware is exploiting only RDP as of now.SO main target is machines running microsoft server 2012 and 2008 as of now
     
  8. usernone

    usernone Producer

    Joined:
    Jun 19, 2011
    Messages:
    156
    Likes Received:
    92
    2 bitcoins is $23,400 USD right now.

    I'm sorry to hear about your woes, my friend. Is there any way to get your machine offline, pull out the hard drive, then use a disk docking station to retrieve your important stuff; then perform a format and reinstall of windows?

    If so, this is your best bet. Just be careful to not spread the virus onto another machine.... Perhaps use safe mode on the other computer while reading/retrieving your files.
     
    Last edited: Feb 20, 2018
  9. Lunarpole

    Lunarpole Platinum Record

    Joined:
    May 5, 2016
    Messages:
    264
    Likes Received:
    209
    I already remove this virus.But the files are still encrypted :disco:
     
  10. loCurnus

    loCurnus Ultrasonic

    Joined:
    Oct 23, 2011
    Messages:
    91
    Likes Received:
    26
    Location:
    Smallville
  11. HPF

    HPF Kapellmeister

    Joined:
    Jun 23, 2012
    Messages:
    201
    Likes Received:
    56
    Location:
    Block 4
    teach your server not to visit porn sites while on duty. creepy stuff, havent seen anything like this in real. my last virus infection was on purpose back in 99 - you need to take care of your network security - seriously. if you run windows you need anti malware/virus on every maschine connected directly or indirectly to the web. and switch to another os on your server as theres nothing ms servers do better than linux
     
    Last edited: Feb 20, 2018
    • Agree Agree x 2
    • Disagree Disagree x 1
    • List
  12. Lunarpole

    Lunarpole Platinum Record

    Joined:
    May 5, 2016
    Messages:
    264
    Likes Received:
    209
    Haha seems like you never ever visited or learn about how IT infrastructure works. Check about wanna cry ransomware which shook half of the world last year.It didn't even spare the hospitals all data got encrypted.
    Do you think that hospital archival data server was visiting porn sites :no:. It can happen to everybody. It didn't happen to you because most of the time they target corporate world not the local computers.
     
  13. HPF

    HPF Kapellmeister

    Joined:
    Jun 23, 2012
    Messages:
    201
    Likes Received:
    56
    Location:
    Block 4
    If you knew anything about it you wouldnt get infected in first place, youd had your server up and running in no time without serious data loss and wouldnt ask for a solution on an audio forum
     
  14. Lunarpole

    Lunarpole Platinum Record

    Joined:
    May 5, 2016
    Messages:
    264
    Likes Received:
    209
    Dont provoke me to write anything nasty.
    :bleh:
    I know how things work and i was just asking for decryptor.
    Since its warez site so i was expecting if somebody is having any idea for decryptor.
    And mind you they sent ransomware in disguise of far cry crack.so you never know.
    So beware nexttime :bleh:
     
    Last edited: Feb 21, 2018
    • Winner Winner x 3
    • Funny Funny x 1
    • List
  15. loCurnus

    loCurnus Ultrasonic

    Joined:
    Oct 23, 2011
    Messages:
    91
    Likes Received:
    26
    Location:
    Smallville
    just infect you network with senseFULL viruses like a bitcoin digger.... :)
     
  16. bigboobs

    bigboobs Kapellmeister

    Joined:
    Oct 10, 2011
    Messages:
    331
    Likes Received:
    58
    Ransomware is bad, but:

    No backup?
    Your fault!

    Especially on _servers_ !
     
  17. Lunarpole

    Lunarpole Platinum Record

    Joined:
    May 5, 2016
    Messages:
    264
    Likes Received:
    209
    I have backup :bleh:

    Otherwise i would be like :suicide:
     
    • Like Like x 4
    • Funny Funny x 2
    • List
  18. mozee

    mozee Audiosexual

    Joined:
    Jun 29, 2016
    Messages:
    639
    Likes Received:
    562
    Your best option now would be to just wipe it down, restore, and lock it down.

    Unless you have both keys to the cypher and the algo [you have the short key: R8W2RM4578DXTX48] decrypting it without the long key which could be anything is a fool's errand. Things like this is why distributed clustered RNDs are becoming more important.

    I want to wax and wane poetic about MS Server vs SE *NIX but as it will do no good now and maybe not even be up to you - I recognize that it would be in poor taste.
     
  19. Macro Steffan

    Macro Steffan Newbie

    Joined:
    May 1, 2018
    Messages:
    1
    Likes Received:
    0
    Being a Windows OS user, I am too much familiar with .1btc Ransomware attack. Because somedays ago, my System files also locked with .1btc file extension. I was also too much worried and like you I also didn't want to pay ransom fee. I shared my problem with one of the my friend who is a technical expert. He advised me an appropriate .1btc Ransomware removal instruction. If you are also want to deal with such a ransomware attack then you must visit - http://www.removemalwarevirus.com/eliminate-btc-ransomware-easy-way-to-delete-btc-ransomware
     
  20. SineWave

    SineWave Audiosexual

    Joined:
    Sep 4, 2011
    Messages:
    4,273
    Likes Received:
    3,369
    Location:
    Where the sun doesn't shine.
    Perhaps use a Debian Live CD instead. That is something most of the viruses wouldn't even understand. :wink:
     
  21. Kwissbeats

    Kwissbeats Audiosexual

    Joined:
    Mar 31, 2014
    Messages:
    1,559
    Likes Received:
    652
    You've never posted here before, sorry if I'm wrong but clicking on your link is the last thing we should do.
    especially in retrospect of this topic.
     
Loading...
Similar Threads - 1btc Ransomware attack Forum Date
NAS systems by QNAP & Asustor affected by Deadbolt Ransomware Computer Hardware Feb 23, 2022
ThiefQuest ransomware on Mac. Thoughts? Industry News Jul 7, 2020
Beware! New Mac Ransomware On The Scene. Live, Little Snitch, Mixed In Key. Mac / Hackintosh Jul 2, 2020
Ransomware on OSx 10.12 (sierra) Mac / Hackintosh Jun 28, 2020
arturia v collection 6 6.21 r2r ransomware false positve? Software Oct 20, 2018
Loading...