0 Replies Latest reply on Apr 21, 2016 4:37 AM by bsys

    New ransomware ?! "momsbestfriend"

    bsys

      I have a pc infection with a new ransomware.

       

      no extension change on files, and apprears 2 files in all encrypted directories:

       

      dateINFECCIONZ.txt

      date000.KEY

       

      dateNFECCIONZ.txt contains this text:

       

      "

      YourID: NUMBERS

      PC: HOSTNAME

      USER: USER

      *********

      Hi there

       

      Your files are now encrypted. I have the key to decrypt them back.

      I will give you a decrypter if you pay me. Email me at:

      momsbestfriend@protonmail.com or torrenttracker@india.com

       

      If you don't get a reply or if both emails die, then contact me using a guaranteed, foolproof Bitmessage:

      download it form here https://github.com/mailchuck/PyBitmessage/releases/download/v0.5.8/Bitmessage-0. 5.8.exe

      Run it, click New Identity and then send me a message at BM-NBvzKEY8raDBKb9Gp1xZMRQpeU5svwg2

      Just remember that Bitmessage is slow, it takes 5 minutes to send a message and 15 to get a reply.

       

      Cheers

      "

      HOST

      W7 Pro

      EPO 5.02.188 (Combating Ransomware - Rev H in place)

      VSE 8.8.0.1528 SP7

      Engine 5800.7501

      DAT 8141

       

      Dont have any threat event and cant find any info about this.

      Anyone have detect that or more info ?

      Thanks.