Apparu fin en mars 2016, ce Crypto-Ransomware (rançongiciel chiffreur de fichiers)
vise essentiellement les systèmes d'exploitation Windows. Si vous avez eu ce Ransomware, votre Windows a probablement été infecté par d'autres malwares : vos informations bancaires et identifiants ont peut être été volés. Ces infections sont installées à partir de vidéos YouTube faisant la promotion de cracks, dont un fichier FCPrimal.exe, un crack pour Fay Cry.
Pour plus d'informations, se reporter à la page : Ransomware : un moyen de monétiser
Les documents chiffrés par ce ransomware ont une extension .locked
Le fond d'écran a été modifié avec les instructions de lire le fichier qui explique comment payer :
uh oh. It looks like your files has been encrypted.
Look at READ_IT.txt on your Desktop for a solution.
Les instructions de paiements contenu dans le fichier READ_IT.txt
, la rançon est de 200 $ US.
Le paiement se fait en Bitcoin comme c'est souvent le cas avec ce type de malware :
Code : Tout sélectionner
(If you are in Notepad, please click the Format menu above ^^^^ and click Word Wrap)
Uh oh. It looks like your data has been the victim of the encryption thief. Your files have been encrypted with AES: search your drive for "locked" if you don't believe me . Unfortunately you're going to have to pay some money to get your files back and your fee is approximately $200 in US Dollars. I'll get right to the ugly details for that:
* You have 72 hours to make this happen as of 12/03/2016 21:03:16. Otherwise, your files are lost for good. I will delete the necessary code for all time and I don't even have to revisit your machine to do it.
* You will be paying by Bitcoin. Don't worry, it is easy to figure out. Your fee is 0.501049 BTC. Pay this amount precisely, or I might not know who it was that paid in order to rescue them.
* Use LocalBitcoins.com. It isn't hard to use, there are numerous ways to pay for my bitcoins on there, and most importantly, it is fast. Did I mention you have 72 hours?
* The address you will be sending the bitcoins to is 192awRvM4V8LS24GSHj6o3v2fVQ5QYh4pB .
* Then you will wait for me to get the unlock code for you. Your code will be shown here, http://let-me-help-you-with-that.webnode.com/ , under the amount you paid. This may take a day or so: you are on my schedule now :P
* Once you have the code, you can unlock your files as follows:
*** First you must download my decrypter: http://we.tl/L2dUFWqdJa . You may get various warnings that this is a Trojan or some other nonsense. Don't believe it: if I needed to cause more damage I would have done so already. The file is marked as such because the antivirus people are lazy SOBs and just mark everything they can.
*** Go to your Start Menu
*** In the search field, type "cmd".
*** Double click the cmd program.
*** Type "cd C:\Users\xxx\Downloads"
*** Type "Decrypter.exe <Your Code>"
*** Other people's codes will not work for you, obviously.
That is basically it. The rest of this document is a further description about your situation.
* You'll never be able to find me. Police will never be able to find me. Go ahead and try them if you like, but don't expect your data back. They will be concerned about helping the community, not with helping you meet your deadline. If they say they need to keep your desktop for a few days, well lol, you probably won't be seeing your machine again soon, let alone your data. I've been doing this for five years now and haven't been caught yet.
* Best Buy will have no ability to undo the encryption. Hell, even the NSA probably couldn't undo it. Well maybe they could, but I suspect you won't be a high priority for their computation clusters for at least a couple of years.
* In 72 hours, you will never be able to get these files open. I don't much like people struggling against the powerful and there is no way for you to argue for an extension. Just make it happen.
So just be thankful that it wasn't worse. I could have asked for more money. I could have been working for ISIS and saving that money to behead children. I could have been a mean SOB and just destroyed your data outright. Am I those things? No. I just need the money to live off of (true story) and don't care at all about the hacker "community". So there isn't anyone you will be protecting by sacrificing yourself. I'll just encrypt more people's data to make up for the loss.
So you have your instructions. I'll even tell you how you could have prevented this:
* Install a good antivirus and keep it up to date. This is basically where you fell down.
* Don't click on any file from the internet that isn't a piece of data like (jpg, txt, doc) or you better really know where that file came from.
* Back up your files in case the encryption thief visits you. :P
Better luck to you in the future.
La détection d'une des variantes :
Nom du fichier : 9b6c5f6b6a9a6205423ca09b810c9f82.exe
Ratio de détection : 16 / 57
Date d'analyse : 2016-03-12 18:24:22 UTC (il y a 1 heure, 41 minutes)
Antivirus Résultat Mise à jour
ALYac Gen:Variant.Kazy.302663 20160312
Ad-Aware Gen:Variant.Kazy.302663 20160312
AegisLab Gen.Variant.Kazy!c 20160312
Arcabit Trojan.Kazy.D49E47 20160312
Avast Win32:Malware-gen 20160312
BitDefender Gen:Variant.Kazy.302663 20160312
ESET-NOD32 a variant of MSIL/Injector.OLU 20160312
Emsisoft Gen:Variant.Kazy.302663 (B) 20160312
F-Secure Gen:Variant.Kazy.302663 20160312
Fortinet MSIL/Injector.OLU!tr 20160312
GData Gen:Variant.Kazy.302663 20160312
Kaspersky UDS:DangerousObject.Multi.Generic 20160312
McAfee-GW-Edition BehavesLike.Win32.Trojan.gc 20160312
eScan Gen:Variant.Kazy.302663 20160312
Qihoo-360 Win32/Trojan.aa4 20160312
Symantec SAPE.Heur.BF3D7 20160310
Sécuriser son Windows
Afin de sécuriser son Windows et éviter les ransomwares et d'autres menaces connues sur la toile, suivre le tutoriel de sécurisation de son Windows.
=> Sécuriser son Windows