All of my pictures and tons of albums all look like this. Is it too late? :(

success.trendmicro.com/solution/1114221-downloading-and-using-the-trend-micro-ransomware-file-decryptor

Alright OP here. It infected the one hard drive and I removed everything. What can I do before it spreads. It has been a while. I am prepared to reformat but just wondering if I can do anything to prevent this from taking over.

install gentoo

install gentoo

Your system cannot be trusted. Wipe everything, including all external drives that have touched this system since (or shortly before) the infection. Restore from backups made well before the infection.

Reboot into safe-mode immediately and start cleaning out startup folders, suspicious services (via msconfig perhaps) and remove suspicious reg keys from the following:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce

Then do a virus scan with Malwarebytes or w/e.

malwarebites is currently showing nothing.

Should I still go into safe mode.

What's the file extension

No clue I wiped that out

.opisafaggot

Yeah, it'll stop most shit from running at startup. Then you should check those reg keys

what

go here

id-ransomware.malwarehunterteam.com/

figure out what it is, if it's listed. download the executable if there's a way to decrypt.

had a friend who had this - the type of virus was "nemucod". the files had a .crypted extension. downloaded an executable and needed an original version of a file and an encrypted one. it generated a key and suggested you try a few different files (which i did, and the key was the same for each). it ran through the hard drive with the key and decrypted everything. i had to also uncheck a field in one of the tabs so that it would get rid of the encrypted files after it decrypted them.

hope this helps.

>id-ransomware.malwarehunterteam.com/

jesus I just wiped everything I had on the one hard drive. Pictures that I will never get back, I wish I knew this sooner, but thank you for your help.

Quick, recover everything with Recuva before you start writing to the drive again.

>have multiple drives
>not making backups of pictures
l

o

l

Well the other drive was basically the backup. I had moved them all to that drive to keep them safe , but the thing I installed to get me the virus went to that drive.

what did you install?

i have my shit backed up but ransom-ware is terrifying.

I can recover the files, but they are encrypted. Is it possible that if I recover the files then I also recover the virus.

I was downloading an emulator and clicked on a link in a youtube description. The video had well over 200,000 views so I thought it would be trusty, lo and behold it was not.

Just don't recover anything that has an .exe extension and you'll be fine. All of the files to recover will have filename like in your OP image.

Once again proving that video games are wrong and bad.

Yeah I know I was good for so long, didn't play for a long time. Friend told me to play a League match with him one day and I've been non stop on my computer playing games (not League)

Try to dox him, find out who he is and kill him or hire a killer on tor.
Any person who does this should be killed.
Or you know, be a submissive beta cuck and pay him.
Or maybe file a police report, I dunno.

OP you're being stupid.
Get all the encrypted files onto an external drive. Use recuva if need be. Wipe the internal drive. Do fresh Windows install. Try the decrypters in this thread. Only recover pictures, documents, etc. STAY AWAY from recovering programs and such. Once you have all the pictures and shit decrypted, put them on a different drive and wipe the drive of encrypted shit, and then start keeping backups.

i'd;
- reinstall windows (disconnect all non-OS disks until an AV is installed/active)
- scan all of your disks with a good AV
- restore lost data from backups
in that order

>moved
>backup

m8, it's not a backup if it's you're /only copy/

a backup, by definition, is a second copy

are you new to youtube? a video of a dog farting could probably get more hits than that, it's meaningless

hopefully you can recover. that website saved my friend's ass so lemme know how it plays out (provided you haven't given up).

I wonder why gmail didn't block the attacker assuming he was smart enough to use Tor.
Why was the instruction for BC payment not included in the first note.
If the process is easy enough the (normie) victim will not even bother to lookup whether the encryption key can be retrieved for free.
>OP use your search engine btw

He downloaded an exe file listed in a YT video.

The probability that this actually uses a rootkit/autostarts and will not be detected by a freeware AVscanner is slim. Its feasible that the rware is so crappy the data is lost even when he pays up.

Not using Google Photos for that extra backup

Inb4 but le googolz is evil wiff my pics

>Yeah I am completely aware of that. I know I am dumb. Is there any way of recovering though.
Reinstall OS and restore from backup?

Shadow Copies

>Pictures that I will never get back
Wait, don't you have backups?

>Not using encrypted lossy flif on Google cold storage
>being a pleb

Replace windows with Linux, you will be able to access your remaining files and the encryption program won't be able to run.

>Well the other drive was basically the backup.
HAHAHAHAHAHAHAHAHA

okay kid you deserved losing your shit

i hope you learned something about backups

Unlikely, yes, but why risk it? With a suitable backup procedure in place, very little effort is needed to nuke from orbit.

thanks, you've motivated me to write ransomware that targets google cloud

I doubt OP is smart enough for a good backupplan

I need to set up a backup solution to run on my NAS that supports incremental backups, implements TM-style revisions, and doesn't trust the client completely (so that ransomware can't damage the backup).

Just grab Shadow Explorer, or mount the Shadow Copy location to a Visible Location, like C:/ and overwrite the encrypted files with their originals.
It's not that hard, but you've got a chance they exist in an un-encrypted form. You can google how to use Shadow Copies.

also back up to permanent cold storage in case your NAS blows up

I recommend blu-ray or, for really important stuff, m-disc. The latter will basically last forever.

Where do you find randomware?

and ask the hitman to stream it pls

>emulator and clicked on a link in a youtube description
weew was it a PS4 emulator or something retarded like that? All the best emulators are free software.

My mothers workplace got ransomware'd very similar to this if not by the exact same group.

Talked with the IT guy about what he did to fix it, said he went around with a hard drive and manually decrypted every single (there were around 60) PCs drive and wiped them. Since the data backup company wasn't legally allowed to send him the backup files unless it was to the currently at the time infected network.