Locked .PAAS Ransomware attack

[lokustus]

That's very sad to hear bro, however I don't really think you could restore your files because it is pretty usual that some RANSOMWARES uses long (very secure) encriptions, so it could take you years if you try to decript files

now, I haven't fought against a RANSOMWARE but I think that you just should do the thing as you would do with any virus, try to start from a boot device and format (a CD if it is possible in order to avoid any kind of "trick" from the malware against removable devices)

Don't worry, you can return all your files!
All your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.
The only method of recovering files is to purchase decrypt tool and unique key for you.
This software will decrypt all your encrypted files.
What guarantees you have?
You can send one of your encrypted file from your PC and we decrypt it for free.
But we can decrypt only 1 file for free. File must not contain valuable information.
You can get and look video overview decrypt tool:

You must be registered for see links

Price of private key and decrypt software is $980.
Discount 50% available if you contact us first 72 hours, that's price for you is $490.
Please note that you'll never restore your data without payment.
Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.


To get this software you need write on our e-mail:
[email protected]

Reserve e-mail address to contact us:
[email protected]

Your personal ID:
0219OIWojlj48RiebW7vxoWoUstl3lXB9GD976YUwQZDOsqxRC4e

I don't wanna sound like a phool or try to annoy but I don't know if you can comment links, dude
@TheMacGyver could you help me?

 

[Cyler]

Ok guys and girls, time to have some closure here.

Facts:

• Ransomware is not something magical. It doesn't get transmitted without your will or without you doing anything. It's a virus-like or malware-like program and as such, it needs to have an entry point in your system. Either by email "open this attachment to win $10.000.000" or masking as a program, or addon or something similar a user has to execute it in order to get infected.
• Once you get the ransomware and If it detects the internet, it gets a unique key from its server. Once that happens, and for the time being, your files will get encrypted with a unique key that was applied to you ONLY. That key is virtually impossible to be found and only the manufacturer knows it. If it doesn't detect the internet (highly unlikely) then it uses one of the predefined keys which maybe can be found. Assume tho that in your case it got in contact with its command and deploy server.

So what do we do?

• You can use a search engine and search for "ransomware decryptor tools" and see which one is offering to try to decrypt your specific variant and give it a try.
• One lesser-known feature of windows is called volume shadow copies which sadly a lot of custom windows disable. This makes a shadow copy (backup) of our file when we modify it and it's better to be thought of as a versioning tool. By using this tool (I include the URL in case there is a new update in the future) https://www.shadowexplorer.com/downloads.html you can explore possible shadow copies of files (again, if you haven't disabled the service) and maybe you get lucky.
• Some ransomware in order to be able to encrypt as many files as possible without getting caught by showing high system activity, they only encrypt the first 150kb of a file and not the entire file. So in some cases of large video files, (after making a copy) you can rename them and try to open them in a video editor. There is a chance you will get few seconds of static at the start but salvage the video. The same can happen for some RAR/ZIP/7z files as they can repair and only discard the bad portion but still salvage some files.
• Tho the new ransomware disable system restore, give it a try to at least restore some of your programs. Sadly system restore doesn't restore user data.
• Of course all the above need to happen AFTER you clean your system from the malware. The process is the same as any virus and instructions can be found on the net. Even better, remove and disinfect the hard disk using another system when possible.
• If all the above fail, store the files somewhere and hope in the future that a fix will be made/released.
• Honestly, after you try anything you can, format the PC with new windows unless you are THAT good with PCs. I would never trust a PC with malware even if it got removed. All it takes is to forget one file or not Medicines the entry point and you will be having the same problem again soon.

How to prevent it?

Same as any other malicious program and virus​

• Use common sense. If you find somewhere a Medicines or a program that you can't find anywhere else... guess what.
• If you find a file that promises unrealistic things ( software to Medicines every program...), guess what again.
• Dont open emails from people you don't know, especially when they promise you unrealistic things.
• Dont visit every stupid site you see on the net and furthermore don't download anything you see from it. It's your own greed that caused you the problem.
• I know it's been said 1000 times but for F@#$ Sake keep a backup of your most important files. Google gives 15GB, Mega gives 50Gb and there are many other solutions too. A movie or a program or even an mp3 can be found again, pictures of your loved ones, documents of your work, etc CAN NOT. Those don't even take a lot of space. Back them up ONLINE and off the PC.
• Always scan ANY INCOMING FILE. Have a folder named incoming or new or whatever, and always double, or even triple scan ANY file you download. Especially if it's from a source you don't know. It may be a slight inconvenience, but losing your valuable files and time, is more. Never assume anything is safe.
• Did I say to use common sense?

Sorry for the bad news but that's reality and I don't like to give people fake hopes. This thread will close and I hope we all learned something.