I was talking to someone in the Design lab last night about ransom ware attacks. I’m seeing more and more attempts at the work lately (support line at an ISP, we see a lot of things…) Most recent ones are calling into the company first with a fair amount of harvested data about specific people… They call in, ask for one of their intended victims and have a conversation with them, and attempt to socially engineer them into opening the infected attachment in the email that they are going to send. Which then attempts to find the most critical files it can access on the network, encrypts them, and deletes the originals. After it finishes locking up all the things, it displays a ransom message offering to sell you the keys for some bitcoins.
Some months ago, we successfully decrypted some files that were locked up using the Nemucod trojan, using this tool:
At some point, I’m sure it’ll be useful to someone on this forum. Enough of us do some tech support for friends and family…