# Extortion via Computer



## DWSmith (Nov 4, 2014)

So my computer started to act a little funny last Friday 10/31. The desktop shortcuts started to flash to solid white occasionally. Everything was so very slow! I received an error message that FEMIY.exe stopped working, MSIEXEC.exe stopped working, BHYVTFGHJU stopped working and one other. I wasn't able to use the system recovery and Zone Alarm wasn't functioning. 

Monday morning things went from bad to worse and a message appeared stating all of the files were locked tight and I had to sent them $500 in Bitcoins in order to receive the unlock code. If you have ever tried to purchase Bitcoins, that is a monumental chore in itself. This morning I have to send the NY "bank" $500 in Fresh $100 bills along with another $10 bill by overnight. Once they receive the cashs, I will receive from them whatever I need to transfer the 1.52 Bitcoins to the criminal who is extorting the cash out of my business. 

Right now I am not certain I will be able to use the computer to send them the Bitcoins since everything is so sloooooooow and not working well. If I am able to get back up and running I will get the necessary data out of the hard drive and trash the entire drive. I don't trust the criminals and I would assume they could launch another attack if I leave any trace of the data on the hard drive. 

Be careful out there. This cyber locker is a very tough pill to swallow.


Sent from my iPad using Kitchen Knife Forum


----------



## larrybard (Nov 4, 2014)

Sorry to hear. I assume you didn't have your files recently backed up so that you could start all over. I've heard of this and similar extortion schemes before. http://krebsonsecurity.com/2014/06/2014-the-year-extortion-went-mainstream/ Don't know what protective software would insulate against it in future. I use Webroot but not sure what it may specifically have. Good luck.


----------



## skiajl6297 (Nov 4, 2014)

I assume you called the police rather than paying anyone correct?


----------



## gic (Nov 4, 2014)

What antivirus softwar are you using? What operating system?


----------



## knyfeknerd (Nov 4, 2014)

David, there is a very slim chance they will actually unlock your computer. I would just call it a loss and use the ransom money towards another computer.


----------



## Matus (Nov 4, 2014)

That is a painful reminder on software security. But regular backup (bootable) and/or not using Windows would help a lot.


----------



## EdipisReks (Nov 4, 2014)

I would just wipe the machine and put a fresh install on. I certainly wouldn't pay extortion.


----------



## DWSmith (Nov 4, 2014)

Money has been sent in the hopes they will unlock the computer. I can't simply walk away, all the business records are there as well as customer emails and orders. Once I get it unlocked, I will get what I can off the hard drive and trash it. It will be expensive to get a new copy of Windows 7 and MS office but that is what I use for everything. 

I will let everyone know how this turns out.


Sent from my iPad using Kitchen Knife Forum


----------



## larrybard (Nov 4, 2014)

I don't know how this malware works, but if you intend to download files from the hard drive if and when your computer is unlocked, make sure you at least first scan the files with one or more excellent security programs before reloading the files on another machine. Otherwise I think you run the risk of copying the malware into your new computer.


----------



## skiajl6297 (Nov 4, 2014)

Contact police, and report the crime.
http://www.ic3.gov/default.aspx


----------



## EdipisReks (Nov 4, 2014)

These programs usually encrypt drives. The actual files themselves are unlikely to be infected with anything, though scanning is always a good idea. What I would do is buy a new hard drive, put a fresh copy of Windows on it (you should be able to buy an OEM licensed version for fairly cheap), and put the old drive in as a slave (if this is a tower) or into a usb drive enclosure (if this is a laptop). I also suggest keeping regular backups on a drive that you don't keep connected to the computer, except for when backups are actually happening. A second backup, to a cloud drive, would also be a good idea. There are free alternatives to MS Office, like Libre Office and Open Office, which work pretty well. Anyway, if you had good backups you could have just wiped the machine and not lost anything. It's a tough lesson, but a good one.


----------



## larrybard (Nov 4, 2014)

Don't know if it would help, but you might want to look at Microsoft's suggestions for dealing with "ransomware": http://www.microsoft.com/security/portal/mmpc/shared/ransomware.aspx


----------



## JDA_NC (Nov 4, 2014)

I agree that sending money sounds like a terrible idea.

Unplug your computer and contact any of the nearby local computer security companies (there are plenty in the Triad or Triangle), tell them your story, and I'm sure they would have no issue helping you out. You might even find someone looking for a new cutting board and they'd be willing to do a trade in services.

https://www.google.com/search?q=gre...la:en-US:official&client=firefox-a&channel=sb

^ Here are a few results in Greensboro

http://www.tcsusa.com/ Looks like a good place to start. Their number is 336-804-8449 if you're having a hard time pulling up their website. 

Best of luck! Sounds like a horrible situation to be in.


----------



## x737 (Nov 4, 2014)

David, check this one out: http://www.pcworld.com/article/2462...te-that-frees-your-files-from-ransomware.html


----------



## JDA_NC (Nov 4, 2014)

Too late to edit my post but I forgot to say that if you are willing to drive out to Durham, I can vouch that Net Friends ( http://www.netfriends.com/ ) are good people. I dealt with them over a decade ago but they are a local company and have been around for a long time. They are good at what they do.


----------



## orangehero (Nov 4, 2014)

Seriously don't send the money they are not going to unlock your computer. You don't need cash to buy bitcoins either so that might not happen as well.


----------



## Namaxy (Nov 4, 2014)

Unfortunately, crypto-locker malware is real and virtually impossible to unlock, and usually infects any attached USB drives as well. As our company IT guy always preaches, data that exists in only one location does not exist at all.

I feel terrible this has happened to you. Sadly best choice is not to pay, and implement a fail safe data back up plan going forward.


----------



## JMJones (Nov 4, 2014)

I use a backup of my entire system on carbonite for about fifty bucks a year. It backs up constantly. My last laptop blue screened. I put it down, took a shower and headed to bestbuy and was back to work in about an hour and a half.


----------



## Norton (Nov 4, 2014)

Sorry you felt you had to pay the ransom. For future reference, it's almost always possible to recover from these things. In your case doing a google search for something like "msiexec bitcoin virus" would give you many hits (I just did it and got > 5,000), some of which would help you access your computer and salvage your business files (for example, booting up on a Windows CD).

The police are worse than useless in these cases.


----------



## Zwiefel (Nov 4, 2014)

EdipisReks said:


> These programs usually encrypt drives. The actual files themselves are unlikely to be infected with anything, though scanning is always a good idea. What I would do is buy a new hard drive, put a fresh copy of Windows on it (you should be able to buy an OEM licensed version for fairly cheap), and put the old drive in as a slave (if this is a tower) or into a usb drive enclosure (if this is a laptop). I also suggest keeping regular backups on a drive that you don't keep connected to the computer, except for when backups are actually happening. A second backup, to a cloud drive, would also be a good idea. There are free alternatives to MS Office, like Libre Office and Open Office, which work pretty well. Anyway, if you had good backups you could have just wiped the machine and not lost anything. It's a tough lesson, but a good one.



This. All. Day. Long.

I have 9 backups of everything at all times, with 1 copy being in a fireproof safe, rotate bi-monthly. OK OK OK...that makes me crazy....but which one of us on this forum is sane...think about your sharpening setup, wish list, post count, and knife collection before responding 

That really sucks David. Good luck to getting access back. Regardless of that outcome, please please get a backup system in place. Even if it's only a couple of 64GB usb sticks that you rotate. I've been doing this for a while and despite 4 harddrive crashes, I've never lost a single file.


----------



## KimBronnum (Nov 4, 2014)

Zwiefel - I know it wasn´t your main point but what an accurate description you made above... Point taken. I´m going to get backup of my Mac.


----------



## Lucretia (Nov 4, 2014)

Another option would be to make a bootable USB stick or cd using Linux and see if you can access your files. There's a description here on creating the bootable USB. And it's free, so other than the time to do it you won't be out anything.


----------



## gic (Nov 4, 2014)

YOu don't need to get a new copy of windows 7 and msoffice, you just need the keys. If you download and run belarc adviser nd get a print out (a free great program) it will give you this information. (I recommend people use belarc every time they install a program.

Here's what you need to try whether or not the bastards get you back your data. 

Run windows restore using a restore point prior to say 10/24/14. Then download and then run belarc advisor and get a printout. Then, call Microsoft and they will tell you how to download copies of the software which you can restore using the keys that Belarc Adviser gave you. do the same for quickbooks etc

Here's an article on windows restore:

http://windows.microsoft.com/en-us/windows7/products/features/system-restore

If you are having trouble with Microsoft or need some advice you can PM me and we can set up a time so I can talk you through it or send you the software bits you will need.

But basically ransomware is the worst thing, I had to restore a friends machine to factory state in orde to be sure his drive was clean. 

Carbonite or the equivalent are great because once installed they work transparently to you


----------



## Stumblinman (Nov 4, 2014)

That sucks, you should find a shop that recovers harddrives.

http://www.pcworld.com/article/2084002/how-to-rescue-your-pc-from-ransomware.html


----------



## Matus (Nov 5, 2014)

KimBronnum said:


> Zwiefel - I know it wasn´t your main point but what an accurate description you made above... Point taken. I´m going to get backup of my Mac.



CarbonCopyClone works really nicely for that. Should my laptop SSD die, than I will just swap it for the backup HDD, buy new SSD, make new copy and then keep using the HDD as backup. In fact - this is the procedure I used to change my original HDD for SSD as I did not want to install everything from scratch.


----------



## Vesteroid (Nov 5, 2014)

Suspect it too late to stop you, but this is an absolute scam. You are throwing good money after bad.


----------



## CoqaVin (Nov 5, 2014)

I never give money to anyone EVER, that I have no idea about, so many scams out there


----------



## WingKKF (Nov 5, 2014)

Sorry about your situation. This is why if you use a computer, you have to know some basic safety rules. Don't install or run any programs that does not come from a reputable company or from a site that you do not recognize. That tantalizing video that requires you to download and install a "codec" to watch? Gotcha! That "free/pirated" software program/ebook/music/video that requires a "download manager" to be installed before you can download it? Gotcha! That email attachment that is an executable you need to run to see something great? Gotcha! Keep your OS/web browser/flash plugin updated and the chance of you getting malware is going to very low. All antivirus software does is give you a false sense of security. I never use AV software and by following these basic guidelines I've never been infected. Also backup religiously especially data you cannot afford to lose.


----------



## DWSmith (Nov 5, 2014)

I did manage to have FedEx return the package with the payment. Will be back here tomorrow. (I know I sounded stupid sending money like that but it was a combination of frustration and stupidity, a terrible combination, that made me think I only had one option.

This morning I tried to go through safe mode and system restore to get to a point prior to the infection. Didn't work. So I called an old and trusted friend who runs a local computer company and they now have the computer and will clean the virus from the hard drive. I plan to have them install another hard drive, download a new copy of Windows, scrub the old drive clean of everything and use the old drive as a back up drive. I wasn't able to get the key code for Office so I might have to buy another copy and install it. 

Looks like I might be back in business very soon and not poorer for paying a criminal his extortion money. So all I will be out is a little money paid to a reputable computer company to fix the computer, a little money to purchase some more software and a little time spent trying to get back to normal. Lesson learner, keep a secure back up close by!


Sent from my iPad using Kitchen Knife Forum


----------



## gic (Nov 5, 2014)

Call the manufacturer, they should give you a code for windows. Did you activate office? If so call Msft and see if they will figure out your office code based on things like your motherboard and mac address...


----------



## x737 (Nov 5, 2014)

David, if you decide to buy a new installation of MS Office consider subscribing to Office 365 instead. For 100 dollars per year you get 5 installations (that you can manage the way you like, deleting old installs and installing on new machines) and automatic updates to the latest version as soon as it is issued. Or go the free way with LibreOffice, it will still do most of the tasks an undemanding user usually performs.


----------



## Lizzardborn (Nov 5, 2014)

If you had a licensed copy of MS office - call MS Support first and explain the situation. Do not buy new copy. 

Retail MS office is bound to you, OEM to the machine - so if you were using OEM software call the persons you bought it from.

That kind of ransomware is nasty - I managed to save a friend's PC while encrypting - the machine was so slow that it literally needed 24 hours to encrypt everything. 

Backup regularly. A minimum rule is - important data should be in 3 places, in 2 separate locations.


----------



## Bill13 (Nov 5, 2014)

David, sorry to hear of your problems but that is great news you were able to reach FedEx and get the money back.


----------



## Zwiefel (Nov 5, 2014)

Great news. I hope it goes swimmingly!



The BoardSMITH said:


> I did manage to have FedEx return the package with the payment. Will be back here tomorrow. (I know I sounded stupid sending money like that but it was a combination of frustration and stupidity, a terrible combination, that made me think I only had one option.
> 
> This morning I tried to go through safe mode and system restore to get to a point prior to the infection. Didn't work. So I called an old and trusted friend who runs a local computer company and they now have the computer and will clean the virus from the hard drive. I plan to have them install another hard drive, download a new copy of Windows, scrub the old drive clean of everything and use the old drive as a back up drive. I wasn't able to get the key code for Office so I might have to buy another copy and install it.
> 
> ...


----------



## knyfeknerd (Nov 5, 2014)

YES! Awesome news David! I'm so happy you didn't pay the ransom! Best of luck to you going forward.


----------



## DWSmith (Nov 5, 2014)

Thanks for all the replies. The computer company has the computer, they have the license key for Windows 7 and I found the key for Office 2013 this afternoon. Big lesson learned; I will have a back up method in place once the computer is back in the shop and I will keep it separate and back up weekly.

I may just go the Office 365 way a little later. More expensive in the long run but keeping a new and fresh version might just be the way to go.


----------



## Zwiefel (Nov 5, 2014)

Music to my ears. Backups are so easy and solve so many problems. 

I'll offer one more suggestion on backups: create a folder named "David" or "The BoardSMITH" or whatever in the root of your c: drive (e.g. c:\David) and put EVERYTHING you care about in that folder. Every. Thing. Now you only have to backup a single folder, or copy a single folder. It makes this so much easier. Then just be disciplined whenever you save something, don't takes the windows default directories, which will scatter things all over the place.

Hope they can recover your files from the harddrive. 



The BoardSMITH said:


> Thanks for all the replies. The computer company has the computer, they have the license key for Windows 7 and I found the key for Office 2013 this afternoon. Big lesson learned; I will have a back up method in place once the computer is back in the shop and I will keep it separate and back up weekly.
> 
> I may just go the Office 365 way a little later. More expensive in the long run but keeping a new and fresh version might just be the way to go.


----------



## Vesteroid (Nov 5, 2014)

Pay the yearly fee for carbonite and be done with it. Best piece of mind for the least effort


----------



## gic (Nov 6, 2014)

+1 on the carbonite or equivalent


----------



## Matus (Nov 6, 2014)

Glad to hear that the things changed course in the positive direction.


----------



## TurdMuffin (Nov 20, 2014)

In the future, if for whatever reason, you need a new copy of windows and/or office and you know any students, they can probably get it pretty cheap through their university. I got microsoft office last fall for $60 and i noticed i could download windows 7 or 8 for that same price. Not sure if other universities have the same availability but i would assume most do, especially state schools.


----------



## 99Limited (Nov 20, 2014)

TurdMuffin said:


> In the future, if for whatever reason, you need a new copy of windows and/or office and you know any students, they can probably get it pretty cheap through their university. I got microsoft office last fall for $60 and i noticed i could download windows 7 or 8 for that same price. Not sure if other universities have the same availability but i would assume most do, especially state schools.



Yep, you can walk into any college book store and pick up all kinds of cheap software, no questions asked. Even if the cashier asked for an id, you could give them some BS story about picking it up for your kid to help them out.


----------

