News, information, issues, discussions, solutions. News, information, issues, discussions, solutions.

[UPDATE] – TL;DR – Accounting firm gets Cryptolocker Virus. Tech wipes the server to clean it because he has Carbonite backups. He can’t remember password to the privately managed encryption key file and can’t download the firms backup. Everything lost. : talesfromtechsupport

I’ve been waiting to get some more info before I updated so here it is, with clarification on exactly what happened:

Here’s the original post – http://www.reddit.com/r/talesfromtechsupport/comments/1ps0ae/tldr_accounting_firm_gets_cryptolocker_virus_tech/

It turns out that what they wiped was ALL of the local backups — they still have the files that were encrypted by the virus.

I have spoken with the owner god knows how many times and it has been frustrating.

From the get-go, the owner’s actions have baffled me. I told her that if she just sent me the encrypted key, I’d see if I could crack it, but she’s apparently so tech-un-savvy that she simply doesn’t know how to do anything at all with it.

Her tech has been with her for more than a decade and is a family friend, however, he bolted and she can’t reach him.

Naturally, she’s pissed off as hell at him because, well, he deleted all the Carbonite backups, deleted Carbonite, forgot the password and can’t install it back.

From one of the comments in the last post, I learned that the hackers who created the virus are now allowing people to log into an onion site through Tor, send an encrypted file, pay about 2k in bitcoins, then they promise they’ll send the unencryption key plus a utility to unlock everything.

The owner is naturally skeptical that she’ll get the key after paying 2k, plus the world of the deep web may as well be wizardry, plus since her tech guy is AWOL, she really has no one to help her out.

I told her that I’d log into her server, grab the carbonite-encryption.pem key and see if I could get the password from it, but I guess she got too busy last night to do it.

This morning she sent me a text asking if we could do it today, however, it’s my birthday.

I don’t work on my birthday. At all. Period. Today is the day I fuck off and do precisely what I want, without thinking about anything other than doing fun things.

To that end, I’m going to eat food that’s bad for me, drink concoctions that will inebriate me, spend time with people of ill-repute, and do nothing at all of any value.

Tomorrow, when I get the file, I’m going to throw the 64-bit cuda version of hashcat at it and see what happens.

I’ve already pulled down a 2GB collection of dictionaries, but let’s be real — the odds are low.

This whole thing has been really bizarre. The owner should have thrown the $300 at the original people and gotten her shit back, the tech should have WRITTEN DOWN THE FUCKING PASSWORD, they never should have wiped the backups, deleted Carbonite, only had one backup, etc., but hey, this is the perfect storm of shitty and it is what it is.

I’ve learned a ton of interesting stuff so for that reason alone, it has been worth it.

Anyway, I’m off to get the mirror on my car fixed (fuck Mercedes and their $400 bill) that I foolishly cracked when I tapped the gates leaving my community, get a hair cut, and I’ll continue to snapchat the fuck out of the day.

Oh, and I’ve gotten the best snaps from you guys and it’s really fun, so if you’re bored, add me (Warlizard) and you TOO can see absolutely nothing of interest from the great state of Arizona 🙂

Laterz.

EDIT: First of all, wasn’t trying to be a pretentious fucktard about the mirror, was just angry with myself for being a dumbass and hitting the gate because I was trying to beat it closing.

Next, just had my car washed and the guys there are replacing the mirror, fixing the cracked turn signal on the front of it, fixing the crack in the bumper, repainting the bumper, detailing the car and wet-sanding / waxing the whole car for a bit more than the dealership wanted to just replace the mirror glass. So fuck the dealership.

The owner told the tech that he should cover half of the cost to get this shit fixed and that’s when he bolted. If I were in her shoes, I’d pay the 2k and hope I didn’t get fucked. It seems to me that the only way this scam works is if the hackers actually do what they say they’re going to do. Sure, some people would pay the 300 out of desperation and maybe some would lose, but when people start paying 2k, if someone, anyone doesn’t get their information back, then far fewer people would be inclined to pay at all.

Anyway, time to grab something to eat. I’ve been enjoying the snaps from you guys and the cool birthday wishes. I know that I’m not 5 years old and I shouldn’t give a shit about something as trivial as a birthday, but fuck it. I do. It’s fun and it’s what you make it.

EDIT 2: I know this really isn’t the place, but I need to source a good tech for a friend of mine who’s looking for a full-time IT guy to manage his offices. PC stuff, Server 2003/8, networking, etc. It’s a salaried position, not paying crazy, but about 35k plus health care. If anyone is interested and in the Phoenix area, please let me know. It’s a hodge-podge of crap and you will be unappreciated, plus the hours are long, but it’s an interesting challenge, mostly because managing a heterogeneous environment held together with duct-tape and the tears of the frustrated can be pretty fun.

via [UPDATE] – TL;DR – Accounting firm gets Cryptolocker Virus. Tech wipes the server to clean it because he has Carbonite backups. He can't remember password to the privately managed encryption key file and can't download the firms backup. Everything lost. : talesfromtechsupport.