Inicio de zonavirus, antivirus
SATINFO

NUEVA VERSION DE UTILIDAD ELISTARA 27.95 YA DISPONIBLE (CONTROLA ULTIMO RANSOMWARE Antichild Spam Porn Protection 2.0 from 22.03.2013)

msc hotline sat
martes, 25 de junio de 2013

Acabamos de subir a nuestra web la version 27.95 del ElistarA que ya controla la nueva variante de RANSOM ANTICHILD que empaqueta con WinRAR AUTOEXTRAIBLE CON PASSWORD los ficheros de datos que encuentra en los ordenadores afectados, pidiendo pago por rescate (que segun versiones asciende a 5000 USD):


---v27.95-(25 de Junio del 2013) (Muestras de Ransom.AntiChild "SVCHOST.EXE")


En un HTML de uno de los ordenadores afectados, se observa esta informacion del hacker:


Warning! Access to your computer is limited. Your files has been encrypted.

Have you already see that your files are encrypted and desktop locked?

Please don't panic and send us angry emails or scare us to send claims in police, fbi or others - this is useless.

Please read this instruction carefully, then you will get answers to most of your questions.
We don't answer to questions which already was answered in this instructions. Do not waste our and your time.

Stupid questions like - "I have backup and need only 1-2 files and can pay you only 500,1000,1500$ USD etc., We have a small business, this amount is too high" - will be ignored.

Have backup - restore your files from it.

We know that in most cases this is lie, you have no backups and just trying to trick us to get discounts and pay less amount.

Our minimal price for your files is 4000$ USD. We don't get passwords for free or for 500,1000,1500$ USD etc. We know that you have money.

Information to persons who believe that professionals can decrypt files:

**** Now only WE can get you the true password to decrypt all your files.
You can write to Dr.Web, Eset, Panda and other antivirus and security or datarestore companies, but now this is useless. This "Anti-Child Porn Spam Protection - 2.0 version" you have is from 22.03.2013 - more than 3 month passed and no one helped to get password or decrypt files. Yes, we know there was the vulnerability to generate password in previous version using our software folders names which was generated using the same pseudorandom generator which was generate passwords.

Now to generate folders names didn't using any generators. Also password generates using both generators pseudorandom plus cryptographic safe pseudorandom generator.

If you will not pay us forgot about your files forever. Password generation vulnerability fixed and there is using rar AES archives with very strong password and this is unreal to crack. If you don't believe read forums about rar - there are only one way to crack it - use bruteforce, but this is only in theory, because to brute passwords like used by us it's need trillions years even if you will use all computers in the World.

May be you think that you can find password on your server? No, password will be copied by us and securely deleted. Source files also secure deleted - data restore software will not help you.

Of course you don't believe in our words, so read forums or ask cryptologists. Now files encrypted using our software (winrar + very strong password using new right and safe generation method) is locked forever, no one will help you, all talks like - We can't help now but we will write you if we will found the method to generate password etc. is bullshit. If it was possible to get password and decrypt it was be already done, but more than 3 month passed and no results. They just does not want to recognize their full rout.

Also you can read on bleepingcomputer.com forum about multi-round sha-1 degradation method which was using to generate password in previous version this is bullshit post to deceive us, we already know the true vulnerability and was successefully fixed it.

P.S. Our software is don't like others encryptors which usually will be cracked and files will be decrypted within 1-2 weeks. Don't try to use decrypt tools for other encryptors, this is really bullshit to believe that this will be help. Our software is unique and now called: "Anti-Child Porn Spam Protection - 2.0 version from 22.03.2013" previous version called simple "Anti-Child Porn Spam Protection".

Other info about Why you locked, Our Guarantees about decrypt your files after payment, About payment and other info you can read below, just scroll down.


Latest Updates (lesson learned, bugs fixed).

You have Antichild Spam Porn Protection 2.0 from 22.03.2013. What's new?

1. Now we have 2 randomly generated cryptographic safe passwords, unlike the previous version when it will be a chance to generate passwords in certain circumstances. Now generating password is impossible in all cases.

2. Now files are encrypted using 2 randomly generated cryptographic safe passwords from 80 to 114 characters long, unlike one 55 characters long password and not cryptographic safe pseudorandom number generator in he previous version.

Now password look's like this:

First password: 9DF19AB897351C2A0A0FE18A6A73722EDM66BSAl3jBe2a3K8L275j34525b3&E=4RDP4-9y8Q1j3zDa9G9u3bD04t4dFuEO7M2%4zFT
( 104 characters long)

Second password: 6B1783B4656C5433B430F2CC28070B4E6^1HDq9JEV1+9L0SFr9(6aDu3rF8Cg6X7gC3F#D07LAxFgAD7&9G1%6S4k4YFzEm7^2g4PF*C%9y2T92
(112 characters long)

**** Now only WE can get you the true password to decrypt all your files.

You will read in this instructions about:

1. Why?

2. Our Guarantees

3. General Info

4. About Payment

5. How to get your data back

6. How decrypt process working

1. Why?

We have detected spam advertises illegal sites with child pornography from your computer.
This contradicts law and harm other network users and in this case we have to do next steps:

1. Block access to your desktop.

2. Encrypt your files using Advanced Encryption Standard and 256 symblols randomly generated password and delete source files using DOD 5220.22-M.
(DOD 5220.22-M is the Department of Defense clearing and sanitizing standard - You cant recover your files - NEVER).

3. Sent this randomly generated password to our secure server and delete this password from your computer. (you cant get this password -NEVER)

This password is unique for each computer and stored on our secure server(and then erasing from this server and sending to us) and in each encrypted file.

**** Warning! Don’t delete any our software config files, because it can start encrypt process again and we can’t get you warranty that we will decrypt all your files! In this case you may be loose part of your files forever. If you dont know what to do - better do nothing. ****

2. Our Guarantees

You can send one encrypted file (jpg or bmp or other picture, no a document or not any important file for you) to us and as soon as we decrypt them we send them to you and it will proof that we are able to decrypt them all. Please don't send us important data like databases etc. to decrypt, because if we will decrypt it and send to you - you will pay us 0$.

We had decrypt databases files to some people and after this they did not pay us any money.
After you will pay us, sure we give you passwords and decrypt tool and of course you can decrypt all your files including databases files.

To send file to us better use sendspace.com (just upload and send link to us) because gmail can block any .exe extensions.

Our guarantee is your decrypting file.

So we dont need to lock your files forever, we just need a money for our work.

Also send us your ID number.

3. General Info

You will need to buy some ecurrency (equal 4000$ USD) in some internet payment system. 4000$ USD is a minimal price and cannot be less, no any discounts even if you need only 1 file. When we get payment we will send you passwords and decryption tool to unlock all your files.

You can send files or your computer to any experts or antivirus companies, recovery companies but you just lose your time, money and nerves.

You can go to the police or fbi or other departments - but this is will not help you, we are working about 12 month and no one can trace us, because we are working using chain of servers in different countries and using only offshore ecurrency internet payment systems as payment method (We will not accept Western Union or Bank Transfer directly to us, because this is not secure for us.) and withdrawal money using anonymous offshore bank accounts and ATM cards belong to other people.

4. About Payment

You will need to buy some ecurrency (equal 4000$ USD) in some internet payment system. We will not accept Western Union or Bank Transfer directly to us, because this is not secure for us. Contact us and we will give you payment instructions.

5. How to get your data back

You have already see files like for example database.mdb(!! to decrypt email id 1111111 to ouremail@gmail.com !!).exe
This is about 256 symbols password protected AES archive contains your file.

You just need password to decrypt it and get your original file from this archive.

How encrypt process working:

1. For example database.mdb is source file wich will encrypted to database.mdb(!! to decrypt email id 1111111 to ouremail@gmail.com !!).exe

2. Then original file database.mdb secure deleted from your disk drive using sectors owerwriting.

3. Original file database.mdb now in AES password protected archive.

This is impossible to crack archive with password like this (this is NOT 6-8 symbols simple password, and have trillions combinations to bruteforce and 1000000's years to brute it).

This passwords is unique and randomly generated for each computer.

We also take care to secure delete password from your system, previously had copy password to our database of course.

After payment (and once again, ONLY after payment) we will get you passwords and decrypt tool, so you will not need to decrypt each file manualy. Just run it on your server and your files will be decrypted on all disk drives.

6. How decrypt process working

1. You will put 2 passwords given by us in decrypt tool and start it.

2. Our decrypt tool scan your disk drives for files like database.mdb(!! to decrypt email id 1111111 to ouremail@gmail.com !!).exe

3. Encrypt files like database.mdb(!! to get password email id 1111111 to ouremail@gmail.com !!).exe, so you will get unencypted original file database.mdb

4. Delete decrypted database.mdb(!! to get password email id 1111111 to ouremail@gmail.com !!).exe because you will not need more decrypted file, you will have your original source file database.mdb

Also we will get you desktop unlock code and you can run decrypt tool.

Thank You.


Your ID Number and our contacts (please write down this data):

Your Id #: 72473369 Our special service email: spainsecfs@gmail.com


Si bien el nuevo ElistarA no desempaquetará los ficheros empaquetados con password, eliminará la actual variante de malware que lo ha provocado, con lo que recuperando los datos con una copia de seguridad, ya se acabará la pesadilla !

Vean tambien las noticias que hemos publicado hoy al respecto, en las últimas comunicaciones anteriores en este medio.

Si hay mas novedades al respecto, informaremos puntualmente.

saludos

ms, 25-6-2013

RSS Noticias AntivirusRSS Noticias Articulos AntivirusRSS Articulos RSS Descargas AntivirusRSS Descargas

>> Compartir

comparte con tus amigos, zonavirus.com
Redes Sociales en zonavirus

>> FaceBook