Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About CSRTech

  • Rank
    New Member

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Not to mention they didn't even work on the PC they were supposed to work on. Incompetent Crooks!
  2. DEC.exe was the first; DEC1.exe was the second (original name was also DEC.exe) dec.exe dec1.exe
  3. 3 weeks ago our Server was compromised by weak passwords and an open/non-standard RDP port. Compound that with a failed backup scheme which had not been checked for a while and we have a worst case scenario here. The file extension for the encrypted files is PAYCYKA. ID Ransomware has identified this attack as a GlobeImposter 2.0 infection by the demand file named "how_to_back_files.html" (attached) and referenced a "[email protected]" email address. The initial ransom demand of 2 bitcoins was paid and we were provided a "dec.exe" file which failed to decrypt the encrypted file
  • Create New...