Sign in to follow this  
Lucas Vieira

Traces of Ransomware

Recommended Posts

Hello developers, and friends from the community!
I would like to pass on some information (if I may say so) about the traces of the Ransomware that attacked and encrypted my files.

After I received the attack and corrupted my notebook, I was unable to turn it on (blue screen).
I reinstalled the Windows image on top of the old version of the operating system, and I was looking for traces of the programs that attacked me and trying to figure out how it happened, possibly.
Reinstalling the Windows image on top of the old one, the system creates a folder called windows old, and in it I was able to check some traces and alert some companions about my error, thus preventing that in the future everyone can avoid similar invasions.

Showing hidden folders from the old affected system, I was able to find some programs and keys such as:

Caphyon
CloudPrinter
CLSK
install_clap/PostBuild.exe
Logic Cramble/Config.json/set.exe.config
Snorler/Ransoft/Lamsoft.exe/Zonlab.exe/

Other thousands of .dll, .exe, settings, and keys that self-downloaded without my consent.

I tried to open some malicious files, but they were all encrypted and protected by criminals. Thus making it impossible to study deeply about the functioning of the program.

My vulnerability before the attack:
Open modem firewall (big risk)
Server ports open (big risk)
Reason: To allow external connections from friends to private game servers that need open ports with my host (Hamachi for example).
Windows firewall disabled (big risk)
UAC disabled (big risk)
No antivirus active at the time of the attack (big risk)

I was caught at a time when I accessed a link redirector to download a file I needed. And with ADBlock disabled, it automatically downloaded a malicious file then automatically ran on my system.

As I was vulnerable, Ransomware disabled the administration of my computer, blocked the Task Manager and made it impossible to disable my Wi-Fi connection, automatically entering Chrome and downloading and installing more malicious files.

That's why I got a gift encryption online ID in time!

I would like to notify users who have been attacked with an online ID that:
Modify all of your passwords that were saved in Chrome, or other browsers.
Pricip if they have exported password files, which have been encrypted. For it is possible that criminals have access to all these files.

Anyway, I just wanted to warn some users like myself that have fallen into a criminal attack.

I am contacting some companies in Brazil that are experts in decrypting files.
Because of COVID-19 they are not working at the moment. But as soon as I see a light, I get in touch with the community.

NOTE: I advise everyone to report these criminals, as I believe that the cyber police investigate cases with a higher rate of complaints.
Somehow, every crook leaves a trail, either through an IP trace in the email login or through access to a bitcoin account. Sometimes mistakes happen and they are not 100% immune to mistakes.
Let's help the police help us !!!

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.