A ransomware appears to have been circulating for the past few weeks. It encrypts data files and creates a BUYUNLOCKCODE.txt ransom note in all directories where a file was encrypted.
This buyunlockcode.txt file contains instructions and an email that you must contact to receive payment instructions. Known email addresses are nick.jameson@expressmail.dk and ChiuKhan@tom.com, though these will most likely change over time. At this time, the ransom amount is unknown.
The text of the BUYUNLOCKCODE.txt is:
Hi, your ID = JSOXXXXXXXX
All important files were encoded with RSA-1024 encryption algorithm. There is the only way to restore them - purchase the unique unlock code.
Warning! Any attempt to recovering files without our "Special program" will cause data damage or complete data loss. As we receive your payment, we will send special program and your unique code to unlock your system.
Guarantee: You can send one of the encrypted file by email and we decode it for free as proof of our abilities.
No sense to contact the police. Your payment must be made to the e-wallet. It's impossible to trace. Don`t waste your and our time.
So, if you are ready to pay for recovering your files, please reply this email ChiuKhan@tom.com
Then we will send payment instructions.
Does anyone have any idea how to solve this problem?
Answer
Your question is
How to remove BUYUNLOCKCODE Ransomware
The answer: Use an antivirus program.
However, your post has other questions. You have no idea what other things the virus could have done to your machine. Just because you can see the files are encrypted doesn't mean it hasn't done anything else you're not currently aware of.
If the files are encrypted, you can't get them back (I use the word can't loosely, I should say highly unlikely (near impossible, especially without the right equipment and knowledge (and time))). This is why you would have to pay for the key, but there is the doubt you will get the key even if you do pay. However, it's usually in their interest to restore the files as it gives the attackers a (ironically) trustworthy reputation that they stay true to their word (meaning other victims will pay).
Regardless, after you get the files back or not, you need to wipe the machine, reformat it totally. Then restore the files from a back up (or at least from now on, always have a back up).
I should also point out when infected with things like this, it's very important to remove the machine from the network as these types of viruses often spread easily.
No comments:
Post a Comment