Ransomeware

Internet, Two-Way Radio Communications, WIFI, 3G, etc
Forum rules
User avatar
Zero-Fear
Loyal
Loyal
Posts: 90
Joined: Tue Nov 27, 2012 1:08 am
Contact:

Ransomeware

Postby Zero-Fear » Sun Dec 30, 2012 11:23 pm

Oh yeah so ive come across my second randsomware. The first one I saw was the one about ASIO (its in the news) took 32 seconds to remove it.

This new one is a cunt and a half. its put all the clients important data into passworded rar files.
so like... ive googled n googled and looked around no one fucken knows shit.

the machine wont boot because 3 other techies from 3 diff companies looked at it and fucked it up royaly so im stuck with the left overs. So what im suspecting happens but cant test as it don't boot is that it asks for a reference number and a password, I think what happens is that it talks back to a server in Russia (which I may have found the hostname) and verifies the key or code bit like a PC game.

So ok... so why the fuck hasn't anyone made a spoof/patch for this? fool the prog into thinking that its talking to server in Russia send back an "yeh all good cunt" msg from the server and BAM! yeah I know its abit more complex but there should be someone out there that can do that, I cant do that sort of patching its too awesome for me.

ref: http://blog.nfocustech.com/2012/02/accd ... otes-more/ :?
Zero-Fear

User avatar
Nick
Respected
Respected
Posts: 182
Joined: Tue Nov 27, 2012 9:34 pm
Location: 127.0.0.1

Re: Ransomeware

Postby Nick » Mon Dec 31, 2012 9:41 am

I can.
Long story short if the communications looks like this, it's easy:
Virus: Hey bro, I'm totally in
Russia: Awesome. Let's go dump some hashes.
Virus: Okay here's what I've got so far
Russia: Nice, well let me know when you've got more.

If it looks like that, easy, if it's using SSL or a rolling key system, not so much, before you can really spoof it you really need a copy of a packet capture between the two, then you play with DNS or static IPs inside your local network, and start firing packets at it.

User avatar
Zero-Fear
Loyal
Loyal
Posts: 90
Joined: Tue Nov 27, 2012 1:08 am
Contact:

Re: Ransomeware

Postby Zero-Fear » Tue Jan 01, 2013 2:32 am

atm I cant login to it. running out of ideas.... no idea why no one can crack rar passwords by now like seriously
Zero-Fear

User avatar
Nick
Respected
Respected
Posts: 182
Joined: Tue Nov 27, 2012 9:34 pm
Location: 127.0.0.1

Re: Ransomeware

Postby Nick » Wed Jan 02, 2013 9:42 pm

You got a copy of the software? If you can get it to me I'll spin up a VM and see if we can find a cure.

User avatar
Zero-Fear
Loyal
Loyal
Posts: 90
Joined: Tue Nov 27, 2012 1:08 am
Contact:

Re: Ransomeware

Postby Zero-Fear » Wed Jan 02, 2013 9:44 pm

looks like some other techies deleted it fucking geniuses
Zero-Fear


Return to “Other Communications/Technology”

Who is online

Users browsing this forum: No registered users and 1 guest