User comments on ISPs
  >> BT Broadband


Register (or login) on our website and you will not see this ad.


Pages in this thread: 1 | 2 | 3 | 4 | >> (show all)   Print Thread
Standard User AnnHannah
(newbie) Fri 22-Nov-19 14:18:52
Print Post

BT Broadband call


[link to this post]
 
Hi,
Really hoping someone can help me out. Went to visit my mother in law yesterday and she has been scammed. She had a call and they said they were BT and that there was issues with her computer. It was definitely not BT I have checked the number and found this: comment on the number online She has actually been having issues so she believed them, they knew her full name and address she had no reason to believe it was fake. To cut a long story short she basically let them remotely control her computer to 'fix it' and shes now had every single file on her computer locked. She has a ransom note on her computer which is the only thing she can open, telling her to click some dodgy link and pay in cryptocurrency to get her files back. I have told her not to pay it but I cannot work out how to get all her photos back. Her other son died a few years back and she has lots of photos that are obviously not replaceable and very sentimental. I have looked online and it seems like not much can be done other than to pay it :/ any suggestions at all?

Thanks
Ann
Standard User MoM
(newbie) Fri 22-Nov-19 15:14:01
Print Post

Re: BT Broadband call


[re: AnnHannah] [link to this post]
 
Tough one, if its encrypted then maybe a brute force may work?

How much are they asking for? I don't now of any one who has managed to bypass one of these type of attacks.
Standard User AnnHannah
(newbie) Fri 22-Nov-19 15:19:15
Print Post

Re: BT Broadband call


[re: MoM] [link to this post]
 
They want £1500 and theres no guarantee they will give back access to the photos, what if we pay and they ask for more? frown


Register (or login) on our website and you will not see this ad.

Standard User ian72
(eat-sleep-adslguide) Fri 22-Nov-19 15:24:05
Print Post

Re: BT Broadband call


[re: AnnHannah] [link to this post]
 
Have the police been informed.

As far as getting the photos back I am afraid it is likely to be bad news. It is almost impossible to crack this sort of encryption software - many large companies have tried it when they have been hit and it would cost a small fortune to even get someone to attempt it. And you are already aware that paying the money is no guarantee that they will unlock the files.

I am afraid without a backup of the files the chances of getting them back is very low.

Get the police in. Talk to them about it and I suspect they will give you the same advice.

Sorry that this has happened and I know it is too late but backups of important and personal information are essential and I am so sorry that it isn't going to help to resolve this.
Standard User sheephouse
(member) Fri 22-Nov-19 15:25:08
Print Post

Re: BT Broadband call


[re: AnnHannah] [link to this post]
 
There are ways to break the encryption on some (but not all) of these attacks - but it is a technical job that not everyone could do.
Can you post the *exact* name of the ransom note, and the *exact* text in it? That might identify the malware, and hence a fix.
Then leave the computer switched off for now.
Standard User AnnHannah
(newbie) Fri 22-Nov-19 15:27:35
Print Post

Re: BT Broadband call


[re: ian72] [link to this post]
 
We rang the police and they basically said they dont have the training or knowledge to deal with this type of crime. They aid to call the cyber crime team and report but apparently there is a huge waiting list as there are more hackers than people trained to fight against it. Tbh im really dismayed about the lack of support there is for such crimes. The police even said its up to us if we pay, they cannot advise either way, which I was suprised to hear.
Standard User Oliver341
(eat-sleep-adslguide) Fri 22-Nov-19 15:29:17
Print Post

Re: BT Broadband call


[re: AnnHannah] [link to this post]
 
As already suggested, call the police and do not pay it. The scammers will almost certainly ask for more money or simply take the money and not give anything in return. The more people who pay, the more these scams will proliferate.

Oliver.
Standard User ian72
(eat-sleep-adslguide) Fri 22-Nov-19 15:32:00
Print Post

Re: BT Broadband call


[re: AnnHannah] [link to this post]
 
I am afraid it is difficult to give a solution. As someone else posted it may be that it is a known encryption that could be broken but the majority can't be broken easily - many would take all the computing power you can throw at it thousands of years to crack - this encryption is used for the most sensitive data and it is designed to be effectively uncrackable. Most business end up just reformatting the devices and reinstalling from scratch (although some do pay the ransom as the financial loss from losing the data could be enormous).
Standard User AnnHannah
(newbie) Fri 22-Nov-19 15:33:47
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
Hey, this is the ransom note:


—= GANDCRAB V5.0.4 =—

Attention!
All your files, documents, photos, databases and other important files are encrypted and have the extension: .OBKBTXTN

The only method of recovering files is to purchase an unique private key. Only we can give you this key and only we can recover your files.

The server with your key is in a closed network TOR. You can get there by the following ways:

| 0. Download Tor browser – hxxps://www.torproject.org/

| 1. Install Tor browser
| 2. Open Tor Browser
| 3. Open link in TOR browser: hxxp://gandcrabmfe6mnef.onion/bba886b160b8e97e
| 4. Follow the instructions on this page

—————–

On our page you will see instructions on payment and get the opportunity to decrypt 1 file for free.

ATTENTION!

IN ORDER TO PREVENT DATA DAMAGE:

* DO NOT MODIFY ENCRYPTED FILES
* DO NOT CHANGE DATA BELOW

—BEGIN GANDCRAB KEY—

—END GANDCRAB KEY—

—BEGIN PC DATA—

—END PC DATA—
———————
Standard User sheephouse
(member) Fri 22-Nov-19 15:39:09
Print Post

Re: BT Broadband call


[re: AnnHannah] [link to this post]
 
OK, you may just be in luck. They aren't using the latest version of the encryption malware, and there are reports of a bug in the 5.04 version that has been broken previously. I'll look into it a bit more...
Standard User sheephouse
(member) Fri 22-Nov-19 15:47:03
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
OK, here's a website that may be useful - https://www.nomoreransom.org/en/index.html
I have no connection with them or any experience of the organisation that runs it - however I found the link from a source I trust. They make decryption tools available for free for cases where the encryption has been broken. The malware you have was broken a year ago by BitDefender working with the Romanian police (and EuroPol).
I'm not sure how technical you will have to be in using their tool, but if you need any help let me know.
Standard User Oliver341
(eat-sleep-adslguide) Fri 22-Nov-19 16:00:52
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
Great suggestion, I never knew about this site.

Oliver.
Standard User sheephouse
(member) Fri 22-Nov-19 16:03:05
Print Post

Re: BT Broadband call


[re: Oliver341] [link to this post]
 
That site is really where the UK police need to send victims of ransomware.

I should add that not every site that you might come across if you search for a decryption tool is to be trusted! Lots of criminals rely on distributing malware "removal" tools in order to install malware.

Edited by sheephouse (Fri 22-Nov-19 16:06:32)

Standard User AnnHannah
(newbie) Fri 22-Nov-19 16:11:20
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
Thank you so much sheephouse!
Standard User RobertoS
(elder) Fri 22-Nov-19 16:23:42
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
Well done sheephouse. Let's hope it works.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests normally 35-45Mpbs down, 65Mbps off-peak, 9-24 up.
==================================================
"Democracy means simply the bludgeoning of the people by the people for the people." Oscar Wilde
Standard User sheephouse
(member) Fri 22-Nov-19 16:27:53
Print Post

Re: BT Broadband call


[re: AnnHannah] [link to this post]
 
Do let me know how you get on. There's not many things that irritate me as much as relatively clever people misusing their talents by trying to be crooks.
Standard User MoM
(newbie) Fri 22-Nov-19 16:52:07
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
Good sharing of intel research to help others out.

I would like to think I was of good IT knowledge and I didn't come across it when searching for something to decrypt it
Standard User Oliver341
(eat-sleep-adslguide) Fri 22-Nov-19 16:56:31
Print Post

Re: BT Broadband call


[re: MoM] [link to this post]
 
Sometimes it's tricky to think of the most relevant search terms. This one works well:

https://www.google.com/search?q=decrypt+ransomware

Oliver.
Standard User MoM
(newbie) Fri 22-Nov-19 17:08:22
Print Post

Re: BT Broadband call


[re: Oliver341] [link to this post]
 
I haven't managed to read all the 2.2million results yet, I will let you know when I have
Standard User Oliver341
(eat-sleep-adslguide) Fri 22-Nov-19 17:13:44
Print Post

Re: BT Broadband call


[re: MoM] [link to this post]
 
In reply to a post by MoM:
I haven't managed to read all the 2.2million results yet, I will let you know when I have

No need, the first result after the adverts is the one we wanted!

Oliver.
Standard User sheephouse
(member) Fri 22-Nov-19 17:40:03
Print Post

Re: BT Broadband call


[re: Oliver341] [link to this post]
 
I first found nomoreransom.org referenced on a non-public site that I refer to for cyber threats. As I mentioned previously, you do have to be careful with general search results, as some criminals provide malware removal tools which actually install malware (which may wait months before becoming active) and they tend to use SEO to push their wares up the search results.
Standard User 4M2
(knowledge is power) Fri 22-Nov-19 17:47:40
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
Would .jpg files be accessible if one dual booted from linux?
Standard User sheephouse
(member) Fri 22-Nov-19 18:19:40
Print Post

Re: BT Broadband call


[re: 4M2] [link to this post]
 
Dual booting doesn't help - the files will have been encrypted, so the content of a .jpg file isn't readable as a jpeg. It is quite possible that only the first part (maybe 1MB) of each file is encrypted, but that will contain the metadata making the whole file unreadable.
Fortunately in this case there is a decryption tool available. In general a backup on a separate computer or DVD etc is the only foolproof protection.
Standard User RobertoS
(elder) Fri 22-Nov-19 18:25:29
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
I was wondering earlier where the original photos were/are, and if any have perhaps ended up in MS OneDrive, Google Drive and suchlike.

Unlikely, but worth an ask.

Edit: Also emailed or similar to other family members or friends. Even actual prints than can be scanned. Were any older ones copied from an older computer and if so is that still available.

My broadband basic info/help site - www.robertos.me.uk. Domains, site and mail hosting - Tsohost.
Connection - Three 4G, tbb tests normally 35-45Mpbs down, 65Mbps off-peak, 9-24 up.
==================================================
"Democracy means simply the bludgeoning of the people by the people for the people." Oscar Wilde

Edited by RobertoS (Fri 22-Nov-19 18:27:28)

Standard User Oliver341
(eat-sleep-adslguide) Fri 22-Nov-19 18:34:39
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
In reply to a post by sheephouse:
In general a backup on a separate computer or DVD etc is the only foolproof protection.

External hard drive is ideal, these days USB sticks are larger in capacity and may also be sufficient for users with less data.

Unplugging after backup is key, although things like File History encourage the external storage to be connected at all times.

Oliver.
Standard User sheephouse
(member) Fri 22-Nov-19 18:44:44
Print Post

Re: BT Broadband call


[re: Oliver341] [link to this post]
 
It is important that backups are not permanently accessible by the computer - if they are they will be encrypted too. Attached backups can protect against hard drive failures etc, but not against malware.
Standard User 4M2
(knowledge is power) Fri 22-Nov-19 18:54:50
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
In reply to a post by sheephouse:
Dual booting doesn't help...


Thanks for the reply - I thought that maybe dual booting into linux might be a way of copying across encrypted files (particularly .jpeg, plain text documents, etc. from a Windows OS) and perhaps opening them on the linux partition might be possible.
Standard User Oliver341
(eat-sleep-adslguide) Fri 22-Nov-19 18:55:41
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
Yep, it's a trade off. Permanently connected external storage with File History provides excellent backup coverage but puts them at risk of malware encrypting all the files.

I wonder how many people are sufficiently motivated to keep plugging in and out their backup device before and after each regular backup (until it's too late).

Oliver.
Standard User 4M2
(knowledge is power) Fri 22-Nov-19 19:35:04
Print Post

Re: BT Broadband call


[re: Oliver341] [link to this post]
 
In reply to a post by Oliver341:
Yep, it's a trade off. Permanently connected external storage with File History provides excellent backup coverage but puts them at risk of malware encrypting all the files.

I wonder how many people are sufficiently motivated to keep plugging in and out their backup device before and after each regular backup (until it's too late).


Also, perhaps, disconnecting other booted machines, using the same OS, from the LAN? Or perhaps a user has to intentionally transfer files?
Standard User Oliver341
(eat-sleep-adslguide) Fri 22-Nov-19 19:47:50
Print Post

Re: BT Broadband call


[re: 4M2] [link to this post]
 
In reply to a post by 4M2:
Also, perhaps, disconnecting other booted machines, using the same OS, from the LAN?

Yes, if the device is connected to the LAN, and the infected PC knows the SMB password for it, or it has no password, it most definitely is at risk too.

Oliver.
Standard User 4M2
(knowledge is power) Fri 22-Nov-19 19:58:53
Print Post

Re: BT Broadband call


[re: Oliver341] [link to this post]
 
In reply to a post by Oliver341:
In reply to a post by 4M2:
Also, perhaps, disconnecting other booted machines, using the same OS, from the LAN?

Yes, if the device is connected to the LAN, and the infected PC knows the SMB password for it, or it has no password, it most definitely is at risk too.


I thought that was possible - I no longer have a XP machine connected to the LAN (always offline) together with a Win7 machine. Bit of a nuisance but better safe than sorry.
Standard User Rastus
(experienced) Fri 22-Nov-19 20:07:09
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
In reply to a post by sheephouse:
I first found nomoreransom.org referenced on a non-public site ...


I saw it referred to a while ago on the Action Fraud site;
https://www.actionfraud.police.uk/campaign/ransomaware

Wouldn't you think the dumb police would know about it and refer the OP to it? Luck of the draw I guess, whether you get a copper worth their salt when you call them, or get one who's useless.

FTTP 80/20 Mbps
Standard User funkydan
(newbie) Fri 22-Nov-19 20:16:46
Print Post

Re: BT Broadband call


[re: MoM] [link to this post]
 
I had a similar problem a few years ago. It was ransomware that loaded a ransom message when I logged on to my laptop. After searching I found out it was attached to my windows login.
I found a video on youtube how to remove it by starting in safe mode. side loading maiwarebytes which removed the malware and then going into the registry to remove the remnants of it.
I don't know if this will be helpful as it might be different to what you are experiencing but search youtube to see if you can find something similar to what you are experiencing.
https://www.youtube.com/watch?v=G2sUQFME0bE
Standard User busterboy
(committed) Fri 22-Nov-19 20:54:43
Print Post

Re: BT Broadband call


[re: funkydan] [link to this post]
 
In reply to a post by funkydan:
I had a similar problem a few years ago. It was ransomware that loaded a ransom message when I logged on to my laptop. After searching I found out it was attached to my windows login.
I found a video on youtube how to remove it by starting in safe mode. side loading maiwarebytes which removed the malware and then going into the registry to remove the remnants of it.
I don't know if this will be helpful as it might be different to what you are experiencing but search youtube to see if you can find something similar to what you are experiencing.
https://www.youtube.com/watch?v=G2sUQFME0bE


Great video Dan and "can" work.

I have been in the registry many times but it can be a minefield to find certain files but certainly worth a try.

Good find funkydan and good luck to the OP on hopefully restoring your files.

Scum like these need a large injection IMO.

BTBroadband
Standard User deezel
(regular) Fri 22-Nov-19 21:32:18
Print Post

Re: BT Broadband call


[re: sheephouse] [link to this post]
 
Hi had a similar thing happen to a friend and sorted her pc out by downloading a file from beeping computer , it might be worth a try and dont worry its a safe prog.

RKill is a program developed at BleepingComputer.com that was originally designed for the use in our virus removal guides. It was created so that we could have an easy to use tool that kills known processes and remove Windows Registry entries that stop a user from using their normal security applications. Simple as that. Nothing fancy. Just kill known malware processes and clean up some Registry keys so that your security programs can do their job.

good luck hope you get it sorted

Billion 8900 AX 2400
AAISP Home 1
Standard User tommy45
(knowledge is power) Fri 22-Nov-19 23:35:36
Print Post

Re: BT Broadband call


[re: AnnHannah] [link to this post]
 
this decrypter tool may decrypt the files https://labs.bitdefender.com/category/free-tools/
Standard User Malwaremike
(experienced) Sat 23-Nov-19 11:46:25
Print Post

Re: BT Broadband call


[re: tommy45] [link to this post]
 
A despicable crime, but great to see the wide knowledge of TBB members so generously given as always. AnnHannah, I hope you can solve your relative's problem.
Standard User tommy45
(knowledge is power) Sat 23-Nov-19 18:37:55
Print Post

Re: BT Broadband call


[re: Malwaremike] [link to this post]
 
In reply to a post by Malwaremike:
A despicable crime, but great to see the wide knowledge of TBB members so generously given as always. AnnHannah, I hope you can solve your relative's problem.
I had a RoBo call from a scammer po porting to be BT IIRC,saying that my bb was going to be cut off if i didn't act, then you get the press 1 to speak to an adviser (scammer) but i had to go out so i didn't waste their time like i would normally have done, the number was not displayed on caller id, but was recorded on the 1471 service, a mobile numbers, so spoofed
Pages in this thread: 1 | 2 | 3 | 4 | >> (show all)   Print Thread

Jump to