Ransomware

From Leo's Notes
Last edited on 29 May 2019, at 03:38.

Mirai[edit | edit source]

A workstation from work got hit by a ransomware and encrypted everything accessible by the user on the local disk but not network shares. Each directory that was encrypted contained a file #RECOVERY_FILES#.txt with the following contents: 

!!!YOUR FILES ENCRYPTED !!!
Contact us:
mirai@horsefucker.org
And tell us your unique ID
8sUJhVSslVJAcF2PZoRTzx+r5lOBYrSzS3xdQB4T1d+Xidbd+tu2RiaZq/GJzaPLYhXVu0lPesZbAOwPTCuV8lNVf1P7TlUeAd59+TSTAN36zEJIjW66MF1Q1np70/o2GIj2yD4EAAXuX5jRWG4Qz93/xk3wrxaEGuGz9Hqf0vSkETo4yyCsPeCnHVde6M3SStwMwTz4dFZnBeQez4QxkIviuhiv7mcs86iMxZ+oZuATWGaYKWqD9yI9rzP2qQy5ciJpNacDVs7f3BHrIK9fJ75BLDbdiq0oOtJpL9DRqZ07GAjofj5hWEvsLbce3aYrAJHvPlb1ULf5IShNby/lp8vqbwCToCE2bI8pwloizYzxqOKqyoa2sKTwyl1z07Wl54minh9tbXAvTxxE22prgf03hU5xQdsx/9qYk6yL9vHQDVvOQdly+tUIab9cNwcDV2lQ5t3DI21I6mRc8MML1C2aIrAcnTDHp2UaxmHbVRurdzMNqSoLm+oYRMWAMdHvstkeYdbFuQBc8w5MKXc7y9ZbLLnaCf4LslVA4xoThn4oFgY9QA746Te4oZj//t1kJoIWBo6yiXGeUbstogQGNa9ywBNT6lE+Z2B4VyFanJpv7Oi6zvYCoBCPT1miAKF+b8fHRwIUgkS9Z8dSNMyjuXLDhQOdQrW7Nz4vW8XDLVs=

Encrypted files were renamed with a .mirai extension.

Recent Changes

Recent Changes under Linux

Recent Changes under Guides

Ad-Free + Tracker-Free

I respect your privacy. This site does not serve ads, use trackers/analytics, or load resources from 3rd party websites.

Cookies may be created by MediaWiki but will contain no user identifiable information.


Back to top