1. Rich says:

    With each reply I get more and more furious at the bastards who did this. What effort is being made to catch the perps?

    • LibertyLover says:

      No idea. But there are times I wish I could take a baseball bat to these thieves.

      • bobbo, as nuts on the far left as the Teaparty is on the right, but not religious, no... never religious. In fact, I'm a pragmatic existential anti-theist who nontheless posits that a full on socialist state for the general best welfare of the People wedd says:

        Thieves are several degrees above the VANDALS and anarchists that are engaged in this activity. At least thieves put the property to use?

        …. But Obama will continue to look forward as if this was just a case of torture.

        • John E Quantum says:

          Ronald Reagan had a great way to deal with miscreants like this. Sit them down on a log, nail their testicles to the log, then push them over backwards.

  2. Tim says:

    “”I’d like to recover this drive.

    Somebody will probably package together all those NSA backdoor random number generator elliptic curve whathefefer and integrate it with exactly what that intrusion did.

    In the meantime, what looks like encrypted in place is probably based on some pattern/’folders’ from the MFT — Still, if it is folder x folder then it probably writes to a scratch/buffer space then encrypts then overwrites the original folder –> there may be some overrides for what cell is written to in an ssd, like a ‘wipe’ function…

  3. Tim says:

    I almost forgot {man, I’m so high, right now}; I don’t think it is so much a matter of when one got infected, just that the malware was updated on the 1′st — of course, i’m assuming the dirtware had autoupdate enabled?

    Also, it may well be worth scanning for a hidden partion, especially if it’s a laptop. Vendors tend to hide backup partitions of their own in those things and a changing something in the documents folder is likely to be stuffed in there whether one likes it, or not.

  4. MikeN says:

    Marc Perkel, so you have an unencrypted backup version of any files that are now encrypted? It may be possible to brute force a decryption.

  5. Techno Pawn says:

    I can’t believe it! This is DVORAK.ORG!!! And we all know that John C. Dvorak is one of the most technically knowledgeable and tech-insightful people in the tech review business. So when I see one of Dvorak’s staffers post a story like this I can’t help wonder what kind of “staff” is working for him. Because it seems Dvorak.org has at least one staff member who has no idea how to deal with basic computer terminology and things like encryption! So could these staffers be ex-newspaper reporters whose former job was to cover politicians, weather and fashion?! Here’s a hit (if you read that link): TRY LOOKING IN YOUR REGISTRY! (And no, I don’t mean bridal registry either.)

    Seriously. Try reading the very article you provided a link to. I only looked at it and it seemed pretty basic cut and dry stuff. They all but put your nose in it and showed you where your decryption key(s) is located!

    Of course, I do see a problem if you are like any of the multitudes of other idiots with more than one hard drive (be it SSD, spinning disks, or any combination thereof) and then got hit. But even that might not have been a problem had you (or whoever the operator was) been using a modicum of common sense — or even a virtual environment. It’s just a guess, but if there are more than one hard drive involved here, I’m betting the one you want decrypted was infected on a different machine — with a different “primary” HDD!

    I’d love to take a look but personally, I have no compassion for someone who continues to push boundaries despite MULTIPLE WARNINGS and then gets bit. The way I see it, you deserve it.

    So keep opening those unknown email attachments. Keep surfing porn sites on a system with your family photos. Keep installing unknown software from unknown sources. Keep zombie clicking! And whatever you do, DON’T BACKUP!!! Make sure you DON’T READ while you’re at it too. (Don’t “RTFM”!) We all know how the people who get bit by these viruses are the dummies who shouldn’t even be using electric stoves let alone, computing devices. So be sure and follow this advice and maybe you can burn your self too!

    • Marc Perkel says:

      I don’t know if your read anything but it’s not MY drive that was hit. It was a friend of mine.

      Personally – I have backups.

    • Tim says:

      **Here’s a hit (if you read that link): TRY LOOKING IN YOUR REGISTRY!

      **Try reading the very article you provided a link to. I only looked at it and it seemed pretty basic cut and dry stuff. They all but put your nose in it and showed you where your decryption key(s) is located!

      Dude, the words *registry, regedit, entry* do not occur in either article. Since it is a spy machine, the registry probably is a good place to poke around .. you never know what you may find. A bit like looting graveyards, in your case.

      So, I suppose that you did not really withold any good suggestions on where to peek or were you just being a douche-canoe in your spare time?

  6. MikeN says:

    So your friend was the first person hit with the new and improved version?