RE:

Am Montag, den 11. April 2016 wurde durch unbekannte Dritte die folgende E-Mail in englischer Sprache versendet:

20160411_re

Your package has been successfully delivered. The proof of delivery (TRK:043001569) is enclosed down below.

 

Der E-Mail mit dem Betreff „RE:“ ist eine Datei mit dem Namen (Benutzername)_invoices_290626.zip beigefügt, welche ein JavaScript enthält. Von einem Server wird der Verschlüsselungs- und Erpressungstrojaner TeslaCrypt nachgeladen.

Nach der Verschlüsselung der Dateien werden die entsprechenden Meldungen angezeigt:

20160411_re_bild

 

20160411_re_html

 

=!:+ !+9*57-8,*1;7+&?95):,24(+( ——- =!:+ !+9*57-8,*1;7+&?95):,24(+(

NOT YOUR LANGUAGE? USE https://translate.google.com

What’s the matter with your files?

Your data was secured using a strong encryption with RSA-4096.
Use the link down below to find additional information on the encryption keys using RSA-4096 https://en.wikipedia.org/wiki/RSA_(cryptosystem)

=!:+ !+9*57-8,*1;7+&?95):,24(+( ——- =!:+ !+9*57-8,*1;7+&?95):,24(+(

What exactly that means?

It means that on a structural level your files have been transformed . You won’t be able to use , read , see or work with them anymore .
In other words they are useless , however , there is a possibility to restore them with our help .

What exactly happened to your files ???

!!! Two personal RSA-4096 keys were generated for your PC/Laptop; one key is public, another key is private.
!!! All your data and files were encrypted by the means of the public key , which you received over the web .
!!! In order to decrypt your data and gain access to your computer you need a private key and a decryption software, which can be found on one of our secret servers.

=!:+ !+9*57-8,*1;7+&?95):,24(+( —– =!:+ !+9*57-8,*1;7+&?95):,24(+(

!!! What should you do next ???

In case you have valuable files , we advise you to act fast as there is no other option rather
than paying in order to get back your data.

In order to obtain specific instructions , please access your personal homepage by choosing one of the few addresses down below :
http:// 74bfc.flubspiel[.]com/***
http:// ibf4d.ukegaub[.]at/***
http:// k3cxd.pileanoted[.]com/***

If you can’t access your personal homepage or the addresses are not working, complete the following steps:
*** Download and Install TOR Browser – http://www.torproject.org/projects/torbrowser.html.en
*** Run TOR Browser Insert link in the address bar: xzjvzkgjxebzreap.onion/***

=!:+ !+9*57-8,*1;7+&?95):,24(+(—-IMPORTANT*****************INFORMATION———=!:+ !+9*57-8,*1;7+&?95):,24(+(

Your personal homepages
http:// 74bfc.flubspiel[.]com/***
http:// ibf4d.ukegaub[.]at/***
http:// k3cxd.pileanoted[.]com/***

Your personal homepage Tor-Browser xzjvzkgjxebzreap.onion/***
Your personal ID ***

=!:+ !+9*57-8,*1;7+&?95):,24(+(
=!:+ !+9*57-8,*1;7+&?95):,24(+(
=!:+ !+9*57-8,*1;7+&?95):,24(+(

 

Die verlinkte Internetseite zeigt die typische Forderung nach 1,3 BitCoin:

20160411_re_web

Kommentar(e)

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert