Unpaid invoice # 91270423

Am Dienstag, den 01. März 2016 wurde durch unbekannte Dritte die folgende E-Mail in englischer Sprache versendet:

20160301_unpaid_invoice

Dear Client,

According to the reconciliation of the Department of Finance there are the arrears following your client account totaling in $416,57 .

We attach the last unpaid invoice #91270423 to this letter and kindly ask you pay it off until March 31, 2016.

Please check out the file and do not hesitate to pay off the debt. We look forward to your reasonableness.

 

 

Als Absender kommen unterschiedliche Namen vor. Hier einige Beispiele:

  • Leticia kiddy
  • Marcie whiteoak
  • Carly gough
  • Jillian fair
  • Colby steel

 

Als Anlage ist eine .zip – Datei beigefügt, die eine .js – Datei enthält. Das JavaScript lädt die Datei /80.exe?1 von einer .com – Domain nach und bringt diese zur Ausführung. Es handelt sich dabei um den Verschlüsselungs- und Erpressungstrojaner „TeslaCrypt“, der alle wichtigen Dateien verschlüsselt und mit der Endung „.mp3“ versieht.

 

Auf dem Computer wird die Verschlüsselung angezeigt:

20160301_unpaid_invoice_black

 

20160301_unpaid_invoice_html

 

NOT YOUR LANGUAGE? USE https://translate.google.com

What happened to your files ?
All of your files were protected by a strong encryption with RSA4096
More information about the encryption keys using RSA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

How did this happen ?
!!! Specially for your PC was generated personal RSA4096 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server

What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:
1. http:// pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula[.]com/***
2. http:// sondr5344ygfweyjbfkw4fhsefv.heliofetch[.]at/***
3. http:// uiredn4njfsa4234bafb32ygjdawfvs.frascuft[.]com/***
If for some reasons the addresses are not available, follow these steps:
1. Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2. After a successful installation, run the browser
3. Type in the address bar: xlowfznrg4wf7dli.onion/***
4. Follow the instructions on the site.

—————- IMPORTANT INFORMATION————————
*-*-* Your personal pages:
http:// pts764gt354fder34fsqw45gdfsavadfgsfg.kraskula[.]com/***
http:// sondr5344ygfweyjbfkw4fhsefv.heliofetch[.]at/***
http:// uiredn4njfsa4234bafb32ygjdawfvs.frascuft[.]com/***
*-*-* Your personal page Tor-Browser: xlowfznrg4wf7dli.ONION/***

 

Über die TOR-Seite wird eine Forderung über 500 USD angezeigt:

20160301_unpaid_invoice_forderung

Kommentar(e)

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert