Week 5
A new ransomware that has been seen in the news is called Clop. This malware is designed to encrypt data and rename each file by appending the ".Clop" extension.
After successful encryption, Clop generates a text file ("ClopReadMe.txt") and places a copy in every existing folder. The text file contains a ransom-demand message.
The message reads as such:
"Your network has been penetrated.
All files on each host in the network have been encrypted with a strong algorithm.
Backups were either encrypted or deleted or backup disks were formatted.
Shadow copies also removed, so F8 or any other methods may damage encrypted data but not recover.
We exclusively have decryption software for your situation
No decryption software is available in the public.
DO NOT RESET OR SHUTDOWN ñ files may be damaged.
DO NOT RENAME OR MOVE the encrypted and readme files.
DO NOT DELETE readme files.
This may lead to the impossibility of recovery of the certain files.
Photorec, RannohDecryptor etc. repair tools are useless and can destroy your files irreversibly.
If you want to restore your files write to emails (contacts are at the bottom of the sheet) and attach 2-3 encrypted files
(Less than 5 Mb each, non-archived and your files should not contain valuable information
(Databases, backups, large excel sheets, etc.)).
You will receive decrypted samples and our conditions how to get the decoder.
Attention!!!
Your warranty - decrypted samples.
Do not rename encrypted files.
Do not try to decrypt your data using third party software.
We don`t need your files and your information.
But after 2 weeks all your files and keys will be deleted automatically.
Contact emails:
servicedigilogos@protonmail.com
or
managersmaers@tutanota.com
The final price depends on how fast you write to us.
Clop"
The ransomware is designed to get you to pay for someone to remove the program from your PC. here were will show you how to remove it without paying a cent.
"Restart" your PC while holding "Shift" on your keyboard. Once the "choose an option" window opens click on "Troubleshoot".
Next select "Advanced options", and then select "Startup Settings" and click on the "Restart" button.
In the following window you should click the "F5" button on your keyboard. This will restart your operating system in "Safe Mode" with networking.
Log in to the account that is infected with the Clop virus. If you do not have a anti-spyware program then start your internet browser and download a legitimate anti-spyware program. Update the anti-spyware software and start a full system scan. Remove all entries detected. As I have mentioned in my previous posts, Malwarebytes Anti-malware already has spyware definitions for Clop loaded into their latest update. This will remove the spyware program and keep you from paying to these hackers.
Make sure to always keep your anti-virus and anti-spyware programs up to date and running to keep your system protected.
If for any reason your anti-spyware program does not remove the program, do a full system restore from a previous back up prior to when the Clop program was installed.
References
Meskauskas, T. (2019, November 22). Clop Ransomware. Retrieved from https://www.pcrisk.com/removal-guides/14451-clop-ransomware.
No comments:
Post a Comment