I'm sorry if I post on the wrong forum, just I came around this on an 'pure' Windows 10 machine, I post it in Windows 10 Forum. What is it all about? A few days ago a customer gave me his Office computer which was infected an attacked by some Ransomeware. Many of the files, at least in any single directory of that machine was encrypted and a text file named -readme.txt explained that the owner has to pay US$980.00 to get the needed Key to get his data and files back working. That's an old game and well known in Computer World, and I don't need to explain more. Some times ago I had already worked on that problem and found a quite simple way to avoid such a problem to about 99%! I the following, while checking that machine, I saw that the affected files were only in the first layer of the directories but in second or deeper! After I found out that, I immediately changed all File locations on my own computers and replaced them one or two-level deeper. I also kept some 'dummy/bogus' files on the first DIR Layer, which didn't could hurt me in any means! Since I had two times attacks from such Cyber Criminals and except that bogus files, I wasn't lose anything. So, that worked for me. Anyway, that could only affect one of my computers, which isn't behind my Smoothwall and used for Internet surfing only. Back to the machine of my customer! I checked his computer with Emsisoft Emergency Kit & Decrypt STOPDjvu and just found out that an Online was used, which prevents an app like Decrypt STOPDjvu to decrypt the affected files and data. Although to mention, that there weren't any Ransome apps installed on his computer, that I checked with EEK (Emsisoft Emergency Kit). After speaking with him, he told me that he was trying to activate Windows 10 Pro using an Activator from the Internet! This app was trying to update to a newer version which it doesn't, instead, his browser was open up many Internet Sites. After some time about 30-40min, he Hard booted his computer, deleted that Activator and uninstalled and reinstalled the Browser. He then saw a lot of his files was get a new extension but could open any of that files! That added extension was: .mpaj! The only what I was now able to do was to remove all the files with .mpaj extension. Luckily, all files and data in the second and deeper layers were still fully OK. An hour ago he took back his machine with my advice to save his remaining data and do a clean new install of Windows 10 using his old Windows 8 Product Key to activate. I myself was not willing to do that for him because he didn't want to pay for that work. I remembered him about my old advice to always doing a Data Backup, what he didn't! I posted this here just to remind others to be careful with their data. Good Luck.
What i take from this is, what kind of shady web pages you are visiting/programs installing that you got ransomware 3 times already ? Also for really shady things there are VMs and sandboxes... You dont just run "very shady crack/keymaker" from the internet on your main computer 1st...
real dumb move but NSA and FBI have put out a list of many decrypting keys that will unlock many different type of ransom ware.
not here to argue, but no I really dont... You are clearly talking about you and your own computers but anyway, it was only a sarcastic comment.... however yes that 1st time I counted that damage was actually done, you indeed where talking about someone's computer... so 2 times not 3, sorry about that ;P (just slightly trolling, stay @home and crap like that and i'm "slightly" bored).
The intention to pst about the problems explained in Post #1, was simply to give others, which may be facing such a problem to help and maybe show them how to save at least some of their Data. I very well know that on MDL are a lot of members who like to start trolling at any time possible, which is already the point for me to hardly post anymore at this forum. That said, as long as you didn't have to say anything useful regarding how to solve ransomware problems, better you keep your mouth shut! The above written applies to the above answer-posts! Regards.
In the meantime, I was getting the exact name of the Activator used by my customer to activate his Windows 10. The name of that download is (exact as written) windows-10-activator-ultimate-2020-v1-2-p2p.zip! My customer still had that file on Flash and it was showing a Date of build/modifying Jan. 15. 2020 and Filesize of 5,599KB. He sent that info by SMS today. According to my customer, running the file after extraction as Administrator, it started the work but shortly came up with a screen that this one is outdated and need to update to the newer version. Allowing that, the Ransomware started directly include opening a lot of websites, etc., etc. and all was done! As another side note: I used the App Everything 1.4 for a final search on his machine to find all maybe remaining infected files. The outcome was as follows: After using several AV/Ransomeware apps, as well as MS File Explorer and XYPlorer, Everything still was finding another 16 files infected left on his machine. By the Way, Everything is Freeware and the fastest Search Apps to really find EVERYTHING on ALL drives of a computer! That's all for now and I hope those full Infos will others help if they face a similar problem.
The only time I got a ransomware was I had to use Ammyy Admin remote login software which my local support company asked me to download as a freeware. After few google searches on Ammyy Admin, this dirtbag company routinely distributes ransomware infected file from their official website and get a commission from ransomware makers. So ransomware has become like corona virus. You can get infected even if you are being careful.
After being locked out of my files with ransomware - I now run Windows 10 with DEEP FREEZE installed. Every time I reboot - my C drive (and D if you also want to freeze it) is RESTORED to its original state and all changes that have been made are removed. I have an attached D drive that contains any files I want to constantly have access to and detach all other hard drives (because malware could still infect attached drives). I have an unattached BACKUP of drive D (if I dont want to include the D drive in DEEP FREEZE protection). Now I can install, test and customize ANY software from ANY source without any worry about malware or ransomware. I just reboot to remove all changes to my C drive (and D if desired) and return to a clean installation. By the way, you can temporarily DISABLE Deep Freeze so you can install updates or install safe software.
Drive C is protected by DEEP FREEZE. Drive D contains all files that I want to edit and not be replaced by DEEP FREEZE restart. If both Drive C and Drive D are encrypted by ransomware - I restore Drive C by restarting DEEP FREEZE and restore Drive D with my backup copy. I never leave additional unprotected drives attached to my PC - I only add additional drives temporarily when required. Only Drive C (FROZEN) and Drive D (Thawed) are constantly used. And I NEVER use partitions.
Related to this, there are people pushing to make paying the ransom illegal in an attempt to end ransomware. Potentially more terrifying are the cases of blackmailware starting to pop up. "Give us $ or everyone on your contact list gets access to everything we took from you."