Yesterday morning, this is what appeared on my monitor(s):

Quote

Don't worry, you can return all your files!

All your files like documents, photos, databases and other important are encrypted

What guarantees do we give to you?

You can send 3 of your encrypted files and we decrypt it for free.

You must follow these steps To decrypt your files :   
1) Write on our e-mail :[email protected]
2 telegram id :@Arethey14

Now I'm certainly not stupid, nor is anything so critical that it needs rescue. I'll simply replace the C hard disk, install a clean copy of Win 11, and begin downloading my radio's software and call it done.

Fortunately, Windows Edge was not affected at all. So at least I still have web access to both the internet and my email. As a matter of caution, immediately following this post I'll change passwords for critical sites, beginning with my bank!

This is what Grok says:

Don't worry, you can return all your files!
All your files like documents, photos, databases and other important are encrypted
What guarantees do we give to you?
You can send 3 of your encrypted files and we decrypt it for free.
You must follow these steps To decrypt your files :

1. Write on our e-mail :worldwar2023
   @onionmail
   .org 2 telegram id :
   @Arethey14

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

15 web pages

This message appears to be from a ransomware attack, where your files are encrypted and the attacker is offering a way to decrypt them. Here's how to approach this situation:

 

Understanding the Scam:

• Lack of Guarantees: There are no real guarantees provided in such scenarios. The promise to decrypt three files for free is a common tactic used by ransomware operators to prove they can decrypt your files, but it does not ensure they will decrypt all your files after payment.
• Email and Telegram Contact: The email [email protected] and Telegram ID @Arethey14 are likely used to communicate with victims. Onionmail.org is noted for being an encrypted and anonymous email service, which can be used for illicit activities like ransomware.

 

Steps to Consider:

1. Do Not Pay the Ransom: Paying the ransom does not guarantee you'll get your files back. Moreover, it encourages more criminal activity.
2. Disconnect from the Network: If you haven't already, disconnect the infected computer from any network to prevent further spread of the malware.
3. Identify the Ransomware: Try to identify the specific ransomware strain by looking for any unique file extensions added to your encrypted files or by reading the ransom note's content. This can help in finding potential decryption tools if they exist.
    
   • From Web Information: The tactics described are similar to those used by various ransomware strains like Info, Delta, CUM, DT, and others, which use .onionmail.org addresses for communication. However, no direct mention of "worldwar2023

     @onionmail

     .org" or "Arethey14" was found in the web results provided, suggesting this might be a new variant or unrelated scam.
4. Search for Decryption Tools: Check reputable sources like:
   • Emsisoft's Decryption Tools: Visit emsisoft.com/ransomware-decryption-tools for any tools that might work for your ransomware strain.
   • No More Ransom Project: Look at nomoreransom.org for decryption tools; they collaborate with law enforcement and cybersecurity companies.
5. Backup and Recovery: If you have backups, this is the time to use them. If not, consider this a lesson to back up your data regularly.
6. Professional Help: If the data is critical, consider consulting with cybersecurity professionals. They might have insights or tools not available to the public.
7. Do Not Comply with the Ransom Note: Avoid following the steps suggested by the attackers. Sending files or engaging with them might lead to further compromise.
8. Report the Incident: Report to authorities or cybersecurity organizations to help track and potentially dismantle these operations.

 

Remember, the safest approach is not to engage with the attackers. Use this opportunity to enhance your cybersecurity measures, including regular backups, up-to-date antivirus software, and education on phishing and malware prevention.

Are they 14 or older?

Whenever I read something like this I'm glad I don't have many more years left.

If something like that happened to mine I'd just toss it into the nearest landfill and call the computer part of my life quits.  Same with my phone.

Noel

God has a certain place for scum that preys upon others because they’re just too d**** lazy to work for a living. I been getting occasional emails disguised as PayPal notifications that someone has made a charge on my account and would be paid unless I call this number immediately. I cancelled my PayPal months ago. Another is from someone who says they have evidence I have been looking at porn magazines and expose me if I don’t send a payment in bitcoin. Sure buddy. Payment on the way. Do people fall for this stuff?

1 minute ago, Patco Lch said:

 Do people fall for this stuff?

Unfortunately, every day!  Especially among us older farts who should know better.

4 hours ago, FBW737 said:

Do Not Pay the Ransom: Paying the ransom does not guarantee you'll get your files back. Moreover, it encourages more criminal activity.

Hah! They picked on the wrong person to invest their time. I couldn't pay fifty cents, much less some ridiculous amount of money. I barely survive on my meager SS, and SSI as it is.

It is curious that even the files in the OneDrive folder were likewise encrypted.  Even more alarming is that the "TotalAV" protection software has totally vanished on this hard drive. It's as though it never existed!

I don't see any commonality in the encryption extensions used. They are seemingly random, such as .tkfl and .vvq1 et cetera.

32 minutes ago, n4gix said:

Even more alarming is that the "TotalAV" protection software has totally vanished on this hard drive. It's as though it never existed!

You should contact TotalAV and let them know what happened and that their protection failed.  You pay a subscription so they at least owe you some assistance. 

Dave

2 hours ago, n4gix said:

It is curious that even the files in the OneDrive folder were likewise encrypted.

Do you have a free or paid OneDrive account? The paid plans have a file recovery feature that can help in this situation.

https://support.microsoft.com/en-us/office/ransomware-detection-and-recovering-your-files-0d90ec50-6bfd-40f4-acc7-b8c12c73637f

 

https://support.microsoft.com/en-us/office/restore-your-onedrive-fa231298-759d-41cf-bcd0-25ac53eb8a15

Edited February 4, 20251 yr by kangoat

11 hours ago, Patco Lch said:

Another is from someone who says they have evidence I have been looking at porn magazines and expose me if I don’t send a payment in bitcoin

Ya know, years ago, when my daughters were in high school, a boy called me and told me he had sex with both of my daughters.  I asked which one he liked best and told him to be sure to wear condoms next time.  He called me an SOB and hung up.

No, to this day I never told my daughters about the call.  They don't need to know.

Noel

15 hours ago, dave2013 said:

You should contact TotalAV and let them know what happened and that their protection failed.  You pay a subscription so they at least owe you some assistance. 

I may well do that, but most of the files I care about are photos. It is peculiar that their encryption software made copies of the image files and then encrypted the copies, leaving the original images untouched. Go figure!

Over the past decade+ years, the boot drive had accumulated a ton of detritus and deserved a massive cleanup anyway. I ordered a bootable USB stick that will install Win 11 Pro (or Win 10 Pro) which will make a fresh install of the OS a relatively easy task. I also ordered a new SS drive on which to install the OS. I will take the original SS drive and format it so I can replace the secondary hard drive.

All of my amateur radio software is 'free' and readily available via download. The nice thing about that is that for every radio I own step #1 is to "read" the radio's stored database. So, even though the saved information on the drive(s) gets replaced by a fresh "read" anyway!

My Internet access via WiFi from my landlord's fiber optic system so I'm going to simply drop the WiFi connection overnight to minimize exposure to possible trouble going forward.

13 hours ago, kangoat said:

Do you have a free or paid OneDrive account? The paid plans have a file recovery feature that can help in this situation.

It is a 'free' account. To be frank I've never truly paid it any attention since nothing I do these days can be considered "mission critical" anyway.

8 hours ago, n4gix said:

My Internet access via WiFi from my landlord's fiber optic system so I'm going to simply drop the WiFi connection overnight to minimize exposure to possible trouble going forward.

If you're sharing the same local wifi network with your landlord, you may want to let them know what happened. Or even see if they were also hit.

20 hours ago, kangoat said:

If you're sharing the same local wifi network with your landlord, you may want to let them know what happened. Or even see if they were also hit.

I shall do just that. Thanks for the reminder.

On 2/4/2025 at 3:31 PM, kangoat said:

If you're sharing the same local wifi network with your landlord, you may want to let them know what happened. Or even see if they were also hit.

I've turned mine off... no wifi.  I see vehicles parked that don't live in the area with a laptop I get suspicious.

On 2/6/2025 at 7:37 AM, TuFun said:

I've turned mine off... no wifi.  I see vehicles parked that don't live in the area with a laptop I get suspicious.

From the deep, dark woods where I currently live, there quite simply isn't any opportunity for anyone to hitch a "ride" on our WiFi signal. The closest neighbor is nearly a mile away, and our "street" dead ends at our gate. 😉