I don’t know if this is a long shot or not, but the company I work for was attacked. I work the third shift to run the night audit and in the morning just before I finished a shift our company was attacked. All of our servers were apparently attacked and in the C drive of the computer they used to execute the attack are a few “LOCK IT files” and then a text document called “Restore-My-Files”. I’m the text document is a message that reads…

Lock it 2.0 Ransomware,
Your data are stolen and encrypted
The data will be published on TOR website [web address] and [web address] if you do not pay the ransom
You can contact us and decrypt one file for free on these TOR sites
[Web address]
[Web address]
OR
[Web address]
Decryption ID: [numbers and letters]

Everything in brackets is stuff I omitted sharing cause I don’t want our company totally exposed, and I’m sure none of the web addresses are necessary to inquire about what exactly has happened to us… Is anyone familiar with this type of attack and what the course of action should be to recover everything and whatever. This is all just a mess. And like I said, I’m sure this is a long shot, but I figured it was worth asking. Thanks y’all!

Share This Discussion

2 Comments

  • ghost-train

    November 16, 2021

    This is called a ransomware attack and the most common type of attack ‘today’. Malware encrypts your files and asks for cryptocurrency to decrypt them. There’s no gaurantees.

    Your organisation should report it to the police.

    If you have cyber insurance your company should contact them so they can send in investigation and recovery experts. At the same time they’ll usually advise on external communication.

    Your backups are now critical and may only be the last chance of getting things back. I hope you do not have your backups on the main domain infrastructure and joined to it. Take those offline. Make readonly copies if you can. Scan and restore.

    It’s not for me make the decision to pay ransomware demands. That’s for your CEO. However the advise is to strongly NOT pay them.

    When you rebuild. Build with security in mind from ground up.

    Hope you get back up and running soon.

    Reply
  • MsLeeuhh

    November 16, 2021

    Thank you!! Yes, I understood it was a ransom attack, and our main IT guy at our property did mention that he took our backups off the main domain last week when we had a “soft hit” of sorts, and he warned some of our corporate folks then that they needed to make a report with police and have it sent on up to FBI and they declined to do that then. Now this has happened… Right now the tentative thought for possibly having us completely back up is by Friday.

    Reply

Leave a Comment

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.