CrySiS Reborn, Not Decryptable: [stopper@india.com].wallet

[ It drops a file on the desktop named STOPPER.txt: Attentiion!!! All your filess are encrypted! To decrypt your files, please contact us by email:stopper@india.com The method of infection was from unauthorized access (brute-force) RDP connection. It also drops AnonCrpt.exe on the desktop, 274KB file size; A quick analysis from VirusTotal shows the results below: [caption id=attachment_7784 align=alignnone width=565][![](/posts/assets/caption] As mentioned earlier, there is not a way to decrypt this currently.

READ MORE

Part 1: Analysis of a Wordpress Malware

I had some time at lunch to kill, so I decided to see how Malware techniques were improving in the land of WordPress and free premium theme download sites. Enter the Darknet. A simple Google search got me a theme ZIP file pretty quickly. Now, it was time to see what malicious happenings this thing would cause. Unpacked, here’s the structure of the ZIP file. . ├── functions.php ├── home.php ├── images │ ├── arrow.

READ MORE

Mixing Stable, Unstable, Testing and Experimental Packages in Debian

This is a very useful article from ServerFault on installing mixed packages in Debian. Many people seem to be afraid of mixing stable with testing, but frankly, testing is fairly stable in its own right, and with proper preferences and solution checking, you can avoid the stability drift that puts your core packages on the unstable path. Testing is fairly stable??, you ask. Yes. In order for a package to migrate from unstable to testing, it has to have zero open bugs for 10 consecutive days.

READ MORE

Get File Count Recursively

I’ve been working on a small tool to aid in removing duplicate files and as I’m going back over my roughed in code, I’m trying to optimize it for some performance gains. This snippet of code works really well for recursively counting files given a specific path. I originally found it at StackOverflow and slightly modified to suit my needs. Sub ProcessFile(ByVal path As String) fileCounter += 1 End Sub Sub ApplyAllFiles(ByVal folder As String, ByVal extension As String, ByVal fileAction As ProcessFileDelegate) For Each file In Directory.

READ MORE

CryptoLocker Database Search

I found the database dump of the CryptoLocker release from May 30, 2015 by the ransomware’s author. I decided to put it into a database and make a lame front-end for it to be queried against by either the bitcoin address or the public RSA key from the infected computer. Hope it helps someone out there. https://techish.net/locker/ Hi, I am the author of the Locker ransomware and I’m very sorry about that has happened.

READ MORE