Skunk(ette)s, We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting) Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid. Anyone else who has had to go through the same? What measures did you take to recover? Regards, *Kennedy Kairaria* Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
By the time we noticed they were also affected. Incremental backups. Regards, *Kennedy Kairaria* Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
What about the last FULL backup? Could be the only viable solution. Depending on your data generation and update, this could mean some severe backlog, at which point you may have to weigh between the cost of paying-off the ransom OR loading 2month old backups and updating the data. Of course, we can never be sure if paying the ransom will get the data back. -- On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
[image: Mic Drop] Pay up?? On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
2 btc ~ $830 Mayoooo...Serkali saidia! Regards, *Kennedy Kairaria* Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria On 1 April 2016 at 11:18, Obi wan riobani <rriobs@gmail.com> wrote:
[image: Mic Drop] Pay up??
On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
How did the machine get infected? On Fri, Apr 1, 2016 at 11:22 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
2 btc ~ $830
Mayoooo...Serkali saidia!
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 11:18, Obi wan riobani <rriobs@gmail.com> wrote:
[image: Mic Drop] Pay up??
On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards Brian Ngure
Same happened to us whem some office users got hit. Only option is to lose all your data and rebuild because we dont negotiate with terrorist. You will be same to have your backups stored offline. external HHD which you only connect for transfers. What encryption have this guys used? On Fri, Apr 1, 2016 at 11:28 AM, Brian Ngure via skunkworks < skunkworks@lists.my.co.ke> wrote:
How did the machine get infected?
On Fri, Apr 1, 2016 at 11:22 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
2 btc ~ $830
Mayoooo...Serkali saidia!
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 11:18, Obi wan riobani <rriobs@gmail.com> wrote:
[image: Mic Drop] Pay up??
On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Regards
Brian Ngure
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Francis Irungu,
Server details? Linux, Windows? On 1 April 2016 at 11:22, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
2 btc ~ $830
Mayoooo...Serkali saidia!
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 11:18, Obi wan riobani <rriobs@gmail.com> wrote:
[image: Mic Drop] Pay up??
On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Sarah Kagotho, skype: murugi.kagotho
Negotiate with them, pay up the negotiated $$$, then learn your lesson and move on. Otherwise you will get nothing unless you have backups. ______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh On 1 April 2016 at 12:29, Sara Kagotho via skunkworks < skunkworks@lists.my.co.ke> wrote:
Server details? Linux, Windows?
On 1 April 2016 at 11:22, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
2 btc ~ $830
Mayoooo...Serkali saidia!
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 11:18, Obi wan riobani <rriobs@gmail.com> wrote:
[image: Mic Drop] Pay up??
On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Sarah Kagotho,
skype: murugi.kagotho
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Brian, some suspicious email in our domain that seems as if you've sent yourself an email with an attachment. Sara, Windows 2012 R2 Regards, *Kennedy Kairaria* Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria On 1 April 2016 at 11:36, Mwendwa Kivuva <lordmwesh@gmail.com> wrote:
Negotiate with them, pay up the negotiated $$$, then learn your lesson and move on.
Otherwise you will get nothing unless you have backups.
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
On 1 April 2016 at 12:29, Sara Kagotho via skunkworks < skunkworks@lists.my.co.ke> wrote:
Server details? Linux, Windows?
On 1 April 2016 at 11:22, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
2 btc ~ $830
Mayoooo...Serkali saidia!
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 11:18, Obi wan riobani <rriobs@gmail.com> wrote:
[image: Mic Drop] Pay up??
On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
Backups? On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < skunkworks@lists.my.co.ke> wrote:
> Skunk(ette)s, > > We just got hit with the paycript ransom-ware on some of our file > servers we've managed t identify the domain accounts running the script and > disabled them. Seems to have stopped spreading across the network to our > other file servers(for now...48 hours and counting) > > Suspected source has also been identified and measures taken. What > remains now is finding a way to decrypt the files. The damn fools are > asking for 2BTC for them to decrypt and double the amount to charge by the > day if not paid. > > Anyone else who has had to go through the same? What measures did > you take to recover? > > Regards, > > *Kennedy Kairaria* > > Mobile: (254) 724 615232 > kenkairaria@gmail.com | > [image: LinkedIn] <http://www.linkedin.com/in/kairaria> > http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q > Contact me: [image: Skype] kennedy.kairaria > > _______________________________________________ > skunkworks mailing list > skunkworks@lists.my.co.ke > ------------ > List info, subscribe/unsubscribe > http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks > ------------ > > Skunkworks Rules > http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 > ------------ > Other services @ http://my.co.ke >
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Sarah Kagotho,
skype: murugi.kagotho
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
Kindly Share the domains so that we do not find ourselves in the same boat. On Fri, Apr 1, 2016 at 11:41 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
Brian, some suspicious email in our domain that seems as if you've sent yourself an email with an attachment. Sara, Windows 2012 R2
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 11:36, Mwendwa Kivuva <lordmwesh@gmail.com> wrote:
Negotiate with them, pay up the negotiated $$$, then learn your lesson and move on.
Otherwise you will get nothing unless you have backups.
______________________ Mwendwa Kivuva, Nairobi, Kenya twitter.com/lordmwesh
On 1 April 2016 at 12:29, Sara Kagotho via skunkworks < skunkworks@lists.my.co.ke> wrote:
Server details? Linux, Windows?
On 1 April 2016 at 11:22, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
2 btc ~ $830
Mayoooo...Serkali saidia!
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 11:18, Obi wan riobani <rriobs@gmail.com> wrote:
[image: Mic Drop] Pay up??
On Fri, Apr 1, 2016 at 11:01 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
By the time we noticed they were also affected. Incremental backups.
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
On 1 April 2016 at 10:58, Brian Ngure <brian@pixie.co.ke> wrote:
> Backups? > On 1 Apr 2016 10:52 am, "Kennedy Kairaria via skunkworks" < > skunkworks@lists.my.co.ke> wrote: > >> Skunk(ette)s, >> >> We just got hit with the paycript ransom-ware on some of our file >> servers we've managed t identify the domain accounts running the script and >> disabled them. Seems to have stopped spreading across the network to our >> other file servers(for now...48 hours and counting) >> >> Suspected source has also been identified and measures taken. What >> remains now is finding a way to decrypt the files. The damn fools are >> asking for 2BTC for them to decrypt and double the amount to charge by the >> day if not paid. >> >> Anyone else who has had to go through the same? What measures did >> you take to recover? >> >> Regards, >> >> *Kennedy Kairaria* >> >> Mobile: (254) 724 615232 >> kenkairaria@gmail.com | >> [image: LinkedIn] <http://www.linkedin.com/in/kairaria> >> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q >> Contact me: [image: Skype] kennedy.kairaria >> >> _______________________________________________ >> skunkworks mailing list >> skunkworks@lists.my.co.ke >> ------------ >> List info, subscribe/unsubscribe >> http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks >> ------------ >> >> Skunkworks Rules >> http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 >> ------------ >> Other services @ http://my.co.ke >> >
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Sarah Kagotho,
skype: murugi.kagotho
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
-- Best Regards Jimmy Thuo
Since this is not a life or death situation, buying time would be a waste of it, you'll have to give in to their demands OR consult some Israeli company like Beyond Security who'll obviously charge you more to crack a 1024 bit OpenPGP encryption. We live we learn. On Fri, Apr 1, 2016 at 10:51 AM, Kennedy Kairaria via skunkworks < skunkworks@lists.my.co.ke> wrote:
Skunk(ette)s,
We just got hit with the paycript ransom-ware on some of our file servers we've managed t identify the domain accounts running the script and disabled them. Seems to have stopped spreading across the network to our other file servers(for now...48 hours and counting)
Suspected source has also been identified and measures taken. What remains now is finding a way to decrypt the files. The damn fools are asking for 2BTC for them to decrypt and double the amount to charge by the day if not paid.
Anyone else who has had to go through the same? What measures did you take to recover?
Regards,
*Kennedy Kairaria*
Mobile: (254) 724 615232 kenkairaria@gmail.com | [image: LinkedIn] <http://www.linkedin.com/in/kairaria> http://kennedy-kairaria.g <http://kennedy-kairaria.branded.me/>q Contact me: [image: Skype] kennedy.kairaria
_______________________________________________ skunkworks mailing list skunkworks@lists.my.co.ke ------------ List info, subscribe/unsubscribe http://lists.my.co.ke/cgi-bin/mailman/listinfo/skunkworks ------------
Skunkworks Rules http://my.co.ke/phpbb/viewtopic.php?f=24&t=94 ------------ Other services @ http://my.co.ke
participants (9)
-
Brian Ngure -
francis irungu -
Jimmy Thuo -
Kennedy Kairaria -
MotoBaridi -
Mwendwa Kivuva -
Obi wan riobani -
Patrick Kariuki -
Sara Kagotho