Help ! Windows 7 and Bitlocker hijack.....

I saw this txt file on my desktop this morning:

You can use https://translate.google.com/ from your language to english if you don't know it.
Hello there. Your documents, files, pictures, etc most are in original place or some moved to local data. If you want to regain access to your local disk, all your files, documents, etc please send 1 BTC (Bitcoin) to this address: *** as fast as you can and email me at *@outlook.com If you dont know what bitcoin is, search on google for a local Bitcoin shop or ATM and transfer 1 BTC to this address: ***

Here are only one way to get all back and regain access to your local hard disk drive and this way is to send 1 Bitcoin to this address: ***

It's just business not trying to get your money and then to not give you the password. Waiting for your reply to my email address ( ***@outlook.com ) if you wanna get the bitlocker password. Thanks

I don't have NAS, only one router and a notebook

Now, except C all my drives are bitlocked

HELPPPPPPPPPPPPPPPPPP

what to do now?

你架機俾人 hack 左

TOP

回覆 1# thesleeper


    no backup ? ... bye bye ...

TOP

What have you done recently to get hijacked?
Now you can only recover from your backup (if any)
or pay the j**k to get your files back

TOP

回覆 1# thesleeper


    which version of windows you are using ? ....

TOP

本帖最後由 thesleeper 於 2015-4-4 18:10 編輯

the hacker gained access by remote desktop.....
has been attempting since 3/4 noon and that guy cracked my password at 4/4 04:00am
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

TOP

回覆 6# thesleeper
附件: 您需要登錄才可以下載或查看附件。沒有帳號?註冊

TOP

請問 router map 左咩 port 去電腦道?
3389?

TOP

本帖最後由 EITCo 於 2015-4-4 21:39 編輯
the hacker gained access by remote desktop.....
has been attempting since 3/4 noon and that guy crac ...
thesleeper 發表於 2015-4-4 18:07



It seems your password is quite simple.
There were only 34 login attempts in the particular hour shown above.
Yet the guy cracked it in a day.

Oh I see there were actually 36 attempts in a few minutes.
Still, I would say you password is a short one.


Your better setup a guard to lock the PC on multiple failed logins.
It can be done in gpedit.msc.

However I would like to ask is it sufficient to look for the absence of the event 1012 above,
to comfirm that no one tried to remotely login my PC?
I am searching for a convenient way to check that.

Last thing I am curious too is the port you used.
I changed mine but I guess this won't block the hijackers.

TOP

我比較有興趣知點解樓主會開左 port 3389 俾人入去
樓主就算 restore 返 files,但唔改善保安,就會一直成為被 hack 對像,直到永遠

TOP