JS malware. How Chrome helped me reverse a ransomware virus You've probably
received an email with a link to a suspicious archive at least once. The authors of such emails do everything possible to make an inattentive user follow the link and let them infect their computer. A similar letter came to my friend, and so he became one of the victims. And what kind of malware it was, we will figure it out together.
Before contacting me, a friend tried several times to open the file from the archive. According to him, nothing happened. But I still told him to immediately turn off the computer and remove the hard drive from it. However, it was too late.
The virus has already managed to encrypt half of the files on the D drive and even got into the shared folder. Some of the files were recovered using tools for recovering deleted files, but according to the law of meanness, the most important files were lost. Next is the classic of the genre: a new picture appeared on the desktop, as well as a text file demanding a certain amount for decrypting the data and the attacker's contacts.
New wallpapers
Later I decided to deal with this virus in a sandbox (VirtualBox + Windows XP). In the archive, I found a JavaScript file, more precisely a file with a .js extension and content that resembles JavaScript in syntax.
received an email with a link to a suspicious archive at least once. The authors of such emails do everything possible to make an inattentive user follow the link and let them infect their computer. A similar letter came to my friend, and so he became one of the victims. And what kind of malware it was, we will figure it out together.
Before contacting me, a friend tried several times to open the file from the archive. According to him, nothing happened. But I still told him to immediately turn off the computer and remove the hard drive from it. However, it was too late.
The virus has already managed to encrypt half of the files on the D drive and even got into the shared folder. Some of the files were recovered using tools for recovering deleted files, but according to the law of meanness, the most important files were lost. Next is the classic of the genre: a new picture appeared on the desktop, as well as a text file demanding a certain amount for decrypting the data and the attacker's contacts.
New wallpapers
Later I decided to deal with this virus in a sandbox (VirtualBox + Windows XP). In the archive, I found a JavaScript file, more precisely a file with a .js extension and content that resembles JavaScript in syntax.
