Fiverr Community Forum

Beware of Hackers and ransomewares

Hello Guys, I am writing this to share a horrible experience that I very recently had with a buyer on fiverr.

A few days ago while going through the buyer’s requests I saw a request from a buyer who was looking for sellers with high performance PC’s and stating that he had few algorithms to run and need some light database work. I sent him an offer. After sometime I got a reply from him in which he stated that I would need to run a beta version of a database software on my computer which they have modified according to their needs. He wrote some ambiguous description of work saying that the work is repetitive and it is not boring as it seems. He provided me a file saying that I need to run it and he will walk me through the procedure and after a few runs I will be good to go. When I tried to download the file I could not because my computer deleted it. I turned off the protection while blindly trusting on buyer and ran that file. After double clicking the file nothing happened. I repeatedly texted the buyer but he did not reply. After a while I opened task manager and I saw that the same executable was still executing and CPU and disk utilization was 100% by that file. I immediately terminated it and forced terminated that process.

Later on I came to know that all of my files across all drives including images, documents, pdfs, etc were encrypted and having a .cerber extension with a warning in text document stating that the worst has happened and it could only be reversed if I pay ransom in the form of bitcoin by going to one of the following .onion links through tor.

In short, I became the victim of cerber ransomware because I blindly trusted a client and I wanted a gig.

I have lost a lot of data that was very important because of this mistake.

Therefore, i just wanted to tell you that be careful and do not blindly trust any buyer and take extreme care when you are going to turn the antivirus off. If you are doing something for the buyers and you have any doubt about that do clarify with your buyer and do not act upon until he clarifies it to you.

Note : You can find more information about this kind of attack by searching with keywords Cerber Ransomware.

Why would you even agree to this for the sake of a few dollars anyway? Why did you go ahead when your virus program told you “NO NO NO” instead of researching the file name?

2 Likes

Another question is: why would a coder fall for something like this?

1 Like

I fell to this because I am a coder. Hope you understand.

But I am not a coder, and I would be deeply suspicious after the first message.

1 Like

Actually this was not the matter of few dollars but $250. We human beings have a lot of things going through our minds and their might be something, that sometimes divert our attention and make us do something which we should not do otherwise.

Yes I deeply feel that I should have been more attentive and suspicious.

Well, it certainly isn’t worth it…

If you still have the infected hard drive, there are two things which you could try. (Also, I’m not saying I can fix this at all so don’t get your hopes up). The first would be to go into all your folders and view all hidden files. I had a similar virus on a work PC once and by showing hidden files, I was able to retrieve copies of everything as they weren’t really encrypted or deleted, just hidden.

If that doesn’t work, you could make a bootable USB/CD with either Ubuntu or React OS. Make the installation media and boot from the USB or CD when you turn on your computer. This might allow you to then explore the folders on your existing hard drive and copy these to to a clean drive.

If that doesn’t work, while you have the bootable OS running, you could try installing linux (for Ubuntu) or windows (for React OS) versions of free antivirus tools like Avast and ClamV. You will then be able to scan your original drive and maybe scrub the ransomware/virus itself.

After trying all of the above, you could then try restoring your PC to an earlier operating point.

Like I said, though, don’t get your hopes up. I know very little about windows and these are just steps which I would take to try and retrieve data.

1 Like

I don’t understand why anyone would download this file from a stranger and turn off the virus protection and run the file.

1 Like

I always download attachments on here through a sandbox, any IT pro worth his salt would do the same, at the very least a virtual browser. :slight_smile:

That sucks but dude come on, you never download and install things that are flagged, if you do, you do in a virtual environment like a sandbox and you never turn off your AV or firewall! Lesson learned.

You can remove the virus but you can’t decrypt the files, they’re gone, unless you send the ransom, only way to get them back is if you backed them up to another drive or the cloud, which if they’re sensitive you should do regardless!

1 Like

Yes, I know this. However, a lot of ransomware doesn’t really encrypt files. It needs to look like it has done so instantly so it simply hides them. That said, the 100% cpu would put this case in genuine ransomware territory. I was just trying to help, though as in my view, it’s worth trying everything in this kind of scenario.

Hard life lessons are good! People learn! It’s all a bit sucky, but I did roll my eyes at the installing stuff after Avira (or whatever) said no. Chancers rely on this kind of behavior…

Only outdated and redundant ransom-ware doesn’t use cryptovirology and they basically don’t exist these days, unfortunately!

looks like you have a big problem(( Odin as Cerber very dangerous ransomware.

There are several ways of struggle, they are described in this article http://myspybot.com/cerber-virus/

for the future, here are the basic rules:

  1. Restore previous versions of encrypted files

  2. Backups can make your day

  3. Data recovery toolkit to the rescue

1 Like

Thanks for the info!
I did not know that extortionists had already expanded their interests from email to forums :disappointed_relieved: