New
#1
Ransomware
I too would like to know how to completely remove Bitlocker.
<Attempting to provide relevant data only>
I upgraded to Windows 10 a few weeks ago, and today I woke up and SURPRISE; All my hard drives now read as encrypted with Bitlocker (except for my primary OS drive (SSD))
I went through the usual CMD steps playing with manage-bde and such. All signs point to some how some time during the night, all three separate physical hard drives were encrypted.
I just logged into the local administrator account (since my profiles are all on the now encrypted drive) and noticed a text document on the desktop.
Now, I have encountered variants of this from other clients - but I never thought it could happen to me.
The document reads as follows:
"Hello there.
I would like to tell you first I'm sorry about that. Your documents, files, databased most are in original places or some moved to your local data. If you want to regain access to your local disk, all your files, documents, etc please send 1 BTC (Bitcoin) to this address: 1PFkYtDbxQRTv8Xse77u7wYG5bht8QB6e2 as fast as you can and email me at datebatut@pochta.com If you dont know what bitcoin is, please ask me for bitcoin website that you can buy it fast or search on google for a local Bitcoin shop or ATM and transfer 1 BTC to this address: 1PFkYtDbxQRTv8Xse77u7wYG5bht8QB6e2
It's not my fault if you are try to format disk and lose all. Here are only one way to get all back and regain access to your local hard disk drive and this way is to send 1 Bitcoin to this address: 1PFkYtDbxQRTv8Xse77u7wYG5bht8QB6e2
It's just business not trying to get your money and then to not give to you the bitlocker password. Waiting for your reply to my email address ( datebatut@pochta.com ) if you wanna get the bitlocker password. Thanks for your time!"
So there you have it.
I would really like to know how this happened and how to prevent it from happening again.
Quote