Thursday, May 5, 2016

Ransomware infection update

 

First, THANK YOU ALL for the oustanding support and encouragement I have received - the flight simulation community has always been very kind and positive to me and my projects and it is awesome to know I have such a loyal and appreciative user base.
I have thought a lot on what to do next - and what would be the best thing for me. My final decision is as follows:

- The ransom WILL NOT be paid. It is not a question of the money per se - I am lucky enough so that 500 USD would not make a big difference for my bank account. It is just that I do not like giving money to criminals.

- The hard disk with my source 3D models has been segregated and kept in a safe place. Hopefully, sooner or later, a decryption tool with a key database will pop up. This was the case for similar malwares in the past few years - so there is a small hope. Very small. But it is defintely worth preserving the encrypted data.

- My system has been formatted and it is being rebuilt (with a much needed switch to a SDD). I have already installed Win 8.1, P3D, Tacpack and the P3D SDK. I will restart with a pristine system.

- Once the system is restored and all my design tools are in place, I will see what to do next.

DAMAGE ASSESSMENT:

Apart from my personal files (pictures, savegames etc.) I lost access to ALL my 3D source files and all master texture sheets. This includes pretty much 95% of my past work in terms of work hours. The files installed in the simulator were not affected (the ransomware did not touch the Program folder) so my latest flight version of the flight models and XML/avionics code are still available. Current situation is as follows:

AVATAR PACKAGE (payware) - Losing the source files for this project is quite saddening in particular the animation/bone system I created. I planned to update the current version and expand it with additional models, or create a "civilian" package. But given the small user base, and the amount of work needed decision is to TERMINATE the project and any further update. Sales will continue with current distributors 

F-35 LIGHTNING II (payware) - I was working on a significant upgrade with would include some bug fixings and some new functionalities. Lucklily the modeling work was finished, and the compiled models are safe - and so are the latest avionic files. Therefore the decision is to CONTINUE the development of the update.

EUROFIGHTER TYPHOON (payware) - This is probably the biggest loss. I will try to recover the geometry by decompiling the current .mdl and see what can be reused and what not. For the moment this project is ON HOLD.

T-45C GOSHAWK (freeware) - I don't know if I could add anything to this project - but it has always been by test bed and loosing it has more a sentimental value than anything. But there is not place for sentimentalism in the modern world so this project will be TERMINATED - version 2.83 is be the final version.

MB.326 (freeware) - An update was in the works with minor bug fixings...The update is CANCELED and the project will be TERMINATED.

S-3B VIKING (freeware) - An update which would have included some minor bug fixing, addition of TFLIR functionalites and a AI-Tanker model was in the works. I'll try to salvage the tanker model, but I cannot guarantee anything. Apart from that, the update is CANCELED and the project will be TERMINATED.

F-14D Super Tomcat (freeware) - There was actually a plan to develop a new, better payware version of this project. Maybe I'll pursue that in the future. As for this freeware rendition, any further update is CANCELED and the project will be TERMINATED.

Also, preliminary work on Aermacchi MB.339 is lost,
there is some undisclosed work done on the E-2/C-2 project in cooperation with another developer which - for a pure chance this is safe.

FUTURE PROJECTS:

It is still unclear to me if I have the time and will right now to embark on new projects - at least for the moment. I am looking into some very small, very quick projects to develop - just to check that everything is working. I have some ideas... but they are just ideas for now.

That is it for the moment. THANK YOU AGAIN for your support.

10 comments:

Tom said...

You should never ever pay for ransom-ware to be removed. They will take your money and you will never see a fix. There are probably some ways of dealing this matter but I am glad you did not pay the money because you would have just lost it.

Pedro Caldeira said...

Well Said.
110% agreed with you.
Is not the money, is giving it to criminals.
I will buy the F35 to help you in every way I can.
Meanwhile I will try to get all the info I can to help you decrypt the data that you have lost. Do you have more information about the ransomware that infected you ?
Best Regards from Portugal,
Pedro Caldeira

Pedro Caldeira said...

FYI
http://www.bleepingcomputer.com/forums/t/606583/cerber-ransomware-support-and-help-topic-decrypt-my-files-htmltxtvbs/

Anonymous said...

How about a Saab 340?

John said...

100% agree with your decision not to pay the ransom.

This sort of attack is not only cyber violence, but a form of theft as well.

I hope that you have/will inform the authorities where you live as everything possible should be done to close down these revolting people and wherever possible prosecute them to the full.

Sadly I am not skilled enough to help break this encryption, but I would encourage those who are skilled enough to do so to break this type of encryption and render the efforts of these criminals useless.

Dino, I have long been an admirer of your work and I hope you are not to disheartened by this attack. Please continue with your great work, all your work to date is worthy of being payware and, If it better enables you to protest your work, to continue along this line of development. To me the cost of a payware product is a just reward for the efforts you make.

Davida said...

Hi Deano, always seems to happen to the best. , we appreciate all the work you have done on some out standing aircraft, and we stand by your decision. This is just a reminder how rotten this world has become. Pity.

All teh best with new build.

Anonymous said...

Hi Dino, very disappointing news! You are really great at this, bunch of bastards!

Paulo Ferreira said...

Hello Dino, very sad thing this ransomwares. Good decision not giving them money!

Just recently i got in flight simulation and found your models, amazing work, thank you for sharing with us.

I would like to know if you can give us some tips how to avoid this type of malware, based on your experience (if possible).

Greetings from Brazil.

Eric said...

https://www.pcrisk.com/removal-guides/9842-cerber-ransomware

Unknown said...

Dino,

I know I'm a few blog entries late but I'm sorry to hear of your loss. I am happy to hear that you've decided to continue on some of your projects. Perhaps this was an opportunity to free up your time for other & new FS projects you haven't even thought of yet.

In the future, might I suggest storing your source work somewhere private & safe in the cloud? Or even considering something like Acronis True Image which allows you to back up the entire system for a full restore (even to their secure servers should you need the additional space)

It's sad, I wonder how remote the possibility is that some criminal knew how devoted you were to your work and targeted you specifically thinking they might benefit. Good on you not paying the ransom!

Best of Luck!,

Justin