A blogger on Bilibili, China's YouTube, who has more than 5 million fans said she was hacked by ransomware and all her teams' files were encrypted.
The blogger, by the name "机智的党妹" said on Monday her team's hundreds of gigabytes of video footage files are all encrypted by the virus, and the hacker left a blackmail letter: Want the footage back? Just pay the ransom.
Cybersecurity experts said that there is no way to solve this ransomware. The video revealing this experience was viewed by 3.85 million times on Bilibili as of late Tuesday.
The blogger said that previously her team put the material files in the local computer hard drive, but because the video clips and rendering material is too large, the team later spent more than a dozen thousand yuan to build a NAS as a public hard drive for internal use.
But to their surprise, after the NAS disk was set up and tested for some time, the ransomware was encountered on the first day it was put into use.
The IT staff within their team investigated and discovered that the hackers were using a ransomware virus called Buran.
After the files were attacked, the format of the files in the NAS drive was all changed to a strange format.
The hacker also left a .txt ransom letter on it stating that the file had been encrypted and the only way to recover it was to purchase a unique key.
At the same time, a string of IDs was left in the letter that allowed the hacker to be contacted through two specific mailboxes.
Notably, the hacker also cautioned the attacked against using third parties to decrypt and rename these files, and to charge a higher ransom if the decryption costs increase.
The hacker also cautioned the attacked person not to attempt third-party decryption or they could be spoofed further by a third party.
For such ransomware, a Tencent security expert said, unfortunately, for most ransomware attacks, there is no way to fix the decryption, which is also the reason why the ransomware industry continues to harm for years.