被加密后文件拓展名为gerosan的病毒,联系邮箱为gorentos@bitmessage.ch,gorentos@firemail.cc,

昨天（2019.6.11）发生了一件很不幸运的事情。windows 10系统右下方显示系统没激活，我就到网上去下载了一个所谓的windows数字激活的工具。解压压缩包后，双击了exe文件，显示工具有更新版本，让我更新工具。结果我发现它搞了一段时间都没下好，还在帮我安装软件。意识到是病毒，立马强力卸载它安装的几个软件。一会弹窗显示windows10系统在更新，从窗口外观真的像在更新系统。过了一会，又频繁地打开网页，桌面也在频繁的刷新，估计此时正在加密我的文件。我有点慌，想打开强力卸载的工具卸载它安装的软件，发现卸载工具被改了拓展名打不开了，其他的文件也如此。我又联网下载了360安全卫士，想着如果是老病毒可能管用吧。下载完360卫士把网线拔了，怕它在局域网传播。仔细看盘，发现了它勒索的文字，让我用比特币购买解密软件和密钥。我慌了一会就向我们老师报告了这个事件。我回到宿舍向勒索的邮箱发了一个邮件，第二天早上得到了回复，也向学校网络安全中心报告了这个事件。 它的勒索文字如下：

 Don't worry, you can return all your files!

 AII your files like photos, databases, documents and other important are encrypted with strongest encryption and unique key.The only method of recovering files is to purchase decrypt tool and unique key for you.I This software will decrypt all your encrypted files.What guarantees you have?

You can send one of your encrypted file from your PC and we decrypt it for free.But we can decrypt only 1 file for free. File must not contain valuable information.You can get and look video overview decrypt tool:http://we.tl/t-hvv30uAtTY

Price of private key and decrypt software is $980.

 Discount 50% available if you contact us first 72 hours, that's price for you is S490.Please note that you'll never restore your data without payment.

Check your e-mail "Spam" or "Junk" folder if you don't get answer more than 6 hours.

To get this software you need write on our e -maild gorentos@bitmessage.ch

Reserve e-mail address to contact us:

 gorentos@firemail.cc

 Our Telegram account:

@datarestore

 I Your personal ID:

 101nHfssdMtNBOX6CVAz9QciQU6mib6BqcLKSLOSA5f65MM0g

------------我给它提供的地址发了一个邮件，得到了下列的回复------------------------------------------------

You need to purchase an decrypt software and unique private key.
After you will get software, start it and decrypt all your data.
You can download video overview decrypt tool:
https://we.tl/t-hvv30uAtTY

Price of private key and decrypt software is 0.09 bitcoin with 50% discount.
0.09 bitcoin ~ 490 usd.

Before paying you can send 1 file for free decryption.
Send us your personal ID too.
Please note that files must NOT contain valuable information.

After payment we answer all your questions about server safety.

The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller by payment method and price.
Video manual:
1 - You need register localbitcoins account:
https://www.youtube.com/watch?v=6Lx-W8Kxlq4

2 - Buy bitcoins in localbitcoins video:
https://www.youtube.com/watch?v=hzHLeeU1tFE

3 - Send your bitcoins to our wallet video manual:
https://www.youtube.com/watch?v=u6CTDz7SXEU


Any bitcoin exchangers:
BuyBitcoin
CoinMonitor.io
CoinMama
Changelly.com
PAYEER
CEX.IO
Coinbase.com
Paxful.com
Coincafe.com