Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Ransom Virus ENCRYPTS data files

  • Please log in to reply
2 replies to this topic

#1 DevNullTech


  • Members
  • 3 posts
  • Local time:08:30 PM

Posted 31 May 2012 - 01:36 PM

Any information regarding this virus? This new variant that is attacking people which is encrypting their data files? Does anyone have any clue how we can decrypt the information that uses the LATEST ransomeware? This is the one where it takes the bit count from the hard drive.

More information can be found here.

The current “ransomware” campaign uses a novel approach to extort money from naive Internet users. Malware from cybercriminals infects personal computers by claiming to be a genuine Windows update. Once installed, this malware encrypts data on the hard drive and displays a message (see Figure 1) in German that translates to “Your system has been infected with a Windows Trojan encryption due to visiting pages with pornographic content and your data files are encrypted with AES 256-bit encryption algorithm” and asks the victim to pay 100 euros via a Paysafe or Ukash voucher number. These malware binaries spread through spam emails.

Edited by Andrew, 01 June 2012 - 03:25 PM.
Mod Edit: Snipped - AA

BC AdBot (Login to Remove)


#2 DevNullTech

  • Topic Starter

  • Members
  • 3 posts
  • Local time:08:30 PM

Posted 01 June 2012 - 03:20 PM

Any update on this? Anyone here able to provide any information on removal?

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,937 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:30 PM

Posted 07 June 2012 - 07:19 AM

The Kaspersky Virus-fighting utilities page includes several tools for several variants of ransomeware.
XoristDecryptor (Trojan-Ransom.Win32.Xorist)
RectorDecryptor (Trojan-Ransom.Win32.Rector)
RannohDecryptor (Trojan-Ransom.Win32.Rannoh)

Dr. Web also offers a cleaning tool:

Although ransomware is not a new scourge in the computer world, a new variation has recently surfaced. The old ransomware would lock you out of your computer until you paid the hijacker a fee to unlock your system. This new variant encrypts your data files. You need a "Key" to un-encrypt the files.

New Ransomware has surfaced (Update)
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users