Jump to content
Posted 27 June 2012 - 04:43 PM
Posted 27 June 2012 - 05:24 PM
Posted 27 June 2012 - 06:12 PM
Posted 28 June 2012 - 02:07 AM
I was actually looking for file names, not malware names. Based on the ransom note you were hit by one of the recent Birele variants out there. This malware usually copies itself to your AppData directory (C:\Users\Username\AppData\Roaming). So logs of detections in that directory (including the file name) would be helpful to determine the exact variant.
Here is a screen shot after several scans with mse. I also scanned with symantec corp but it didnt name anything. MSE also submitted about a half dozen files.
Posted 28 June 2012 - 04:53 PM
Posted 29 June 2012 - 11:35 AM
To be honest, not promising. It all comes down to which variant exactly hit your client's system. This ransomware family in general uses randomly generated passwords to encrypt files using AES. The password is thereby generated not on the victim's system but by a server operated by the ransomer instead. Depending on which variant infected the system the malware may save this random password either permanently, temporarily or not at all. If the system got hit by one of the variants that saves the password permanently, you can decrypt the files just fine. If it got the variant that stores it temporarily, you may be able to decrypt the encrypted files, if you can restore the deleted password. If it got the variant that never saves the password at all, there unfortunately is no way to get the data back without paying the ransom.
What have been results of these in the past?
Posted 29 June 2012 - 01:49 PM
Posted 29 June 2012 - 02:43 PM
To be honest, I have no idea. Personally, unless my professional life depends on it, I wouldn't push my luck.
If you pay do they really provide the utility or is that just more of the scam?
0 members, 0 guests, 0 anonymous users