Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

to decrypt email id 1423316714 to sec222555@gmail.com !!).exe


  • Please log in to reply
5 replies to this topic

#1 godfatherblake

godfatherblake

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Analyst
  • Local time:12:36 AM

Posted 11 September 2012 - 02:18 PM

Does anyone know how to decrypt these kind of files? The original computer people formatted the drive so all of the possible keys are gone. Have a copy of everything but obviously they are encrypted believe using AES 256.
100F.JPG(!! to decrypt email id 1423316714 to sec222555@gmail.com !!).exe is an example and when trying to open asks for password. Databases, ini's, mdb's, etc. encrypted. It was a variation of the child pornography scam demanding $3000.

Any help would be appreciated as the agency had no backup and years of data is gone.

BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 12 September 2012 - 02:42 AM

The original computer people formatted the drive so all of the possible keys are gone

Hello and Welcome -
Is this a computer that you have purchased from a company / school / government department, or similar organisation ??
This would explain encrypted data on the computer that you can not access -

If not, what / who do you mean by "The original computer people" in your statement ??

Do you think your computer is infected by a Scam Type Infection at this time ??

<< the agency had no backup and years of data is gone >> Which Agency do you mean by this statement ??

Thank You -

#3 brandonve

brandonve

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:36 AM

Posted 12 September 2012 - 08:13 AM

You have this ransomware:

New ransomware called Anti-Child Porn Spam Protection
http://www.bleepingcomputer.com/forums/topic449398.html

New ACCDFISA Protection Center ransomware called Malware Protection
http://www.bleepingcomputer.com/forums/topic446111.html

There is no way to decrypt this files, because this is winrar self extracted archives with strong 50 character long password.

Some messages from admin:

http://www.bleepingcomputer.com/forums/topic449398.html/page__view__findpost__p__2774760
"Unfortunately at this time there is no way to generate the passwords. "

http://www.bleepingcomputer.com/forums/topic446111.html/page__view__findpost__p__2769328
"Unfortunately there is not much we can do about it anymore. There is no way of generating the passwords anymore."

http://www.bleepingcomputer.com/forums/topic449398.html/page__view__findpost__p__2732163
"Anyone posting positive feedback for the author is really doing themselves and others a disservice and only encouraging this criminal."
"Therefore, if you wish to let others know that you paid the ransom thats fine, but leave it at that. Any posts that look like you are providing positive feedback, though, will be deleted automatically."

http://www.bleepingcomputer.com/forums/topic449398.html/page__view__findpost__p__2760118
"Yes, from what we understand the malware writer does send the password. I would only do it if you have absolutely no choice though. "

You can find instructions how to remove screen locker, but I think this is unreal to bruteforce 50 character long password, so there is no way to decrypt files, try to contact malware author if you have no choice.

http://www.bleepingcomputer.com/forums/topic446111.html/page__view__findpost__p__2831405


This is very nasty virus. I had one of my customers was infected by this virus.

#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:36 PM

Posted 12 September 2012 - 04:26 PM

try to contact malware author if you have no choice

NOTE : This is NOT an Option .............
I would definitely reinstall the OS. After a hack you never know 100% what was done on the system. This is your only "Quick Option"

Hello -
If the above statement by member brandonve is correct you have only one action to take -
Please follow the instructions in ==>This Guide<== do steps 6-9

Once the proper logs are created, then make a NEW TOPIC and post it ==>HERE<== Please include the link to this topic in your new topic and a description of your computer issues and what you have done to resolve them.

If you can produce at least some of the logs, then please create the new topic and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the topic and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.
Post from another computer if this computer is unable to connect, and have at least 1 or 2 USB Flash Drives to transter details with -

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Thank You -

EDITED to repair links -

Edited by noknojon, 12 September 2012 - 04:30 PM.


#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,213 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:36 AM

Posted 12 September 2012 - 08:08 PM

Please Post in the Prep Guide referenced by nokojohn.

But it may actually be better to do a format and re install of the system. This is a new variant of an ugly malware and it may be safer and perhaps easier to wipe the drive in this case.

See this topic on this Ransomeware.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 godfatherblake

godfatherblake
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Analyst
  • Local time:12:36 AM

Posted 15 September 2012 - 07:35 AM

It was a local law enforcement agency. I am not going to name the agency in this forum as that would not make any difference anyway. The post about running the malware stuff and logs will do no good, because as I said in the orginal post the computer techs already formatted the drive and reinstalled the OS. The data that was encrypted was backed up to an external drive. I have already looked for a .txt or .enc file that may hold passwords, but it was obviously on the "C" partition that was formatted before reinstall of OS.

I support the software the agency uses for managment. The data in question is from the software so it was not from me getting a used computer with it on there.

Guess that pretty much answers the question, will not be able to get the data unencrypted.

Edited by godfatherblake, 15 September 2012 - 07:36 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users