hello. i am from Indonesia. firstly,very sorry if my english isnt good at all.
to the point,my friend's computer has been hit with Bitcrypt,new type of ransomware,i said new because i never see this type before.
data on his computer have ekstra ekstension, ex : blabla.jpg.bitcrypt , blabla.xls.bitcrypt . etc.
info that i have so far :
1. he said already use decryptor from kaspersky and the result is none of them can recover his encrypted data.
2. he also mentioned that he found bitcrypt.txt on his computer,but sadly he already erased it. well,i thought it could be useful for analysis here.
this is interesting part,he already googling,and found this web : http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt-broken
in that web,it said
This is definitely not a 1024 bits key! The number has 128 digits, which could indicate a (big) mistake from the malware author, who wanted to generate a 128 bytes key.
Finally, we simply deal with RSA-426 encryption, which can easily be broken on a standard PC in a matter of hours.
they also write this :
With such factors, we could build a Python script implementing all the cryptographic operations to decipher the encrypted files, and save the precious pictures. Such a Python script is available on our bitbucket repository.
this is link download to sample of my friend's data : http://www.mediafire.com/download/j4nwtxba5kj45jo/Bitcrypt.rar
i really need help to recover my friend data,pleasee...
if that web saying is true,then pleasee help how to get that decryptor for this bitcrypt,,
Edited by Orange Blossom, 05 March 2014 - 02:12 AM.
Moved to AII. ~ OB