- Lawrence Abrams (Grinler)
In the middle of October, reports have been coming into this topic about a new ransomware that encrypts local data and data on mapped drives. Once a file is encrypted it will change their extension to .SUPERCRYPT and leave a ransom note titled HOW-TO-DECRYPT-FILES.txt on the desktop. This ransom note will contain a unique infection ID for the computer and instructions to send this ID as well as an encrypted file to the malware developer at firstname.lastname@example.org. The malware developer will decrypt your submitted file as proof that they can do so and then send you back payment instructions. The current ransom is 300 Euros and can be paid in the form of Ukash vouchers or by sending 1 bitcoin. Victims who have paid the ransom were sent a decryption program that was able to decrypt their files.
It appears that computers are becoming infected by manual hacking of remote desktop or terminal services on the affected computer. Once the malware dev has access they will install SuperCrypt on the compromised computer and begin the encryption process. The developer will then remove malware samples when the encryption has been completed. From early reports, it appears that the computers being targetted are currently located in Europe.
The text of the ransom note is:
If you're reading this text file, then ALL your FILES are BLOCKED with the most strongest military cipher.
All your data - documents, photos, videos, backups - everything in encrypted.
The only way to recover your files - contact us via email@example.com
Only WE have program that can completely recover your files.
Attach to e-mail:
1. Text file with your code ("HOW TO DECRYPT FILES.txt")
2. One encrypted file (please dont send files bigger than 1 MB)
We will check your code from text file and send to you OUR CONDITIONS and your decrypted file as proof that we actually have decrypter.
1. The FASTER you'll CONTACT US - the FASTER you will RECOVER your files.
2. We will ignore your e-mails without attached code from your "HOW TO DECRYPT FILES.txt"
3. If you haven't received reply from us - try to contact us via public e-mail services such as Yahoo or so.
An image of the decryptor is:
Edited by Grinler to include info in the first post
Salve a tutti,
Qualcuno si è sfortunatamente imbattuto in un virus che si espande nella rete (server, pc, nas, cartelle condivise) e rinomina l'estensione di alcuni file (tipo xls,pdf,exe ecc...) in .SUPERCRYPT.
Ho cercato dappertutto su internet, ma nessuno riesce a decriptarmi i files incriminati.
Potete aiutarmi per favore???
Vi prego aiutoooo
EDIT: Mod boopme
Someone has unfortunately come across a virus that spreads in the network (servers, pc, nas , shared folders ) and rename the extension of some files (like xls, pdf, exe , etc ...) in .SUPERCRYPT .
I've searched everywhere on the internet, but nobody can decriptarmi files indicted.
Can you help me please ???
Edited by Grinler, 21 October 2014 - 01:21 PM.
Edited by grinler to include info on SuperCrypt