Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


HowToDecrypt text file in some of my folders- what do I do?

  • This topic is locked This topic is locked
2 replies to this topic

#1 Ignith


  • Members
  • 2 posts
  • Local time:11:04 PM

Posted 15 November 2014 - 07:17 PM

So I was going through my files today, and some manga files I downloaded a few months ago couldn't be read. I checked the files, and then noticed a HowToDecrypt text file in every single folder. I'm not sure what variant of the cryptobit thing it is, but here's what the text says: 


Your important files has been encrypted on this computer: photos, videos, documents, etc. To be sure that is not a trick, try to open any of them.  Encryption was performed using RSA-4096 public key, uniquely generated for this computer. To decrypt files, you need to obtain private key. The single copy of the private key, which will allow you to decrypt the files, is located on a secret server in the Internet; the server will destroy the key after 96 hours since encryption finished. After that, nobody and never will be able to restore these files.  To retrieve the private key, you need to pay a fee.  Any attempt to remove this software or manually restore files may lead to unrecoverable consequences. If software were removed by antivirus, you can email to decrypt_files@mail.com and get copy for free. Please remember, deleting this software you're losing any chance to recover your data.  Currently we have two payment options:  1. 1(One) BTC You can send Bitcoin to our Bitcoin wallet - you can find our Bitcoin address below on this page. After you send Bitcoin - you need to enter your wallet info(from which payment was sent) in the form and click "Decode Files"  You can find where you can buy Bitcoins here: http://howtobuybitcoins.info/us.html https://localbitcoins.com/country/US   2. $500 MoneyPak xpress Packet voucher Easiest but little more expensive way.  a) Find a retail location near you. B) Look for a MoneyPak in the prepaid section. Take it to the cashier and load it with cash. c) To pay fine you should enter the digits MoneyPak resulting pass in the payment form below and click "Decode Files"   IMPORTANT: Do not try enter incorrect info, all payments checks manually and keys sends only after confirmation.  Furthermore, part of money goes to charity.  Thank you.


The files aren't really important to me, since I can redownload them, but is it possible that the virus can infect more files? I don't want this happening.


Also, I don't think Malwarebytes is detecting the virus... how do I fix it?


Is there any way to break the encryption without the stupid ransom thing?


BC AdBot (Login to Remove)


#2 Condobloke


    Outback Aussie @ 54.2101 N, 0.2906 W

  • Members
  • 6,050 posts
  • Gender:Male
  • Local time:05:04 PM

Posted 15 November 2014 - 07:25 PM




Condobloke ...Outback Australian  fed up with Windows antics...??....LINUX IS THE ANSWER....I USE LINUX MINT 18.3  EXCLUSIVELY.

“A man travels the world in search of what he needs and returns home to find it."

It has been said that time heals all wounds. I don't agree. The wounds remain. Time - the mind, protecting its sanity - covers them with some scar tissue and the pain lessens, but it is never gone. Rose Kennedy




#3 noknojon


  • Banned
  • 10,871 posts
  • Gender:Not Telling
  • Local time:05:04 PM

Posted 15 November 2014 - 11:01 PM

A repository of all current knowledge regarding CryptoWall & CryptoWall 2.0 is provided by Grinler (aka Lawrence Abrams), in this tutorial: CryptoWall and DECRYPT_INSTRUCTION Ransomware Information Guide and FAQ

Reading that Guide will help you understand what CryptoWall & CryptoWall 2.0 does and provide information for how to deal with it and possibly decrypt/recover your files. At this time there is no fix tool for CryptoWall.

CryptoWall 2.0 uses its own TOR gateways...see Updated CryptoWall 2.0 ransomware released that makes it harder to recover files.

There is also a lengthy ongoing discussion in this topic: CryptoWall - new variant of CryptoDefense.

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

The BC Staff

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users