Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

tonic problem : azazel ransomware


  • Please log in to reply
10 replies to this topic

#1 abinashk

abinashk

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:04 PM

Posted 30 April 2015 - 09:43 AM

azazel ransomware has locked all the files and documents how can i unlock my files and get rid from this
help needed!!!
 
Mod Edit: Moved to Gen Security from Win 8 ~~ boopme

Edited by boopme, 30 April 2015 - 10:14 AM.


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:08:19 AM

Posted 30 April 2015 - 10:02 AM

Hello,

Can you take a screenshot of the ransom note? It can help if we can identify what type of ransomware it is.

Regards,
Alex

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:19 AM

Posted 30 April 2015 - 10:12 AM

The BC staff has advised our Security Colleagues who specialize in crypto malware ransomware with a link to this topic.

Did you find any ransom note? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a random named .html file.

Please submit a sample of an encrypted file here: http://www.bleepingcomputer.com/submit-malware.php?channel=3
with a link to this topic.

You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.

These are common locations malicious executables may be found:
%LocalAppData%
%Temp%
%ProgramData%
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 30 April 2015 - 11:35 AM

If it can help, this is what Azazal Ransomware looks like:

http://azazelunlocker.techinflux.com/tag/ransomware/
https://forums.malwarebytes.org/index.php?/topic/166637-possible-new-ransomware-azazel/

The ransom picture seems to be always the same one, same for the ransom note. So if you can't give us a screenshot or picture of the ransom picture, can you at least tell us if it was like the one in the links above?

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:19 AM

Posted 30 April 2015 - 04:57 PM

Grinler is aware and looking into this.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:03:19 AM

Posted 01 May 2015 - 08:04 AM

I'll look for a sample and take a look at it later on unless you have one you can provide via Mega.

Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#7 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 01 May 2015 - 08:13 AM

Also, there has been another thread posted about it on BleepingComputer a month ago, I knew it wasn't the first time I was seeing it here.

http://www.bleepingcomputer.com/forums/t/572149/to-decrypt-an-image-pdf-and-rar-files

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#8 karthikeyn

karthikeyn

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:49 PM

Posted 04 May 2015 - 09:51 PM

Pls help me removing the azazel virus and recover my encrypted files.I have tried with shadow explorer not able to retrieve the old versions of the file.

 

I think if we are able to find the unique encryption key will be able to decrypt the files

 

not sure just a suggestion.



#9 White Hat Mike

White Hat Mike

  • Members
  • 312 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:::1
  • Local time:03:19 AM

Posted 04 May 2015 - 10:44 PM

Pls help me removing the azazel virus and recover my encrypted files.I have tried with shadow explorer not able to retrieve the old versions of the file.

 

I think if we are able to find the unique encryption key will be able to decrypt the files

 

not sure just a suggestion.

 

If it were that simple, then ransomware wouldn't be a threat.


Information Security Engineer | Penetration Tester | Forensic Analyst

CipherTechs.com


#10 Aura

Aura

    Bleepin' Special Ops


  • Malware Response Team
  • 19,670 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:19 AM

Posted 05 May 2015 - 10:10 AM

Right now karthikeyn, you could always back up your encrypted files to another storage media (like an external hard drive) and then reinstall Windows if you cannot use your computer with Azazel on it. Or you could head to the malware removal section and follow the instructions in the preparation guide in order to receive assistance from a malware removal team member to get it removed from your system.

unite_blue.png
Security Administrator | Sysnative Windows Update Senior Analyst | Malware Hunter | @SecurityAura
My timezone UTC-05:00 (East. Coast). If I didn't reply to you within 48 hours, please send me a PM.


#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:19 AM

Posted 05 May 2015 - 01:16 PM

Pls help me removing the azazel virus...

Please follow the instructions in the Malware Removal and Log Section Preparation Guide. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users