Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP_RESTORE_FILES_aeeuc.txt


  • This topic is locked This topic is locked
1 reply to this topic

#1 littleroot

littleroot

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:39 AM

Posted 07 May 2015 - 05:05 PM

After a nice break of several months we got one today. Just discovered it on corp computer, desktop, inside the network. Sheesh. Probably an Active-X Flash thingy. Wish we could implement EMET or at least ditch IE. More info as it comes in

 

 

HELP_RESTORE_FILES_aeeuc.txt 

 

All your documents, photos, databases and other important files have been encrypted with strongest encryption RSA-2048 key, generated for this computer.

Private decryption key is stored on a secret Internet server and nobody can decrypt your files until you pay and obtain the private key.

If you see the main encryptor red window, examine it and follow the instructions.
Otherwise, it seems that you or your antivirus deleted the encryptor program.
Now you have the last chance to decrypt your files.
Open in your browser one of the links:
http://iq3ahijcfeont3xx.dlosrngis35.com
http://iq3ahijcfeont3xx.anfeua74x36.com
https://iq3ahijcfeont3xx.tor2web.blutmagie.de
They are public gates to the secret server.
Copy and paste the following Bitcoin address in the input form on server. Avoid missprints.
1M6ccpFMWr83wu5s8xQwMsr3UyaNZ7WjDa
Follow the instructions on the server.

If you have problems with gates, use direct connection:
1. Download Tor Browser from http://torproject.org 2. In the Tor Browser open the http://iq3ahijcfeont3xx.onion/ 
   Note that this server is available via Tor Browser only.
   Retry in 1 hour if site is not reachable.
Copy and paste the following Bitcoin address in the input form on server. Avoid missprints.
1M6ccpFMWr83wu5s8xQwMsr3UyaNZ7WjDa
Follow the instructions on the server.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:39 PM

Posted 07 May 2015 - 05:33 PM

According to Fabian Wosar, one of our crypto-malware experts, you are dealing with TeslaCrypt...see his reply to another victim here.

Any files that are encrypted with TeslaCrypt will have the .ecc extension added to the end of the filename.
Any files that are encrypted with Alpha Crypt (TeslaCrypt renamed) will have the .ezz extension added to the end of the filename.

A repository of all current knowledge regarding TeslaCrypt and Alpha Crypt is provided by Grinler (aka Lawrence Abrams), in this topic: TeslaCrypt and Alpha Crypt Ransomware Information Guide and FAQ

There are ongoing discussions in these topic:Information about decrypting files affected by TeslaCrypt ransomware can be found in this topic: Cisco's Talos Group releases decryptor for TeslaCrypt.

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in one of those topic discussions. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users