Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

is this another cryptolocker? if is not,what is this?


  • This topic is locked This topic is locked
7 replies to this topic

#1 Vince yong

Vince yong

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 June 2015 - 01:15 AM

Morning everyone,
pls help me with this, i have already 2 customers infected with this virus, infront of all the files have this > "error_(filename).xls", i doubt this is something like cryptolocker because it ransom for money too.

but it did not have any pop out like cryptolocker only have this text file all over the folder.

 

here are the text content.

************************************************************************************

Hi guys! We have bad news for you.

Your files have been crypted by 2 popular alghoritms - AES and RSA. Only we have private RSA key
All crypted files now starting with "error_":
 
You can buy our decryptor that will recover all your files. You need:
1) Send us 3 bitcoins on our bitcoin address 1BbwPfKWRjGNBWPHhW51SCj7FvEzx8a5ER (Now 1 bitcoin approximately = 230 usd)
   Only we and you know about this address, so we will understand that its your payment. 
2) Send us your unique identificator on our mail dogdog@ruggedinbox.com
3) Wait 1,2... or 24 hours and we will send you decryptor (it is very easy to use it - you
   need only run decryptor executable file and wait 5-10 hours and all files will be decrypted)
 
If we dont anwser on your letter more than 1 day then make your own mail account on www.ruggedinbox.com
(This action is very simple and takes 1-2 minutes) and send us your letter again 
(some mail servers (for example hotmail.com and outlook.com) blocking letters to www.ruggedinbox.com)
 
Your unique identificator: 827-112-679
 
You can use one of those sites to change your money to bitcoins:
www.btc.my
www.cryptomarket.my
www.bitcoinmalaysia.com
www.goldux.com
www.kraken.com
www.bitquick.co
www.howtobuybitcoins.info
www.bestchange.com
 
You dont need install any bitcoin software - you need only find bitcoin exchange service (also you can try find it here for your country - www.google.com)
 
Additional information: before payment you can send us one small file (not bigger than 300Kb).
and we will decrypt it before payment (also you need send us your unique identificator).
After that, we think that it will be evedent that we have the program that can decrypt your files.
 
We dont want to destroy your files! We only need some money!
 
************************************************************************************
 
can anyone help me to figure out what is this? really need help! 
 
thx alot
 

 

 



BC AdBot (Login to Remove)

 


#2 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:19 PM

Posted 17 June 2015 - 02:44 AM

Hello,

unfortunately it is ransomware.

 

Please read this for more info:

 

 

The newest variants of CTB-Locker typically encrypt all data files and rename them as a file with a 6-7 length extension with random characters. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolderTorrentLocker (fake Cryptolocker) or CryptoWall ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.

A repository of all current knowledge regarding this infection is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ

There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#3 Vince yong

Vince yong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 June 2015 - 03:05 AM

 

Hello,

unfortunately it is ransomware.

 

Please read this for more info:

 

 

The newest variants of CTB-Locker typically encrypt all data files and rename them as a file with a 6-7 length extension with random characters. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolderTorrentLocker (fake Cryptolocker) or CryptoWall ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.

A repository of all current knowledge regarding this infection is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ

There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

 

 

so it means, there is no solutions other than paying them? damn...



#4 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:03:19 PM

Posted 17 June 2015 - 03:15 AM

This isn't CTB-Locker, it's some other ransomware.

There is an ongoing investigation here.

#5 severac

severac

  • Members
  • 872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Serbia
  • Local time:04:19 PM

Posted 17 June 2015 - 03:31 AM

Great. Bad things evolve. :axe:

 

Another topic to follow. 

 

Thanks Alex.


I would like to help you to remove malware. Let's look inside.   :busy:

But I don't know to solve all PC problems.  :smash: 

 


#6 DarknessVoided

DarknessVoided

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 June 2015 - 03:42 AM

Another topic i need to follow for information. Hope you get this sorted out man.


Edited by DarknessVoided, 17 June 2015 - 03:43 AM.


#7 Vince yong

Vince yong
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:19 PM

Posted 17 June 2015 - 03:45 AM

This isn't CTB-Locker, it's some other ransomware.

There is an ongoing investigation here.

 

thx alex.

 

 

Another topic i need to follow for information. Hope you get this sorted out man.

 

thx darkness, this is the exact same ransomware im infected with.



#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,595 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:19 AM

Posted 17 June 2015 - 05:37 AM


Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in the topic discussion noted by Alexstrasza. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users