Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

YDMMXAN Files (Any specific encryptor?)


  • This topic is locked This topic is locked
1 reply to this topic

#1 wishmakingfairy

wishmakingfairy

  • Members
  • 212 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:03:57 AM

Posted 29 June 2015 - 03:34 PM

Family member had their computer with a one of the cryptolocker type things. Anyone know the one responsible for the ydmmxan file extension, and if there is a decrypter for it?

 

Here is the Note:

 

Your documents, photos, databases and other important files have been encrypted
with strongest encryption and unique key, generated for this computer.

Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.

If you see the main locker window, follow the instructions on the locker.
Overwise, it's seems that you or your antivirus deleted the locker program.
Now you have the last chance to decrypt your files.

Open http://43qzvceo6ondd6wt.onion.cab or http://43qzvceo6ondd6wt.tor2web.org
in your browser. They are public gates to the secret server.

If you have problems with gates, use direct connection:

1. Download Tor Browser from http://torproject.org

2. In the Tor Browser open the http://43qzvceo6ondd6wt.onion/
   Note that this server is available via Tor Browser only.
   Retry in 1 hour if site is not reachable.

Copy and paste the following public key in the input form on server. Avoid missprints.
OSMLNB2-JCNWFII-27BEBUE-XRKLHA4-OC2JZ2R-IALHZB6-XDQIE77-LEKGLVZ
VQVKLNA-HPUOBC5-HQXNKXE-CR3PBBK-V4APIVT-BUV2O3G-5OTE4O3-KVR7OA3
RVLAE62-UDXOQXJ-EDYNFR2-DT7YROR-KU6PXVT-45CJYX2-IZLJ4GF-HYWVS5K


Follow the instructions on the server.

 

 

***To help make things much faster, the drive is no longer in the machine nor will it be returned to it as it failed a seatools test. That and... they said they don't really have a lot they want, but would like to try to save it if possible.****
 


Edited by hamluis, 29 June 2015 - 04:32 PM.
Closed per request - Hamluis.

Using ubuntu and sharing how to as well as collecting how to scripts for common programs. Feel free to ask or share ^-^


BC AdBot (Login to Remove)

 


#2 Sintharius

Sintharius

    Bleepin' Sniper


  • Members
  • 5,639 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Netherlands
  • Local time:09:57 AM

Posted 29 June 2015 - 03:57 PM

Hi there,

It looks like you are infected with CTB-Locker. Please read the information below.

The newest variants of CTB-Locker typically encrypt all data files and rename them as a file with a 6-7 length extension with random characters. The newer variants also do not always leave a ransom note if the malware fails to change the background, like it generally does. Compounding matters, the newer CTB-Locker infection has been seen in combination with KEYHolderTorrentLocker (fake Cryptolocker) or CryptoWall ransomware. Unfortunately, there is still no known method of decrypting your files without paying the ransom and with dual infections, that means paying both ransoms.

A repository of all current knowledge regarding this infection is provided by Grinler (aka Lawrence Abrams), in this tutorial: CTB Locker and Critroni Ransomware Information Guide and FAQ

There is also an ongoing discussion in this topic: CTB Locker or DecryptAllFiles.txt Encrypting Ransomware Support & Discussion. Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion.

To avoid confusion, I have asked a Moderator to close this topic.

Regards,
Alex




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users