Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Unknown virus encrypted files with "decipher@keemail.me" extension

  • This topic is locked This topic is locked
1 reply to this topic

#1 bagheera18


  • Members
  • 2 posts
  • Local time:10:25 PM

Posted 15 July 2015 - 03:55 AM

Last monday, an unknown virus wreaked havoc on our corparate network, encrypting all files it could find on network shares. This includes jpg, doc, docx, pdf and more of the regular types of files. All these files have been encrypted and the filename renamed from "filename.xxx" to "filename.xxx.id-7745646708_decipher@keemail.me".


Has anybody encountered this before? And more important, is there a way to recover the files? Curious thing is that we didn't get any ransomware notification.



Edited by bagheera18, 15 July 2015 - 04:14 AM.

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,765 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:25 PM

Posted 15 July 2015 - 05:15 AM

This ransomware infection may be related to this discussion topic:

New crypto ransomware <extension>.id-<number>_fud@india.com

From the above topic...

My client had many files (PDF, DOCX, and JPG) encrypted by the decode@india.com ransomware. Yesterday I tried the Kaspersky RakhniDecryptor decryption tool. After 16 hrs on a Core i7 with 14GB of RAM, the tool successfully decrypted all files. The tool requires you to provide an encrypted file with a supported extension, and _decode@india.com is among them. Your mileage may vary, but it's worth a try.

Please submit a sample of an encrypted file here with a link to this topic: http://www.bleepingcomputer.com/submit-malware.php?channel=3

You can also submit samples of suspicious executables or any malware files that you suspect were involved in causing the infection. Doing that will be helpful with analyzing and investigating.

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that support topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users