Not TeslaCrypt...it appears you are dealing with a variant of Win32/Filecoder (aka Win32/Gpcod - Encoder - Win32/Xorist.bl - WinPlock).Win32/Filecoder
is a crypto malware infection detected by ESET. According to their research lab, there are several different variants for which they add a modifier or additional information after the name that further describes what type of ransomware it is. Most of the Filecoder (Encoder) threat detections are more commonly identified as CryptoLocker, Cryptowall, and CTB locker but they are not actually the same.
Detailed description for the Win32/Filecoder.FD
variant encrypts data with an .0x0
extension appended to the filename and leaves a READTHISNOW!!!.TXT and SECRET.KEY. Other variants have been reported with a .bleep
extension appended to the filename leaving ransom notes named FILESAREGONE.TXT, IHAVEYOURSECRET.KEY, HELLOTHERE.TXT, SECRETIDHERE.KEY. See this report
at Kaspersky forums. The content of the ransom notes are essentially identical with instructions to Go to http://bitmessage.org/
There is an ongoing discussion in this topic where you can ask questions and seek further assistance.
Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.
The BC Staff