Jump to content
Posted 29 December 2015 - 04:59 PM
Posted 29 December 2015 - 05:06 PM
My computer was infected by a ransomware. I don't know the type or name of that ransomware.
I forgot to take screenshot.
And on the top of ransomware screen, it was written "ransom32".
I was formatted C: drive and I installed Windows 10 again and now I cannot restore my system back.
I was trying Kaspersky Ransomware kit and other kits. I cannot open my pics, docs and mp3s.
Could you help me? I can send the encrypted files.
Sorry for my English.
your files are encrypted, if you do not have a backup you need to identify what ransomware it is and hope for one day that a decryptor is released.
teslacrypt is defined by VVV extensions, cryptowall4 is defined by random file names and random file extensions.
If you have a backup reformat your computer and reinstall windows and reinstate the data manually.
Edited by billo1007, 29 December 2015 - 05:07 PM.
Posted 29 December 2015 - 05:15 PM
I have submited an encrypted file.
Because of the reinstallation of Windows. I cannot find a restore point.
The names and extensions of files are same, but it cannot be opened.
Posted 29 December 2015 - 05:16 PM
HELP_DECRYPT.TXT, HELP_YOUR_FILES.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt HELP_RESTORE_FILES.txt, HELP_TO_SAVE_FILES.txt, RECOVERY_KEY.txt, DecryptAllFiles.txt DECRYPT_INSTRUCTIONS.TXT, INSTRUCCIONES_DESCIFRADO.TXT, How_To_Recover_Files.txt DECRYPT_INSTRUCTION.TXT, HOW_TO_DECRYPT_FILES.TXT, ReadDecryptFilesHere.txt, About_Files.txt, FILESAREGONE.TXT, IHAVEYOURSECRET.KEY, HELLOTHERE.TXT, SECRETIDHERE.KEY, READTHISNOW!!!.TXT, SECRET.KEY, HELPDECYPRT_YOUR_FILES.HTML, Help_Decrypt.txt YOUR_FILES.HTML, DecryptAllFiles_<user name>.txt, encryptor_raas_readme_liesmich.txt DecryptAllFiles_.txt, RECOVERY_FILES.txt, help_decrypt_your_files.html Howto_RESTORE_FILES_.txt, RECOVERY_FILE_.txt, restore_files_.txt, _how_recover_.txt howto_recover_file_.txt, how_recover+****.txt, recover_file_*****.txt Note: The (*) represents random characters which some ransom notes names may include.Please submit a sample of an encrypted file here (http://www.bleepingcomputer.com/submit-malware.php?channel=3) with a link to this topic.
Posted 29 December 2015 - 05:25 PM
What exactly are they?
...The names and extensions of files are same, but it cannot be opened.
Posted 29 December 2015 - 05:27 PM
I have formatted my C: hard disk and instal Windows 10 again.
All the file extensions and file names are same, nothing was changed.
There were two countdown timers on the ransomware screen, one of them is about payment time (4 days), the other one is about deletion time. It was said "your files will be deleted in .... hours" (about 12 days).
I have sent the file to you before that topic. Now i will send it again.
Posted 29 December 2015 - 05:33 PM
I sent an encrypted file to you.
Edited by junkcan, 29 December 2015 - 05:33 PM.
Posted 29 December 2015 - 05:50 PM
Posted 30 December 2015 - 04:30 AM
Looking into this one today.
Posted 30 December 2015 - 03:15 PM
Posted 30 December 2015 - 05:06 PM
To give you a quick update:
We did find the initial infection and are currently taking it apart. It is pretty unique to be honest and nothing that has been seen before, so the analysis will take a while unfortunately. xXToffeeXx and I try to get it done as quickly as possible and we will keep you posted.
Posted 30 December 2015 - 05:16 PM
Thank you very much. I will wait for your post.
I hope, it will be solved.
Edited by junkcan, 30 December 2015 - 05:32 PM.
0 members, 0 guests, 0 anonymous users