Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Decripted key


  • This topic is locked This topic is locked
9 replies to this topic

#1 netengs

netengs

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 28 January 2016 - 12:45 PM

Hello,

 

tx to your praiseworthy work I was able to recove my corrupted files; now I can share my key if it is helpful for anyone.



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:53 PM

Posted 28 January 2016 - 12:46 PM

Generally encryption keys are specific to each victim, so sharing your key will not help anyone else unless it was the same static key for EVERY victim.

 

Assuming you are talking about ransomware, what variant were you hit with and how did you decrypt your files?


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 netengs

netengs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 28 January 2016 - 12:59 PM

Generally encryption keys are specific to each victim, so sharing your key will not help anyone else unless it was the same static key for EVERY victim.

 

Assuming you are talking about ransomware, what variant were you hit with and how did you decrypt your files?

Sorry I posted wrongly; I clicked on "New Topic" instead of "Reply".
Anyway my key is for Teslacrypt with .vvv extension


Edited by netengs, 28 January 2016 - 01:04 PM.


#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:53 PM

Posted 28 January 2016 - 01:09 PM

Well, glad you got your files back.  :thumbup2:

 

Ya, for TeslaCrypt, each victim has a unique key to them, so sharing won't help at all I'm afraid.

 

Make sure to implement a backup strategy now that you have your files back; you got lucky with a variant that was cracked. Ransomware isn't the only way you can lose your files.

 

I personally recommend CrashPlan, Dropbox, Carbonite, or Google Drive. All have affordable options based on how much data you need backed up.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 netengs

netengs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 28 January 2016 - 01:26 PM

TAL for your help, I know the importance of backup, on cloud particularly.
:bowdown:

 

But is my key usable for factordb.com source?


Edited by netengs, 28 January 2016 - 01:27 PM.


#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:53 PM

Posted 28 January 2016 - 01:31 PM

Your factors are usable there, but not the key itself. You can post the prime factors you got to that database to help the community.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 netengs

netengs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 28 January 2016 - 01:41 PM

Your factors are usable there, but not the key itself. You can post the prime factors you got to that database to help the community.

I want to do this, but I don't understand clearly where posting and what; is it helpful for any user for Tesladecrypting?



#8 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,589 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:53 PM

Posted 28 January 2016 - 02:05 PM

During the process, you would have used yafu or msieve to factor a large number, the SharedSecret1*PrivateKeyBC or SharedSecret2*PrivateKeyFile. You enter this large number (usually 150-154 digits long) into factordb.com. Then, in the "Report Factors" at the bottom, you paste the factors you got (what you had put into TeslaRecoder or unfactor.py).

 

If someone else did the factoring for you and provided the key, then you won't have the factors for doing this.

 

It doesn't directly help other victims since everyone's is different, but there are chances that someone else may have a similar factor in their cofactor, which just helps out. Plus, it's just good to give back to the website that has been very helpful in helping everyone, since they didn't build it just for this. It is actually used by mathematics for all sorts of other reasons.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#9 netengs

netengs
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 28 January 2016 - 02:23 PM

TAL, I've done it.
:wink:

Bye.



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,053 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:53 PM

Posted 28 January 2016 - 05:25 PM

Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance the appropriate support topic. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users