Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware and copycat: please some quick help!


  • Please log in to reply
3 replies to this topic

#1 Jedi82

Jedi82

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 05 February 2016 - 09:17 AM

Hy amazing community!!!! Just have some small questions about the famous Cryptolocker ransomware and the other copycat:

 

1) is there a simple way to know which one is the ransomware installed on an infected pc? I always see the alert message without the name of the virus!

2) if i think that a pc is been violated by the ransomware, the first thing to do is turn off the pc and disconnect from internet right? Ok but, can i turn on the pc then without internet and try something or the virus itself continue encrypt the files?

3) all of these ransomware attack also dropbox?

4) can i made a backup of encrypted files and leave them on an external disc without the risk of infecting other pc?

5) if i'm sure that a pc is infected by a ransomware, is there a tool like the amazing adwcleaner or other that clean the pc so that i can try to repair my files?

 

Thanks so so much to all of you!



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 PM

Posted 05 February 2016 - 09:37 AM

A repository listing of all Bleeping Computer Crypto malware Information and ransomware topics can be found in this index.Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with. All crypto malware ransomware use some form of encryption algorithms, most of them are secure, but others are not. The possibility of decryption depends on how thorough the malware creator, what algorithm the creator utilized for encryption and discovery of any flaws.

These are some of the more common ransomware file extensions appended to encrypted files....ecc, .ezz, .exx, .zzz, .xyz, .aaa, .abc, .ccc, .vvv, .xxx, .ttt, .micro, .encrypted, .locked, .crypto, _crypt, .crinf, .r5a, .XRNT, .XTBL, .crypt, .R16M01D05, .pzdc, .good, .LOL!, .OMG!, .RDM, .RRK, .encryptedRSA, .crjoker, .EnCiPhErEd, .LeChiffre, .keybtc@inbox_com, .0x0, .bleep, .1999, .vault, .HA3, .toxcrypt, .magic, .CTBL, .CTB2, or 6-7 length extension consisting of random characters?

These are some examples of ransom notes:
HELP_DECRYPT.TXT, HELP_YOUR_FILES.TXT, HELP_TO_DECRYPT_YOUR_FILES.txt, RECOVERY_KEY.txt
HELP_RESTORE_FILES.txt, HELP_RECOVER_FILES.txt, HELP_TO_SAVE_FILES.txt, DecryptAllFiles.txt
DECRYPT_INSTRUCTIONS.TXT, INSTRUCCIONES_DESCIFRADO.TXT, How_To_Recover_Files.txt
YOUR_FILES.HTML, YOUR_FILES.url, encryptor_raas_readme_liesmich.txt, Help_Decrypt.txt
DECRYPT_INSTRUCTION.TXT, HOW_TO_DECRYPT_FILES.TXT, ReadDecryptFilesHere.txt, 
_secret_code.txt, About_Files.txt, Read.txt, ReadMe.txt, DECRYPT_ReadMe.TXT, DecryptAllFiles_.txt
FILESAREGONE.TXT, IAMREADYTOPAY.TXT, HELLOTHERE.TXT, READTHISNOW!!!.TXT, SECRETIDHERE.KEY
IHAVEYOURSECRET.KEY, SECRET.KEY, HELP_DECYPRT_YOUR_FILES.HTML, help_decrypt_your_files.html
HELP_TO_SAVE_FILES.txt, RECOVERY_FILES.txt, RECOVERY_FILE.TXT, RECOVERY_FILE_[random].txt
Howto_RESTORE_FILES_.txt, Howto_Restore_FILES.txt, howto_recover_file_.txt, restore_files_.txt, 
how_recover+[random].txt, _how_recover_.txt, recovery_file_[random].txt, recover_file_[random].txt
recovery_file_[random].txt, Howto_Restore_FILES.TXT and help_recover_instructions+[random].txt

Note: The [random] represents random characters which some ransom notes names may include.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Jedi82

Jedi82
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:11:13 PM

Posted 05 February 2016 - 09:40 AM

Thanks! But, what i really still don't understand is if it's safe to try something on my pc during the infection. Example: i know that all my files are now encrypted...can i leave my computer on and try something? And on the other site: if the virus is still decrypting my files, can i just turn off internet connection to stay safe?



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,475 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:13 PM

Posted 05 February 2016 - 09:47 AM

I'm not sure what you want to try.

The best course of action depends on what ransomware you are dealing with. Each of the BC Crypto malware Information Guides, FAQs have a section...What should you do when you discover your computer is infected.

Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. However, most victims don't know how long the malware was on the system before they were alerted or if another piece of malware was responsible for installing it. If other malware was involved it could still be present if your antivirus did not detect and remove it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users