Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.k2p ransomware


  • Please log in to reply
4 replies to this topic

#1 Victro

Victro

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:12 PM

Posted 10 February 2016 - 01:22 PM

Hello all,

 

 

I attempted searching for this on the forum and didn't find any information so I don't know if it's a new variant or not. The ransomware demands payment sent to hhosgor@yandex.com. I've attached a file below that is currently encrypted:

 

https://www.sendspace.com/file/dcssrj

 

Thanks in advance for any assistance provided! 



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,076 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:12 PM

Posted 10 February 2016 - 03:14 PM

Hi Victro,

 

Looks new to me, do you know how you were infected (visit a suspicious website or open an email attachment recently, for example)?

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,469 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:12 PM

Posted 10 February 2016 - 09:52 PM

Samples of ransom notes or suspicious executables (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (http://www.bleepingcomputer.com/submit-malware.php?channel=3) or here (http://www.bleepingcomputer.com/submit-malware.php?channel=170) with a link to this topic. Doing that will be helpful with analyzing and investigating by our crypto experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 t00ky

t00ky

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:03:12 AM

Posted 25 July 2016 - 09:19 AM

Hi Victro

 

2 of my customers have been hacked by the same ransomware

not by opening anything  but by remote desktop on their  servers and desktop

installing and running this program http://www.kruptos2.com/

1 customer paid the ranson and they sent a diffrent key for each computer

 

I have searched the net about this and yours is the first other post I have found

did you get hacked the same way

 

Both our customers are from the same area so it could be someone local


Edited by t00ky, 25 July 2016 - 09:33 AM.


#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,511 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:12 PM

Posted 25 July 2016 - 10:26 AM

Hi Victro

 

2 of my customers have been hacked by the same ransomware

not by opening anything  but by remote desktop on their  servers and desktop

installing and running this program http://www.kruptos2.com/

1 customer paid the ranson and they sent a diffrent key for each computer

 

I have searched the net about this and yours is the first other post I have found

did you get hacked the same way

 

Both our customers are from the same area so it could be someone local

 

So they had to use the Kruptos2 software in order to decrypt once given the key? If it was a manual hack via RDP and legitimate software such as that was used, I'm afraid we won't be able to help decrypt, as it is a secure program.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users