It appears you are dealing with a variant of Win32/Filecoder
...(aka Gpcode ransomware
or Encoder) which has been around for years, uses a secure encryption algorithm and has never been decryptable
is a crypto malware infection detected by ESET. According to their research lab, there are several different variants for which they add a modifier or additional information after the name that further describes what type of ransomware it is. Most of the Filecoder (Encoder) threat detections are more commonly identified as CryptoLocker, Cryptowall, and CTB locker but they are not actually the same.
variant encrypts data, appends an .0x0
extension to the end of each filename and leaves a ransom note named READTHISNOW!!!.TXT with a SECRET.KEY file. Other variants have been reported with a .bleep
extension appended to the filename, leaving ransom notes with names like FILESAREGONE.TXT, IAMREADYTOPAY.TXT, HELLOTHERE.TXT and IHAVEYOURSECRET.KEY, SECRETIDHERE.KEY files. In this this report
at Kaspersky forums...the content of the ransom notes are essentially identical with instructions to go to hxxp://bitmessage.org/
There is an ongoing discussion in this topic where you can ask questions and seek further assistance but I am not aware of any fix tool or way to decrypt encrypted data without the private key or paying the ransom.
As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups
. If that is not a viable option and if there is no fix tool, the only other alternative is to save your data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a possible solution so save the encrypted data and wait until that time.
Rather than have everyone start individual topics, it would be best (and more manageable for staff) if you posted any questions, comments or requests for assistance in that topic discussion. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion...this topic is closed.
The BC Staff