Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

KimcilWare (.Locked) Ransomware Support and Help Topic - README_FOR_UNLOCK.txt


  • Please log in to reply
3 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,470 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:21 PM

Posted 30 March 2016 - 04:28 PM

A new ransomware has been spotted that appears to be targeting Magento web site. This ransomware is installed via an attacker hacking the server and uploading a PHP script. This script will then encrypt all files on the web site and append encrypted files with either the .kimcilware or .locked extensions.

While encrypting the data it will either replace the index.html with a ransom note or place the README_FOR_UNLOCK.txt file in each folder on the site.

ransom-note.png



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:21 PM

Posted 31 March 2016 - 12:37 PM

If anyone has been hit by this ransomware, please contact me. I may have a decryptor that just needs some extra information to try on a live sample.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 ozstar

ozstar

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Oz
  • Local time:12:21 PM

Posted 21 April 2016 - 05:22 PM

Hi, 

 

I have a client who has this problem.  Seems like Mar 14 it happened.

 

Thanks

 

oz



#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:21 PM

Posted 21 April 2016 - 05:45 PM

Hi, 

 

I have a client who has this problem.  Seems like Mar 14 it happened.

 

Thanks

 

oz

 

I've reached out to you via PM, we can see what can be done.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users