Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Files Encrypted with RSA-4096

  • Please log in to reply
1 reply to this topic

#1 Giovfranz


  • Members
  • 1 posts

Posted 03 April 2016 - 06:15 PM

Bolivia friends write them , asking for help about this virus that encrypted my data showing this message:


            !!! IMPORTANT INFORMATION !!!!

All of your files are encrypted with RSA-4096.
More information about the RSA algorythm can be found here:

Decrypting of your files is only possible with the private key and decrypt program, which is on our secret server.
To receive your private key follow one of the links:
    1. http://88fga.ketteaero.com/BC717BFF43E92797
    2. http://2bdfb.spinakrosa.at/BC717BFF43E92797
    3. http://uj5nj.onanwhit.com/BC717BFF43E92797

If all of the addresses are not available, follow these steps:
    1. Download and install Tor Browser: https://www.torproject.org/download/download-easy.html
    2. After a successful installation, run the browser and wait for initialization.
    3. Type in the address bar: k7tlx3ghr3m4n2tu.onion/BC717BFF43E92797
    4. Follow the instructions on the site.
!!! Your personal identification ID: BC717BFF43E92797 !!!

This message is displayed through a .txt file and a PNG image file , both created when infected.Thank you in advance the help you can give me . I'm desperate for the loss of my information.

atte Giovfranz

BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,579 posts
  • Gender:Male
  • Location:USA
  • Local time:02:12 PM

Posted 03 April 2016 - 06:24 PM

I'm afraid that is the ransom note for TeslaCrypt 4.0. There is currently no solution to decrypt files for free without paying the ransom at this time. The best option is to restore from backups, or try data recovery tools such as Recuva, PhotoRec, ShadowExplorer, or TestDisk.


You can read more information in the following support thread.


I will assume the files have no extension added to them as well? You can upload the ransom note and an encrypted file to the site in my signature to confirm the diagnosis of the ransomware.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users