Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Beni Oku.txt


  • Please log in to reply
8 replies to this topic

#1 idassa

idassa

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 09 April 2016 - 06:45 AM

Did anyone encountered this ransomware note Beni Oku.txt  that I believe is in Turkish ??? It encrypted files into rar*. I have no idea what kind of ransomware this could be. Any ideas?


Merhabalar Sisteminizde Ufak Çapta Ama Buyuk Sorunlar Olusturucak Açik Buldum Ve
Sisteminizi Hackledim Ve Bilgilerinizi Sifreledim Dosyalariniz Geri Getirilmiycek
Sekilde Sifrelendi Ve Silindi Datalarinizi Kurtarmak Için Bosuna Vakit Harcamayin
Kesinlikle Ve Kesinlikle Ne Sifreyi Kirabilirsiniz Nede Datalari Kurtarabilirsiniz
Bizimle Anlasmaya Saglarsaniz Datalariniz Eskisi Gibi Kullanabilirsiniz Panik Yapcak
Bi Olay yok Datalarinizi Almak Isterseniz Bize Mail Atiniz IP Adresinizi Belirterek Mail
Atiniz Ona Göre Fiyat Biçimi Vardir Iyi Çalismalar Dilerim...
datakurtar0001@gmail.com
datakurtar0001@gmail.com
datakurtar0001@gmail.com
datakurtar0001@gmail.com
datakurtar0001@gmail.com
Hello in small diameter on the system but it will create major problems and I found Open
And I've hacked into your system, your files, encrypt your data back Getirilmiycek
The figure was encrypted and deleted to recover your data, do not spend in vain For the Times
And certainly what password you can certainly l still may break Recover Data on the Net
If you have data you can use Sage agreement with us like the old one panic Yapese
If you are not BI Event Keep your Data Whether you mail us specifying your IP address Ati Mail
I wish him to Ati by Price Format Vordur II Studies of ...
 

Image what happened to files:http://s14.postimg.org/5lto9g61t/Beni_Oku.jpg

 

Any feedback would be highly appreciated. :thumbsup2:



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:10 PM

Posted 09 April 2016 - 10:13 AM

Can you located any suspicious executable files? We'll need a sample to determine if there is a weakness. You can scan with HitmanPro or MalwareBytes to try looking for anything. Do you know if you got it from an email attachment, website download, or torrent perhaps?

 

You may submit any malicious files to the following link for analysis: http://www.bleepingcomputer.com/submit-malware.php?channel=168


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 idassa

idassa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 09 April 2016 - 11:13 AM

Thank you for a quick reply. Well. the computer is not mine but from my friend. I've only a big zedek.rar file (you can see it in a image posted) that I got from his HDD. Let me see tomorrow to get the whole image of his HDD and I'll upload smaller infected *.rar files. Thank you for your concern Demonslay33. I'll keep you posted.

 

P.S. I think he got it by browsing web but not sure.

 

P.P.S. Yes, and search for some malicious .exe files.


Edited by idassa, 09 April 2016 - 11:23 AM.


#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:10 PM

Posted 09 April 2016 - 11:27 AM

With this type of "encryption", having smaller RAR files won't be of any help, since they are simply password-protected archives. We need the malware itself to analyze. Otherwise, attempts at cracking the password of the archives will be fruitless, and probably impossible.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 idassa

idassa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 09 April 2016 - 11:30 AM

Got it. I'll make extensive search for any suspicious files once I put his HDD in some testing machine and then will post my findings.



#6 idassa

idassa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 14 April 2016 - 01:14 PM

After a few days of examining data I found practically nothing. I know how and when it happened  but couldn't find actual *.exe or other file that basically rar encrypted files.

 

What happened is that someone downloaded and ran a cracked WinRAR exe God knows from where file and then all hell brake loose. Bitdefender didn't even reacted.

 

So, my conclusion is that my friend will have to forget about his data and use the old backup that he has after disinfecting HDD.

 

Anyway, thank you for reading this post.



#7 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:10 PM

Posted 14 April 2016 - 01:41 PM

I would definitely hold onto that RAR file in the event we find something. I would even recommend making an image of the system before disinfecting it, just in-case we find something is stored elsewhere. Until we secure a sample, there's not much else we can do or assume at this point.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#8 idassa

idassa
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:10 PM

Posted 14 April 2016 - 01:45 PM

Done.  :thumbup2:



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,756 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:10 PM

Posted 14 April 2016 - 05:22 PM

When or if a solution is discovered, that information will be provided in this support topic and you will receive notification since you are subscribed to it.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users