Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

*.*.protected pleas pleas help me!


  • Please log in to reply
2 replies to this topic

#1 sumsum

sumsum

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:06:17 AM

Posted 12 May 2016 - 09:42 AM

Hallo

 

All my files are locked. I can`t open. It`s very important for my job.

 

www.id-ransomware.malwarehunterteam.com says:

"Unable to determine ransomware."

SHA1: 15df06e30bd5dc319cb0cf032617e118c4093dbe

 

the file endings is:    *.*.protected

 

Here is an example jpg-file:

 

https://workupload.com/file/JmqgP8p

 

and this is the note waht the virus wants from me:

 

https://workupload.com/file/aB9wsTp

 

Is there a chance, or have I to bye the key?

 

Thank you



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:17 PM

Posted 12 May 2016 - 09:51 AM

I have not seen a ransomware use that extension, this is most likely something new. It mentioned CryptoWall 3.0 in the ransom note, but I don't believe it is. I'll set out the hunt.

 

We will need a sample of the malware itself to analyze. Please submit any suspicious files here: http://www.bleepingcomputer.com/submit-malware.php?channel=168

 

I would run scans with MalwareBytes and HitmanPro, and search for what may have infected you such as a downloaded program, shady website, or email attachment/link.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:17 PM

Posted 29 November 2016 - 08:05 PM

We were able to track down a sample of this recently. Unfortunately, the authors are dumb and generate a new 15-character key per file, and never save it anywhere. The malware developer will not be able to decrypt your files even if you pay them. Each file would need to be brute-forced individually, as it is very similar to NegozI.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users