Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

akaibvn Ransomware Help & Support Topic - Decrypt All Files akaibvn.txt


  • Please log in to reply
4 replies to this topic

#1 madchemstnj

madchemstnj

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 14 May 2016 - 01:55 PM

i'm having a heck of time finding any ID and key for this ransomeware.  Attacked everything, .jpgs, office files, mp3s.  Nothing was spared, until I realized what was going on and disconnected from the network.  all files were appended with .akaibvn
 
thanks
 
jason

BC AdBot (Login to Remove)

 


m

#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:58 PM

Posted 14 May 2016 - 01:58 PM

You may use the service in my signature to identify the ransomware. I am suspecting it could be Maktub or CTB-Locker based on the information given, which will require uploading both a ransom note and encrypted file to the service below to properly identify. If it fails to identify the variant, post the SHA1 of the case here and I can investigate it further.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 madchemstnj

madchemstnj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 14 May 2016 - 04:50 PM

thanks Demonslay335.  no luck with the ID

 

 

Please reference this case SHA1: 66829ef1a98177d922877560cfe855bf48d568c9



#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,243 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:58 PM

Posted 14 May 2016 - 06:19 PM

Hmm. Definitely not Maktub, Tor page is too ugly for their style. Doesn't look like CTB-Locker from what I remember, but don't know if it maybe changed. We'll have to dig further into it. If you can locate any malicious files that would be helpful.

 

As reference for our convenience, here's the ransom note contents. They're asking for 3 BTC, which is about $1,377 USD... pretty steep price for the average user.

Your documents, photos, databases and other important files have been encrypted
with strongest encryption and unique key, generated for this computer.

Private decryption key is stored on a secret Internet server and nobody can
decrypt your files until you pay and obtain the private key.

If you see the main locker window, follow the instructions on the locker.
Overwise, it's seems that you or your antivirus deleted the locker program.
Now you have the last chance to decrypt your files.

Open http://5kiuc45pat3qr6gd.onion.cab or http://5kiuc45pat3qr6gd.tor2web.org 
in your browser. They are public gates to the secret server. 

If you have problems with gates, use direct connection:

1. Download Tor Browser from http://torproject.org

2. In the Tor Browser open the http://5kiuc45pat3qr6gd.onion/
   Note that this server is available via Tor Browser only. 
   Retry in 1 hour if site is not reachable.

Copy and paste the following public key in the input form on server. Avoid missprints.
W3XUYK-PE7U3E-2W22EU-PZJOFK-4PT2TC-PADO74-ERGSSN-[redacted]
7XIQ3H-VUYSHN-QZYLG5-[redacted]-2QAEOT-LCWOI4-F6T5JT-OI32PK
[redacted]-I6XKFE-RB3YD7-PPDKEY-UX44L6-3VGPYD-GMECL5-RXH233

Follow the instructions on the server.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 madchemstnj

madchemstnj
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:58 AM

Posted 15 May 2016 - 01:55 PM

I wiped out all the files I could find. I'll see what if anything exists.  thanks.

 

sooooo frustrating






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users