Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransomeware with 'crypt' extensions, believed to be TeslaCrypt 4.0 ?


  • This topic is locked This topic is locked
1 reply to this topic

#1 arkle

arkle

  • Members
  • 46 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:54 PM

Posted 21 May 2016 - 01:43 PM

Hello guys,

 

I have the problem as per the title, and I have shown below a copy of what is now on my desktop.

I submitted this copy to a Malwarebytes site that told me it was TeslaCrypt 4.0.

As a result of this I ran Tesla decoder and when it finished it said that No files where decrypted, 77 skipped and no warnings.

In other words it failed to cure the problem, unless of course I didnt follow the instructions properly.!

 

All my files appear to have the extension,   crypt

 

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

 

 

@@@@@@@ NOT YOUR LANGUAGE? USE https://translate.google.com

@@@@@@@ What happened to your files ?
@@@@@@@ All of your files were protected by a strong encryption with RZA4096
@@@@@@@ More information about the en-Xryption keys using RZA4096 can be found here: http://en.wikipedia.org/wiki/RSA_(cryptosystem)

@@@@@@@ How did this happen ?
@@@@@@@ !!! Specially for your PC was generated personal RZA4096 Key , both publik and private.
@@@@@@@ !!! ALL YOUR FILES were en-Xrypted with the publik key, which has been transferred to your computer via the Internet.
@@@@@@@ !!! Decrypting of your files is only possible with the help of the privatt key and de-crypt program , which is on our Secret Server

@@@@@@@ What do I do ?
@@@@@@@ So , there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW! , and restore your data easy way
@@@@@@@ If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment


Your personal ID: 3EF10DE7453C

For more specific instructions, please visit your personal home page, there are a few different addresses pointing to your page below:

1 - http://6oxs5abbmzqvaa2a.onion.to
2 - http://6oxs5abbmzqvaa2a.onion.cab
3 - http://6oxs5abbmzqvaa2a.onion.city

If for some reasons the addresses are not available, follow these steps:

1 - Download and install tor-browser: http://www.torproject.org/projects/torbrowser.html.en
2 - After a successful installation, run the browser
3 - Type in the address bar - http://6oxs5abbmzqvaa2a.onion
4 - Follow the instructions on the site

Be sure to copy your personal ID and the instruction link to your notepad not to lose them.

 

,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,

 

This is a copy of the same thing in a different format,

.

NOAF602AFC2EFCBEFF14789CF72D388A7ET YAF602AFC2EFCBEFF14789CF72D388A7EOUAF602AFC2EFCBEFF14789CF72D388A7ER AF602AFC2EFCBEFF14789CF72D388A7ELANAF602AFC2EFCBEFF14789CF72D388A7EGUAF602AFC2EFCBEFF14789CF72D388A7EAGE? USAF602AFC2EFCBEFF14789CF72D388A7EE htAF602AFC2EFCBEFF14789CF72D388A7Etps://traAF602AFC2EFCBEFF14789CF72D388A7Enslate.goAF602AFC2EFCBEFF14789CF72D388A7Eogle.com
AF602AFC2EFCBEFF14789CF72D388A7E WAF602AFC2EFCBEFF14789CF72D388A7Ehat AF602AFC2EFCBEFF14789CF72D388A7EhapAF602AFC2EFCBEFF14789CF72D388A7Epened toAF602AFC2EFCBEFF14789CF72D388A7E yoAF602AFC2EFCBEFF14789CF72D388A7Eur fiAF602AFC2EFCBEFF14789CF72D388A7Eles?AF602AFC2EFCBEFF14789CF72D388A7E AlAF602AFC2EFCBEFF14789CF72D388A7El oAF602AFC2EFCBEFF14789CF72D388A7Ef yoAF602AFC2EFCBEFF14789CF72D388A7Eur fiAF602AFC2EFCBEFF14789CF72D388A7Eles weAF602AFC2EFCBEFF14789CF72D388A7Ere AF602AFC2EFCBEFF14789CF72D388A7EproAF602AFC2EFCBEFF14789CF72D388A7EteAF602AFC2EFCBEFF14789CF72D388A7Ected by a sAF602AFC2EFCBEFF14789CF72D388A7Etrong encrAF602AFC2EFCBEFF14789CF72D388A7EyptiAF602AFC2EFCBEFF14789CF72D388A7Eon wAF602AFC2EFCBEFF14789CF72D388A7Eith RSAF602AFC2EFCBEFF14789CF72D388A7EA4AF602AFC2EFCBEFF14789CF72D388A7E096
MAF602AFC2EFCBEFF14789CF72D388A7Eore informAF602AFC2EFCBEFF14789CF72D388A7Eation aboAF602AFC2EFCBEFF14789CF72D388A7Eut the encAF602AFC2EFCBEFF14789CF72D388A7Eryption keAF602AFC2EFCBEFF14789CF72D388A7Eys using RSAF602AFC2EFCBEFF14789CF72D388A7EA40AF602AFC2EFCBEFF14789CF72D388A7E96 cAF602AFC2EFCBEFF14789CF72D388A7Ean be foAF602AFC2EFCBEFF14789CF72D388A7Eund here:https://en.wikipedia.org/wiki/RSA_(cryptosystem)
AF602AFC2EFCBEFF14789CF72D388A7E How did tAF602AFC2EFCBEFF14789CF72D388A7Ehis hAF602AFC2EFCBEFF14789CF72D388A7Eappen? !!! SpeciAF602AFC2EFCBEFF14789CF72D388A7Eally for yAF602AFC2EFCBEFF14789CF72D388A7Eour PAF602AFC2EFCBEFF14789CF72D388A7EC was genAF602AFC2EFCBEFF14789CF72D388A7EeratAF602AFC2EFCBEFF14789CF72D388A7Eed persAF602AFC2EFCBEFF14789CF72D388A7Eonal RSAF602AFC2EFCBEFF14789CF72D388A7EA4AF602AFC2EFCBEFF14789CF72D388A7E096 KAF602AFC2EFCBEFF14789CF72D388A7Eey ,boAF602AFC2EFCBEFF14789CF72D388A7Eth publAF602AFC2EFCBEFF14789CF72D388A7Eic and prAF602AFC2EFCBEFF14789CF72D388A7EivAF602AFC2EFCBEFF14789CF72D388A7Eate.
!!! ALAF602AFC2EFCBEFF14789CF72D388A7EL YOAF602AFC2EFCBEFF14789CF72D388A7EUR FIAF602AFC2EFCBEFF14789CF72D388A7ELES were eAF602AFC2EFCBEFF14789CF72D388A7EncrAF602AFC2EFCBEFF14789CF72D388A7EypteAF602AFC2EFCBEFF14789CF72D388A7Ed wiAF602AFC2EFCBEFF14789CF72D388A7Eth the pubAF602AFC2EFCBEFF14789CF72D388A7Elic kAF602AFC2EFCBEFF14789CF72D388A7Eey,whAF602AFC2EFCBEFF14789CF72D388A7Eich hasAF602AFC2EFCBEFF14789CF72D388A7E beeAF602AFC2EFCBEFF14789CF72D388A7En traAF602AFC2EFCBEFF14789CF72D388A7EnsfeAF602AFC2EFCBEFF14789CF72D388A7Erred to yoAF602AFC2EFCBEFF14789CF72D388A7Eur coAF602AFC2EFCBEFF14789CF72D388A7Emputer vAF602AFC2EFCBEFF14789CF72D388A7Eia thAF602AFC2EFCBEFF14789CF72D388A7Ee IntAF602AFC2EFCBEFF14789CF72D388A7Eernet.
!!! DeAF602AFC2EFCBEFF14789CF72D388A7EcrAF602AFC2EFCBEFF14789CF72D388A7EypAF602AFC2EFCBEFF14789CF72D388A7Eting of youAF602AFC2EFCBEFF14789CF72D388A7Er filAF602AFC2EFCBEFF14789CF72D388A7Ees is oAF602AFC2EFCBEFF14789CF72D388A7Enly poAF602AFC2EFCBEFF14789CF72D388A7Essible wiAF602AFC2EFCBEFF14789CF72D388A7Eth tAF602AFC2EFCBEFF14789CF72D388A7Ehe hAF602AFC2EFCBEFF14789CF72D388A7Eelp oAF602AFC2EFCBEFF14789CF72D388A7Ef the priAF602AFC2EFCBEFF14789CF72D388A7Evate keAF602AFC2EFCBEFF14789CF72D388A7Ey and deAF602AFC2EFCBEFF14789CF72D388A7EcrAF602AFC2EFCBEFF14789CF72D388A7EypAF602AFC2EFCBEFF14789CF72D388A7Et proAF602AFC2EFCBEFF14789CF72D388A7Egram ,whiAF602AFC2EFCBEFF14789CF72D388A7Ech is on oAF602AFC2EFCBEFF14789CF72D388A7Eur SeAF602AFC2EFCBEFF14789CF72D388A7Ecret SAF602AFC2EFCBEFF14789CF72D388A7EerAF602AFC2EFCBEFF14789CF72D388A7Ever
AF602AFC2EFCBEFF14789CF72D388A7EWhAF602AFC2EFCBEFF14789CF72D388A7Eat AF602AFC2EFCBEFF14789CF72D388A7Edo AF602AFC2EFCBEFF14789CF72D388A7EI dAF602AFC2EFCBEFF14789CF72D388A7Eo ? So ,theAF602AFC2EFCBEFF14789CF72D388A7Ere aAF602AFC2EFCBEFF14789CF72D388A7Ere twAF602AFC2EFCBEFF14789CF72D388A7Eo waAF602AFC2EFCBEFF14789CF72D388A7Eys you caAF602AFC2EFCBEFF14789CF72D388A7En chooAF602AFC2EFCBEFF14789CF72D388A7Ese:waAF602AFC2EFCBEFF14789CF72D388A7Eit foAF602AFC2EFCBEFF14789CF72D388A7Er a miAF602AFC2EFCBEFF14789CF72D388A7Eracle anAF602AFC2EFCBEFF14789CF72D388A7Ed get yoAF602AFC2EFCBEFF14789CF72D388A7Eur priAF602AFC2EFCBEFF14789CF72D388A7Ece doubAF602AFC2EFCBEFF14789CF72D388A7Eled,or start obtAF602AFC2EFCBEFF14789CF72D388A7EaAF602AFC2EFCBEFF14789CF72D388A7Eining BAF602AFC2EFCBEFF14789CF72D388A7EITCAF602AFC2EFCBEFF14789CF72D388A7EOIN NOWAF602AFC2EFCBEFF14789CF72D388A7E! ,and resAF602AFC2EFCBEFF14789CF72D388A7Etore your data easy way If You have really valuAF602AFC2EFCBEFF14789CF72D388A7Eable daAF602AFC2EFCBEFF14789CF72D388A7Eta,you beAF602AFC2EFCBEFF14789CF72D388A7Etter not waAF602AFC2EFCBEFF14789CF72D388A7Este your time,becAF602AFC2EFCBEFF14789CF72D388A7Eause therAF602AFC2EFCBEFF14789CF72D388A7Ee is no otAF602AFC2EFCBEFF14789CF72D388A7Eher way to get yoAF602AFC2EFCBEFF14789CF72D388A7Eur fiAF602AFC2EFCBEFF14789CF72D388A7EleAF602AFC2EFCBEFF14789CF72D388A7Es,eAF602AFC2EFCBEFF14789CF72D388A7Except make a paymAF602AFC2EFCBEFF14789CF72D388A7Eent.
AF602AFC2EFCBEFF14789CF72D388A7EYouAF602AFC2EFCBEFF14789CF72D388A7Er persAF602AFC2EFCBEFF14789CF72D388A7Eonal id 3EF10DE7453C
For moAF602AFC2EFCBEFF14789CF72D388A7Ere specifAF602AFC2EFCBEFF14789CF72D388A7Eic instruAF602AFC2EFCBEFF14789CF72D388A7Ections,pleaAF602AFC2EFCBEFF14789CF72D388A7Ese visAF602AFC2EFCBEFF14789CF72D388A7Eit your peAF602AFC2EFCBEFF14789CF72D388A7Ersonal homAF602AFC2EFCBEFF14789CF72D388A7Ee paAF602AFC2EFCBEFF14789CF72D388A7Ege,
there are a few diffAF602AFC2EFCBEFF14789CF72D388A7Eerent addreAF602AFC2EFCBEFF14789CF72D388A7Esses poAF602AFC2EFCBEFF14789CF72D388A7Einting to yoAF602AFC2EFCBEFF14789CF72D388A7Eur page belAF602AFC2EFCBEFF14789CF72D388A7Eow:
  1. htAF602AFC2EFCBEFF14789CF72D388A7Etp://6oxs5abbmzqvaa2a.onion.to
  2. httpAF602AFC2EFCBEFF14789CF72D388A7E://6oxs5abbmzqvaa2a.onion.cab
  3. httAF602AFC2EFCBEFF14789CF72D388A7Ep://6oxs5abbmzqvaa2a.onion.city
If foAF602AFC2EFCBEFF14789CF72D388A7Er some reaAF602AFC2EFCBEFF14789CF72D388A7Esons the addAF602AFC2EFCBEFF14789CF72D388A7Eresses are not availaAF602AFC2EFCBEFF14789CF72D388A7Eble,folloAF602AFC2EFCBEFF14789CF72D388A7Ew theAF602AFC2EFCBEFF14789CF72D388A7Ese steps:
  1. DoAF602AFC2EFCBEFF14789CF72D388A7EwnlAF602AFC2EFCBEFF14789CF72D388A7Eoad and insAF602AFC2EFCBEFF14789CF72D388A7Etall toAF602AFC2EFCBEFF14789CF72D388A7Er-brAF602AFC2EFCBEFF14789CF72D388A7EowsAF602AFC2EFCBEFF14789CF72D388A7Eer:https://toAF602AFC2EFCBEFF14789CF72D388A7ErprojeAF602AFC2EFCBEFF14789CF72D388A7Ect.org/prAF602AFC2EFCBEFF14789CF72D388A7EojectAF602AFC2EFCBEFF14789CF72D388A7Es/torbAF602AFC2EFCBEFF14789CF72D388A7Erowser.hAF602AFC2EFCBEFF14789CF72D388A7Etml.en
  2. AfAF602AFC2EFCBEFF14789CF72D388A7Eter a succAF602AFC2EFCBEFF14789CF72D388A7EessfuAF602AFC2EFCBEFF14789CF72D388A7El installatAF602AFC2EFCBEFF14789CF72D388A7Eion,run the bAF602AFC2EFCBEFF14789CF72D388A7Erowser
  3. TyAF602AFC2EFCBEFF14789CF72D388A7Epe in the addAF602AFC2EFCBEFF14789CF72D388A7Eress baAF602AFC2EFCBEFF14789CF72D388A7Er:htAF602AFC2EFCBEFF14789CF72D388A7Etp://6oxs5abbmzqvaa2a.onion
  4. FollAF602AFC2EFCBEFF14789CF72D388A7Eow the instruAF602AFC2EFCBEFF14789CF72D388A7Ections on the siAF602AFC2EFCBEFF14789CF72D388A7Ete.
Be sAF602AFC2EFCBEFF14789CF72D388A7Eure to coAF602AFC2EFCBEFF14789CF72D388A7Epy your peAF602AFC2EFCBEFF14789CF72D388A7ErsoAF602AFC2EFCBEFF14789CF72D388A7Enal ID aAF602AFC2EFCBEFF14789CF72D388A7End the insAF602AFC2EFCBEFF14789CF72D388A7Etruction liAF602AFC2EFCBEFF14789CF72D388A7Enk to your notAF602AFC2EFCBEFF14789CF72D388A7Eepad not to lAF602AFC2EFCBEFF14789CF72D388A7Eose them.
 
I would appreciate any help or advice with this, and thank you very much for taking the trouble to look.
 
paul
 
 
 

 

 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:54 PM

Posted 21 May 2016 - 02:25 PM

There is no new version of TeslaCrypt. In fact...TeslaCrypt shuts down and Releases Master Decryption Key - How to use TeslaDecoder to decrypt Teslacrypt Encrypted Files

However, any files that are encrypted with CryptXXX Ransomware will have the .crypt extension appended to the end of the affected filename and leave files (ransom notes) such as yours...see here

There is an ongoing discussion in this topic where you can ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users