Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

new ransomware ??


  • Please log in to reply
17 replies to this topic

#1 johnekamper

johnekamper

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 June 2016 - 07:01 AM

someone who knows what to do with it 45a2ddf054c4cea263c2c1c4590a05cfd85084fd 

 

please help me 



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:52 AM

Posted 02 June 2016 - 07:27 AM

More information is needed.

Are there any file extensions appended to your files?

Did you find any ransom notes? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. They typically are found in every directory where data was encrypted. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url file.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with possible identification and confirmation.

Samples of any encrypted files, ransom notes or suspicious executables (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (http://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic.

Once we have identified/confirmed which particular ransomware you are dealing with, we can direct you to the appropriate discussion topic for further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:52 AM

Posted 02 June 2016 - 07:33 AM

ID Ransomware can't do anything with a zip file. You need to upload an individual encrypted file. Since the files have no extension added, it would also really help of you can provide it a ransom note.

I'm mobile now, so I can't manually inspect the files you zipped for a bit. If there is a known hex signature, IDR will pick it up if you upload a file on its own. If it is a generic encryption though that doesn't leave a "fingerprint", then the only way to identify will be with a ransom note.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:52 AM

Posted 02 June 2016 - 08:13 AM

Hmm, interesting. All files you submitted have the same first 4 bytes, with slight variance in the next 4 bytes. This may be due to a very basic algorithm like XOR, and the fact they are all JPGs (parts of the header will originally be similar).

 

Do you have any files that are encrypted, and you also have a clean version of it? I see you also uploaded Koala.jpg, but it was a clean copy. If you have an encrypted version of any of the public sample pictures, we can go off of that.


Edited by Demonslay335, 02 June 2016 - 08:14 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 johnekamper

johnekamper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 June 2016 - 09:25 AM

I dont have a clean version of the picture s  what can you do for me??



#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:52 AM

Posted 02 June 2016 - 09:30 AM

I dont have a clean version of the picture s  what can you do for me??

 

You should be able to find a clean copy of something. It doesn't have to be of those same pictures. It can be anything that you can reproduce or have backed up or something.

 

As Fabian says:

 

 

Even you will have at least one file where you can get the original version of the file of. A picture you shared with your family. The default wallpapers shipped with your version of Windows. A file you downloaded from the internet that you can download again.

 

In the years I have been doing this, there hasn't been a single case where decryption failed because someone could not possibly find at least one file where they could somehow find the original file as well.

 

Do you have any ransom notes, or is something still running? Was the background changed or something? We still need a bit more information to help you.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 johnekamper

johnekamper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 June 2016 - 09:41 AM

it is the PC of my brother, he has sent a number of files to see if I could do anything I like nothing else



#8 johnekamper

johnekamper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 June 2016 - 09:46 AM

where the ransom note should be then ?


Edited by johnekamper, 02 June 2016 - 09:48 AM.


#9 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:52 AM

Posted 02 June 2016 - 10:26 AM

Refer to quietman7's post. Usually ransom notes are somewhere easy to find, as they want you to be able to contact them to pay the ransom. Commonly they are in every folder that was encrypted.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#10 johnekamper

johnekamper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 June 2016 - 01:48 PM

He have only the locked files what must i do now?

#11 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:52 AM

Posted 02 June 2016 - 01:51 PM

I'm afraid we cannot help you any further without a clean/encrypted pair, or a sample of the malware itself.

 

You should be able to find something replaceable. It can be a temporary file, a picture in the Sample Pictures folder, something downloaded from a website or email, an icon or a program you can re-download... anything, it doesn't have to be a personal file.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#12 johnekamper

johnekamper
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:11:52 AM

Posted 02 June 2016 - 02:52 PM

I have only the infected files otherwise it wasnt a problem than i still had the photo,s

#13 1994p

1994p

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 02 June 2016 - 03:41 PM

All my files are encrypted by hackers as CRYP1 leavng behind some kind of ransom note.my exams are really near some one please help me to decrypt these files as its very urgent.



#14 syseng

syseng

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:52 AM

Posted 02 June 2016 - 03:45 PM

I have a new ransomware hit 3 days ago can any one help

 



#15 syseng

syseng

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:10:52 AM

Posted 02 June 2016 - 03:49 PM

this is the    .id-727FB871.{alex.vlasov@aol.com}.xtbl only trace I find from the attack, no note just the files extension 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users