Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Files encrypted by Ransomware and Extension is appended with .asdasdasd


  • Please log in to reply
4 replies to this topic

#1 Swapnilpatil1188

Swapnilpatil1188

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 15 June 2016 - 02:06 AM

Hello Friends,

 

One of my client system is affected with Ransomware and files has been encrypted.

 

File extension is appended with .asdasdasd extension.

 

If any one has information about this Ransomware please do share.

 

 

I had tried to decrypt files using xorist decryptor but it failed to decrypt.


Edited by Swapnilpatil1188, 15 June 2016 - 02:08 AM.


BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:39 AM

Posted 15 June 2016 - 02:57 AM

Swapnilpatil1188

 

Upload files ID Ransomware

https://id-ransomware.malwarehunterteam.com/index.php 


Edited by Amigo-A, 15 June 2016 - 02:59 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#3 Swapnilpatil1188

Swapnilpatil1188
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:09 AM

Posted 15 June 2016 - 03:46 AM

Thanks for the reply

 

I already done that, its unable to classify the Ransmware using encrypted files.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:39 PM

Posted 15 June 2016 - 07:16 AM

If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:39 PM

Posted 15 June 2016 - 08:34 AM

I can see the files submitted, haven't seen that extension before so the submissions stand out. I also see the ransom note "READ TO DECRYPTIONS_.txt" was identified as Xorist; since it was identified in that case, the system does not keep the note for me to confirm by reading it.

 

I've inspected the encrypted files, and it does look possibly like Xorist, or atleast some other "simple" encryption. The beginning bytes to define the MIME are intact, just part of the rest of the file is XOR'd (can't tell how much without a clean copy to compare).

 

Can you provide an encrypted file and clean copy of it via a third-party sharing site such as SendSpace? Did you properly provide this pair to the Xorist decrypter?


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users