Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoShocker Ransomware Help and Support Topic ( .locked ATTENTION.url )


  • Please log in to reply
9 replies to this topic

#1 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,007 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:36 PM

Posted 17 June 2016 - 04:22 PM

A new ransomware was discovered that encrypts your data using AES encryption and then demands $200 USD worth of bitcoins to get your files back.  When CryptoShocker encrypts a victim's files it will append the .locked extension to them. It will also create a shortcut on your desktop to their TOR decryption site called ATTENTION.url.

 

The decryption site also contains the cryptoshocker@tutanota.com email for the developer. If you have infected with CryptoShocker, please let us know in this topic as we me be able to get your key back for free.

 

decryption-site.png
CryptoShocker Decryption Site


Edited by xXToffeeXx, 07 July 2016 - 03:32 PM.


BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:36 PM

Posted 07 July 2016 - 02:14 PM

Lawrence Abrams

 

This is the same Ransomware or different? 

http://blog.trendmicro.com/trendlabs-security-intelligence/angler-shift-ek-landscape-new-crytpo-ransomware-activity/


Need info? Find her here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#3 Amigo-A

Amigo-A

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:10:36 PM

Posted 23 July 2016 - 04:55 AM

 Описание у TrendMicro 

http://www.trendmicro.com/vinfo/us/threat-encyclopedia/malware/RANSOM_CRYPSHOCKER.A


Edited by Amigo-A, 23 July 2016 - 04:55 AM.

Need info? Find her here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#4 Werkplaats

Werkplaats

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 31 August 2016 - 07:42 AM

I Have a computer who is infected with CryptoShocker is their a decryptor for this ransomeware?

The person which computer it is shutdown after he notice that something was wrong so not all files are encrypted

I cannot find .locked ATTENTION.url, it looks like a Screensaver or background image.



#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:36 PM

Posted 31 August 2016 - 08:19 AM

I Have a computer who is infected with CryptoShocker is their a decryptor for this ransomeware?

The person which computer it is shutdown after he notice that something was wrong so not all files are encrypted

I cannot find .locked ATTENTION.url, it looks like a Screensaver or background image.

 

Can you post a screenshot? Most likely it wasn't CryptoShocker. Many ransomware use the ".locked" extension, so it's hard to identify without a ransom note.

 

If your files were completely renamed as <hex>.locked, then it may be the newest strain of Stampado that is still being analyzed.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 Werkplaats

Werkplaats

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 31 August 2016 - 10:19 AM

Here is a link to the screenshot:

https://1drv.ms/i/s!AljY_n0Zwojjan-YMK_oN0Mks7Q

 



#7 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,000 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:36 PM

Posted 31 August 2016 - 10:24 AM

Here is a link to the screenshot:

https://1drv.ms/i/s!AljY_n0Zwojjan-YMK_oN0Mks7Q

 

 

Yep, that's the newest Stampado that Fabian Wosar just found the other day. Stay tuned to the support topic for any developments:


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#8 Werkplaats

Werkplaats

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 01 September 2016 - 02:11 AM

I have tried the old version of Stampado Decryptor but no joy.

I wil make a backup and keep a eye on the forum for a new decryptor

 

 

Thank you for your help



#9 Sein

Sein

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:09:36 AM

Posted 01 September 2016 - 03:09 AM

the following attached is the reply from them. I scan with malwarebytes and remaining files on my HD are still encrypting after scanned and delete.

 

Their reply email screenshoots;

https://1drv.ms/f/s!AtUsAmOQ5ZQJjAMHdAA-QqMzW-6p



#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 48,813 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:36 PM

Posted 01 September 2016 - 06:44 AM

I wil make a backup and keep a eye on the forum for a new decryptor

If you have any more questions, comments or requests for assistance, please post them in the above Stampado support topic discussion noted by Demonslay335. When or if a solution is found, that information will be provided in that support topic and you will receive notification if subscribed to it.

Thanks
The BC Staff
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users