For anyone hit with this ransomware, please close RDP if you don't need it or change the password to a secure one (not user/admin/password e.t.c.). Also, please keep updated backups. These steps don't cost as much as being hit by ransomware and paying the ransom.
A few submissions files have recently cropped up for a new ransomware we'll dub "SecureCryptor", a variant of the "Apocalypse" ransomware. The victim's files are encrypted and have the extension ".SecureCrypted" or ".bleepYourData" appended to them.
Thankfully, Fabian Wosar of Emsisoft was able to create a decryptor for this ransomware.
For every file encrypted, it seems the ransomware also creates a new file for the ransom note with the pattern "<original filename>.Contact_Here_To_Recover_Your_Files.txt" or "<original filename>.Where_my_files.txt". For example, if "picture.jpg" was encrypted (and becomes "picture.jpg.SecureCrypted"), a ransom note will be created called "picture.jpg.Contact_Here_To_Recover_Your_Files.txt".
The ransom note contains the following message.
A L L Y O U R F I L E S A R E E N C R Y P T E D
All your data - documents, photos, videos, backups - everything is encrypted.
The only way to recover your files: contact us to the next email: firstname.lastname@example.org
Attach to e-mail:
1. Text with your IP server as Subject (To locate your encryption algoritm)
2. 1-2 encrypted files (please dont send files bigger than 1 MB)
We will check the encrypted file and send to you an email with your
Decrypted FILE as proof that we actually have the decrypter software.
1. The FASTER you'll CONTACT US - the FASTER you will RECOVER your files.
2. We will ignore your e-mails without IP server number in Subject.
3. If you haven't received reply from us in 24 hours - try to contact us via public e-mail services such as Yahoo or so.
Based on the submissions I have received, there are signs we may be able to help victims with this ransomware.
If you are a victim of this ransomware, please submit a few files that you have the clean copy of for analysis (e.g. Sample Pictures, or a file you downloaded and can re-create). Acquiring the malware itself will also be helpful. Encrypted/clean sample pairs and malicious files may be submitted here, please put an email so we can contact you: http://www.bleepingcomputer.com/submit-malware.php?channel=168
Edited by xXToffeeXx, 05 October 2016 - 03:22 PM.