Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.woicaim extention


  • This topic is locked This topic is locked
6 replies to this topic

#1 Against-Virus

Against-Virus

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 23 June 2016 - 02:32 AM

....i found none !

seems this extention is unknown.

please help me to decrypt.... i'm desperate!

thank you



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:22 PM

Posted 23 June 2016 - 06:46 AM

Any files that are encrypted with the newest variants of CTB-Locker (aka Critroni, Onion) will have a 7 length extension consisting of random characters such as these .uogltic, .rpyxhhm, .mtrsxox, .phszfud appended to the end of the encrypted data filename.

Did you find any ransom notes? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. They typically are found in every directory where data was encrypted. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url file.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.

Samples of any encrypted files, ransom notes or suspicious executables (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (http://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:22 PM

Posted 23 June 2016 - 08:26 AM

I have one PDF file submission with that extension, and it was identified as CTB-Locker due to the 7 random characters. No ransom note was submitted. If you upload a ransom note to ID Ransomware, it will confirm whether it is CTB-Locker. You will most likely file the file to be called "!Decrypt-All-Files-woicaim.html".


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 Against-Virus

Against-Virus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 23 June 2016 - 08:43 AM

ok guys, 

i confirm, it says me ctb-locker 

and actually there is no method to decrypt that type of file

what could i do  ?

i formatted my pc so i have only crypted files


Edited by Against-Virus, 23 June 2016 - 08:44 AM.


#5 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,580 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:22 PM

Posted 23 June 2016 - 08:54 AM

You can only backup your encrypted files and hope for a solution in the future, or restore from backups. The alternative is paying the ransom, which I would not recommend for numerous reasons - you are funding criminals, plus you are not guaranteed that they will actually give you the key to decrypt; they can just as easily run away with the money.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#6 Against-Virus

Against-Virus
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:12:22 AM

Posted 23 June 2016 - 08:57 AM

ok thank you



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,946 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:22 PM

Posted 23 June 2016 - 09:38 AM

There is an ongoing discussion in this topic where you can ask questions and seek further assistance but as noted above there is no solution to fix your encrypted files.When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. Doing that will also ensure you receive proper assistance from our crypto malware experts since they may not see this thread. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users