Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ACCDFISA v2.0 Ransomware Support Topic - filename(!! to get password email id *id* to *email* !!).exe/.rar


  • Please log in to reply
291 replies to this topic

#271 BEAURAIN

BEAURAIN

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 17 January 2018 - 05:21 AM

Hi Romeroalexis....

I have send you on post #249 the files you have requested.

I have no return....

Can you do something with the information i have giving you ?

thanks a lot



BC AdBot (Login to Remove)

 


m

#272 volanick

volanick

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 19 January 2018 - 09:00 AM

Hello people
I retrieved an mdb file from an external formatted HD, it has several .mdb files, but all are as corrupted. I have tested several programs to try to repair it and to no avail. Is there any way to extract the data from these tables?


#273 bm777

bm777

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 19 January 2018 - 09:46 PM

Hi all,

 

tried what Romero has suggested to no avail whatsoever. What beats me is that this Cryptolocker has been around for a couple of years now and NO antivirus vendor has managed to deploy any decryptor yet. One is lead to think that maybe anti-virus vendors are either in cahoots or not really interested....

I have managed to recover all of the documents, but I need to decrypt 2 mdb databases which are critical.

I have found that this cryptolocker/ransomware not only encrytped files but also deleted other backups, leaving the tree folder structure intact but no files...interesting...

So please... any help would be greatly appreciated..

Thank you!



#274 volanick

volanick

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 25 January 2018 - 08:12 AM

nothing to recover mdb database? the file appear intact, but dont open



#275 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:03:32 AM

Posted 31 January 2018 - 04:59 AM

Hello,

My client has been encrypted by ACCDFISA v2.0 and I am looking for the keys to decrypt his files.

id 2011427376 to eucodes17@gmail.com

 

Encrypted samples at WeTransfer http://urlz.fr/6u2b

Thank you for your attention and help. Kind regards,

Emmanuel



#276 Si2109

Si2109

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:32 AM

Posted 31 January 2018 - 06:49 AM

Hello,

 

My server has been encrypted by ACCDFISA v2.0 and I am looking for the keys to decrypt the files.

APPNAME.TXT(!! to get password email id 1466642289 to eucodes17@gmail.com !!).exe

 

Please let me know where to go for any assistance.



#277 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:03:32 AM

Posted 31 January 2018 - 08:21 AM

Hello,

My client has been encrypted by ACCDFISA v2.0 and I am looking for the keys to decrypt his files.

id 2011427376 to eucodes17@gmail.com

 

Encrypted samples at WeTransfer http://urlz.fr/6u2b

Thank you for your attention and help. Kind regards,

Emmanuel

I only found the  lsass86vl.exe file here :   https://we.tl/SI5BE6rqVg



#278 bm777

bm777

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:32 AM

Posted 12 February 2018 - 08:05 PM

Hi all,

found something interesting. A friend paid the ransom and what they sent him was exactly what romeroalexis had typed in one of his previous posts...To the "T" including spelling mistakes. Where the 1st password, 2st password and 3st password are spelt exactly the same. Coincidence?

Anyway, what the crypto also takes and embeds the computer name in the files, as these terrorists know exactly what you have in terms of hardware and computer names.

Even though my friend paid the ransom, he was unable to retrieve anything. The decrytpor ran for 24hrs and it left the encrypted files the way they were...

He has managed to retrieve what these a*holes had deleted from the backups, so he's not too bad..just wasted time with the morons..

Just thought to share some findings...

These people are cowards and have absolutely no right to be alive



#279 romeroalexis

romeroalexis

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 13 February 2018 - 01:42 PM

le chiave che invio io sono giusta se vengono utilizzate in maniera esatta. e lo faccio gratis, sono in contra del cripto.

_______________________________________________________________

the key that I send is right if they are used in an exact way. and I do it for free, I am in contra of the crypt.


sono qua per aiutare!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

 

I'm here to help!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!



#280 romeroalexis

romeroalexis

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 13 February 2018 - 01:43 PM

con il mio sistema ho già sbloccato circa 150 server Windows 2008r2 e 32 Windows 2012 r2

____________________________________________________________________________

with my system I have already unlocked about 150 Windows 2008r2 and 32 Windows 2012 r2 servers



#281 romeroalexis

romeroalexis

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 13 February 2018 - 01:46 PM

I remind everyone that to stop the virus and not to change the encoding you have to stop all virus services.
clean the server well without removing the disk from the machine.



#282 resiba2011

resiba2011

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 15 February 2018 - 03:12 PM

Good afternoon Romeroalexis !! Could you help me? My server has been infected with brainfo2017@gmail.com. I am sent all data requested at this link https://mega.nz/#F!zFBUyBzK!FyLUBgXdMM9UAIICQ23rDw. I thank the attention!

Good afternoon Romeroalexis !! Could you help me? My server has been infected with brainfo2017@gmail.com. I am sent all data requested at this link https://mega.nz/#F!zFBUyBzK!FyLUBgXdMM9UAIICQ23rDw. I thank the attention!



#283 romeroalexis

romeroalexis

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 16 February 2018 - 02:48 AM

check and let you know.

 

 

 

?

how many days ago did you get it

To decrypt email id: 856335281 to brainfo17@gmail.com 



#284 resiba2011

resiba2011

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:32 AM

Posted 16 February 2018 - 01:20 PM

I took the key for about 90 days. So it was encrypted. The second key I got through the accdfisa2_2ndkeygen program. I need the 3rd key to unzip all the files.



#285 romeroalexis

romeroalexis

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 17 February 2018 - 08:02 AM

90 days, you need the first and 2 keys
the terzame that you have generated.

I see what I can do.

you have to clean the virus with malwarebyt even free.






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users