Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A ransomware i can't identify or deal with.


  • This topic is locked This topic is locked
4 replies to this topic

#1 Subz

Subz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 26 July 2016 - 08:28 AM

Hello ladies and gentlemen.

I have found this forum randomly out of desperation and hope that someone could help me with a ransomware that has found its way to my computer.

All my pictures and documents have sentimental value only, which hurts to lose.

I have been investigating as deep as i could but couldn't find any relevant decrypter and/or solution.

 

So ive received the good old message that's been floating all over the net about the RSA4096 Cryptosystem etc.

All of my media files (pics, vids, aud, doc etc) are now encrypted and the names are just letters and numbers, whilst the extensions are 5 random letters and numbers.

 

Example of 3 files on my desktop:

 

1ACE2A216E75669F99BD0415695B7AA4.6CA34

8ABB0B3151AE995EFC9C120D490B90EE.D12C97

FD2D0F178ED188ACDBAD6515CA931055.E5204

 

These files were PDF files if i remember correctly.

 

I have a reason to believe that i was able to get rid of the ransomware itself, using a system restore (Windows 8.1) and a malwarebytes scan right after, just in case.

 

Everything is still on my computer, the only way im restoring back to factory defaults is when i know for sure, that there is nothing i can do to save my files.

 

Thank you very much.

Best regards.



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:40 PM

Posted 26 July 2016 - 09:34 AM

You were most likely hit by CryptXXX 4.0, it renames files in such a manner. You may use the service in my signature to upload a ransom note and encrypted file to identify.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Subz

Subz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 26 July 2016 - 10:48 AM

Yes it is correct dear sir, thank you for your quick suggestion though it also said that

"his ransomware has no known way of decrypting data at this time."

 

It is very unfortunate.



#4 Subz

Subz
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:40 PM

Posted 26 July 2016 - 12:55 PM

I do have 1 more question before i push the button.

As your service suggests, i will backup the encrypted files anyway, but what else should i back up with it?



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,391 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:40 PM

Posted 27 July 2016 - 06:04 AM

When you discover that your computer is infected with ransomware you should immediately create a copy or image of the entire hard drive. Doing that allows you to save the complete state of your system (and all encrypted data) in the event that a free decryption solution is developed in the future. In some cases, there may be decryption tools available but there is no guarantee they will work properly since the malware writers keep releasing new variants in order to defeat the efforts of security researchers.

Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, they do not always work correctly so keeping a backup of the original encrypted files and related information is a good practice.

There is an ongoing discussion in this topic where you can ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users