Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ROSA-4096 encryption and corrupt files after removal


  • This topic is locked This topic is locked
8 replies to this topic

#1 Shella677

Shella677

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 23 August 2016 - 09:43 AM

My laptop was infected with this nasty virus and a more computer savvy person than myself removed the virus but my pics, files are still corrupt. He believes that there is not a fix for the virus that I had just yet. Could someone please verify that or lead me to the right thread that may help get my family pictures back? Thanks

BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,513 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 23 August 2016 - 09:47 AM

The question is first what ransomware you are dealing with. You haven't given us any information to go off of.

 

You may visit the website in my signature and upload a ransom note and encrypted file, and it will identify the ransomware, and provide more information on whether or not it can be decrypted.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Shella677

Shella677
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 23 August 2016 - 09:56 AM

I do not have the letter as a file anymore just a screen shot

#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,513 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 23 August 2016 - 10:05 AM

You can still upload an encrypted file or share one here to identify by. We still need something to go off of. RSA-4096 is an encryption algorithm, and not explicitly a way of identifying a ransomware. Many claim to use it, most famously CryptXXX and CrypMic.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 Shella677

Shella677
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 23 August 2016 - 10:11 AM

Ok I will do that a little bit later, thanks

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 23 August 2016 - 02:55 PM

Be sure to post back here with the information so we can direct you where to go for further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Shella677

Shella677
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:07:20 PM

Posted 23 August 2016 - 03:24 PM

This is what I got

sample_bytes: [0x0 - 0x18] 0x00000000000000009F7F07949E2598520000000000000000

Tesla crypt 4.0



#8 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,513 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:20 PM

Posted 23 August 2016 - 04:08 PM

This is what I got

sample_bytes: [0x0 - 0x18] 0x00000000000000009F7F07949E2598520000000000000000

Tesla crypt 4.0

 

TeslaCrypt 4.0 is decryptable, just check the news article that ID Ransomware gave you a link to. Simply use TeslaDecoder, and select the extension of your files (if no extension was added, used "<as original>"). It will autofill the master key that will decrypt all of your files.

 

http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:20 PM

Posted 23 August 2016 - 04:16 PM

If you need further assistance, support for TeslaCrypt 3.0/4.0 is provided in this topic.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users