Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hi, any problems with ransomware


  • This topic is locked This topic is locked
15 replies to this topic

#1 usermlm

usermlm

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 August 2016 - 06:04 PM

Anyone know how to repair files with the ransomware Trojan?, I have all my infected files. help please



BC AdBot (Login to Remove)

 


#2 inkoalawetrust

inkoalawetrust

  • Members
  • 320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:03:30 AM

Posted 29 August 2016 - 06:18 PM

Can you be more specific about what ransomware has encrypted your files ?


Twitter

Discord:inkoalawetrust#9783

Website


#3 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:05:30 PM

Posted 29 August 2016 - 08:02 PM

HI

 

Can you be more specific about what ransomware has encrypted your files ?

To add onto the question, for example, does it add its own extension to the encrypted files? Also, what are the names of the ransom info files it leaves behind? That will help us identify the ransomware, and if there is a decrypter for it.

 

-CKing


Edited by CKing123, 29 August 2016 - 08:04 PM.

If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#4 usermlm

usermlm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 August 2016 - 08:53 PM

 Yes, my files are protected as winrar files and .exe extension.
atachment some files for evaluation.

https://1drv.ms/u/s!Anfpp5PfONYUgUokgQoK1u483f16

Beforehand thank you very much.



#5 usermlm

usermlm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 August 2016 - 08:55 PM

Only show me this message:

 

"All your files encrypted
To decrypt email id: 495869453 to lathelp16@gmail.com"

 

This message show when start SO



#6 inkoalawetrust

inkoalawetrust

  • Members
  • 320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:03:30 AM

Posted 29 August 2016 - 08:59 PM

https://id-ransomware.malwarehunterteam.com/ upload what files the site wants you to upload and post what it detected.


Twitter

Discord:inkoalawetrust#9783

Website


#7 usermlm

usermlm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 August 2016 - 09:06 PM

Thanks  Inkoalawetrust

 

I went up the files to the page suggested, but only shows me the following message:

This ransomware is still under analysis.

Please refer to the appropriate topic for more information. Samples of encrypted files and suspicious files may be needed for continued investigation.

Identified by

  • ransomnote_filename: howtodecryptaesfiles.txt
  • sample_extension: (!! to get password email id <ID> to <email> !!).exe


#8 inkoalawetrust

inkoalawetrust

  • Members
  • 320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:03:30 AM

Posted 29 August 2016 - 09:08 PM

Then its probably (yet another) new ransomware.


Twitter

Discord:inkoalawetrust#9783

Website


#9 usermlm

usermlm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 August 2016 - 09:12 PM

Inkoalawetrust,

 

You know of any tools to try to recover those files .. know of any page where I can locate or try with some descrambler?



#10 inkoalawetrust

inkoalawetrust

  • Members
  • 320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:03:30 AM

Posted 29 August 2016 - 09:14 PM

You dont have much choice without a decryptor for the ransomware (i think)


Twitter

Discord:inkoalawetrust#9783

Website


#11 CKing123

CKing123

  • Members
  • 1,463 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:British Columbia, Canada
  • Local time:05:30 PM

Posted 29 August 2016 - 09:15 PM

You may be able to recover files using Shadow Explorer (If the ransomware did not or was not able to successfully delete the Volume Shadow Copy), or by using a file recovery program like Recuva if the ransomware did not securely delete the files. If they don't work, then backup the files in case decryption is possible in the future

 

-CKing


If I am helping you and I don't respond within 2 days, feel free to send me a PM

Sysnative Windows Update Senior Analyst 

Github | Keybase


#12 usermlm

usermlm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 August 2016 - 09:16 PM

Help, help, I'm in trouble.



#13 inkoalawetrust

inkoalawetrust

  • Members
  • 320 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Internet
  • Local time:03:30 AM

Posted 29 August 2016 - 09:33 PM

What trouble ?


Twitter

Discord:inkoalawetrust#9783

Website


#14 cybercynic

cybercynic

  • Members
  • 560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:08:30 PM

Posted 29 August 2016 - 09:43 PM

Help, help, I'm in trouble.

If the ID-Ransomware site says the ransomware is under analysis, this means that analysts haven't determined whether it is decryptable or not. You will have to wait until such time as the experts can figure this one out.There is no decrypter at this point.

 

The following is the topic where this ransomware is being discussed : 

 

ACCDFISA v2.0 Ransomware Support Topic - filename(!! to get password email id *id* to *email* !!).exe/.rar

 

No solution yet.


Edited by cybercynic, 29 August 2016 - 10:15 PM.

We are drowning in information - and starving for wisdom.


#15 usermlm

usermlm
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:07:30 PM

Posted 29 August 2016 - 11:17 PM

I understand, thank you






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users