Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crypt0 Ransomware (_crypt0) - HELP_DECRYPT.TXT


  • Please log in to reply
2 replies to this topic

#1 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:00 PM

Posted 12 September 2016 - 10:20 PM

A new variant of the Detox Ransomware kit was discovered by MalwareHunterTeam dubbed "Crypt0" based on the extension it uses and project name.

 

This ransomware encrypts files using AES, and adds "_crypt0" before the extension of the file; for example, "picture.jpg" would become "picture_crypt0.jpg". It also leaves the ransom note "HELP_DECRYPT.TXT" in every folder, asking the victim to contact the criminals at the email address fndimaf@gmail.com. Due to a bug in the ransomware, ransom notes may also appear with the same filename several times, such as "HELP_DECRYPT.TXTHELP_DECRYPT.TXT", shown below.

 

CsJV-J1WcAAzR_X.jpg

 

 

Good news is this one is decryptable, and I have released a decrypter for it. Simply select the affected directory, and click "Decrypt". :)

 

https://download.bleepingcomputer.com/demonslay335/Crypt0Decrypter.zip

 

Please note, the password for the zip file is "false-positive". This is a temporary response to false positives being triggered by Google SafeBrowsing and antivirus.

 

CsM6mpKVIAAA2zo.jpg


Edited by Demonslay335, 17 January 2017 - 06:49 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


BC AdBot (Login to Remove)

 


m

#2 Amigo-A

Amigo-A

  • Members
  • 209 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:07:00 AM

Posted 13 September 2016 - 04:56 AM

Demonslay335, perfect!

Before we meet him, and You had already deciphered him!

 

:bounce:


Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#3 Karolenas

Karolenas

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 15 September 2016 - 02:45 AM

Well done!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users