Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DXXD Ransomware (dxxd) Help & Support - ReadMe.TxT


  • Please log in to reply
99 replies to this topic

#61 Eth3real

Eth3real

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 06 October 2016 - 06:16 PM

Lawrence, could you hand me last version of this ransomware?

 

I'd like to have a look at it.

 

Maybe this script kiddie bought it on hackforums or godknows where, and now claims he wrote it and that it spreads through RCE exploit...



BC AdBot (Login to Remove)

 


m

#62 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,209 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:17 PM

Posted 06 October 2016 - 08:05 PM

Unfortunately, we do not have a sample. That was why I was harassing the dev to give me one :)

#63 azodnemyar

azodnemyar

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 07 October 2016 - 05:52 PM

Unfortunately, we do not have a sample. That was why I was harassing the dev to give me one :)

 

 

I may have a sample.  We were hit with it this morning.  Our small business can no longer open quickbooks files.  :-(  The good news is that we could have caught it before it cleaned up after itself.  How do I send it to you?



#64 azodnemyar

azodnemyar

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:06:17 PM

Posted 07 October 2016 - 11:08 PM

hello,
Has anyone succeeded in decrypting?

WK

 

 

Nothing yet :-/



#65 Eth3real

Eth3real

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 07 October 2016 - 11:46 PM

I just PMed you.



#66 BedHead32

BedHead32

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 08 October 2016 - 01:28 AM

Hello,  Hoping someone can assist.

We were also hit with the DXXD malware on Wednesday. Encrypted all servers and the backups. :(

We have spent a couple of days getting some services back online, but it appears that one of the business critical applications is not recoverable.

 

Payroll etc next week, really impacting our business. 

 

Is there any new advice, tried the original DXXDDECRYPTOR tool but we may resort to paying the ransom as we are rapidly running out of options.

I am also aware that this itself is a gamble...

 

Thanks!!


Edited by BedHead32, 08 October 2016 - 01:28 AM.


#67 Eth3real

Eth3real

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 08 October 2016 - 01:32 AM

Have you managed to get a sample of the malware before erased/cleaned up itself?



#68 BedHead32

BedHead32

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 08 October 2016 - 01:37 AM

Not sure to be honest, we scanned everything after the attack wth nothing found but did have some limited external backups.

After this restore there was one suspicious folder which contained a SVCHOST.exe and a script that had words like 'crypt' in the text.

I deleted this immediately, but can get another copy. Just didn't want to let it run again.

 

It may not be this particular malware as the time stamp was back in September time.



#69 Eth3real

Eth3real

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:17 AM

Posted 08 October 2016 - 01:44 AM

I just PMed you.



#70 DTatumX

DTatumX

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 12 October 2016 - 11:34 AM

Has there been any updates on a new decryptor? 



#71 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 PM

Posted 12 October 2016 - 11:39 AM

Has there been any updates on a new decryptor? 

 

PM sent.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#72 Gilbie

Gilbie

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 17 October 2016 - 09:48 AM

Hi

 

A friends small business server has been hit with DXXD, a good old google has landed me here.

 

nothing to loose at this stage apart from my mate's livelihood so any help would be a life saver.

 

kind regards

Gilbie  



#73 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 PM

Posted 17 October 2016 - 10:20 AM

Hi

 

A friends small business server has been hit with DXXD, a good old google has landed me here.

 

nothing to loose at this stage apart from my mate's livelihood so any help would be a life saver.

 

kind regards

Gilbie  

 

I am sending you a PM.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#74 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,215 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:17 PM

Posted 20 October 2016 - 08:44 PM

@all
 
Here is my free decrypter for DXXD2. Thank you to the victims who helped beta test it and work out the bugs. :)
 
It works from the command line, and you simply have to pass it the directory to decrypt. You can also drag-and-drop a folder onto the executable.

DXXD2Decrypter.exe C:\Path\To\Files

Since files cannot be verified whether the decryption was truly successful, the original file is left intact, so make sure you have the free space.

 

 

Special thanks to Fabian Wosar for helping me with this initially. :wink:


dxxd2-decrypter.png
 

https://download.bleepingcomputer.com/demonslay335/DXXD2Decrypter.zip

 

*Please note the website may get flagged as malicious. It is a false-positive due to some of my other decrypters being obfuscated.


Edited by Demonslay335, 20 October 2016 - 09:02 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#75 iceonfire

iceonfire

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:03:17 AM

Posted 21 October 2016 - 08:01 AM

@all
 
Here is my free decrypter for DXXD2. Thank you to the victims who helped beta test it and work out the bugs. :)
 
It works from the command line, and you simply have to pass it the directory to decrypt. You can also drag-and-drop a folder onto the executable.

DXXD2Decrypter.exe C:\Path\To\Files

Since files cannot be verified whether the decryption was truly successful, the original file is left intact, so make sure you have the free space.

 

 

Special thanks to Fabian Wosar for helping me with this initially. :wink:

dxxd2-decrypter.png
 

https://download.bleepingcomputer.com/demonslay335/DXXD2Decrypter.zip

 

*Please note the website may get flagged as malicious. It is a false-positive due to some of my other decrypters being obfuscated.

This is one is working just fine.

Thank you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users