Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nuke Ransomware (.0x5bm) Help & Support - !!_RECOVERY_instructions_!!.html


  • Please log in to reply
No replies to this topic

#1 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,251 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:20 PM

Posted 30 September 2016 - 03:00 PM

A new ransomware was discovered recently by MalwareBytes Security Analyst S!Ri called Nuke.

 

The Nuke ransomware renames victim's files randomly and adds the extension ".0x5bm". For example, "picture.jpg" would become "efaf+aEa00acBEba.0x5bm". The original filename is embedded at the end of the encrypted file. The ransom note left is "!!_RECOVERY_instructions_!!.html" and "!!_RECOVERY_instructions_!!.txt" with the following contents.

!! Your files and documents on this computer have been encrypted !!

** What has happened to my files? **
Your important files on your computer; photos, documents, and videos have been encrypted. Your files were encrypted using AES and RSA encryption.

** What does this mean? **
File encryption was produced using a unique 256-bit key generated specifically for this machine. Encryption is a way of securing data and requires a special key to decipher.

Unforunate for you, this special key was encrypted using an additional layer of encryption; RSA. Your files were encrypted using the public RSA key. To truly reverse the unfortunate state of your files, you need the private RSA key which is only known by us.

** What should I do next? **
For your information your private key is a paid product. If you really value your data we suggest you start acting fast because you only short amount of time to recover your files before they are gone forever.

There are no solutions to this problem, and no anti-virus software can reverse the process of file encryption because we have also erased recent versions of your files which means you cannot use file recovery software.

Modifying your files in any way can damage your files permenantly and we will no longer be able to help you. Follow our terms assigned to you below, and we will have your files recovered.

** Recovering your files **

- Send an email with the subject 'FILE RECOVERY' to opengates@india.com
- For a free test decrypt, send one small file which will decrypt free
- Wait for a response from us (up to 24-48 hours)
- We will send you further information regarding payment and full file decryption of your computer
- Receive file decryption software to decrypt every encrypted file on the hard drive

The following image is left as the victim's background.

 

wallpaper.png

 

If you have been hit by this ransomware, I do not recommend paying the ransom at this time. ;)


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


BC AdBot (Login to Remove)

 


m



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users