Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Crypto Virus / Ransomware id_*****_email_mx5@post.com_.scl


  • This topic is locked This topic is locked
2 replies to this topic

#1 b3nste1n

b3nste1n

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:03 AM

Posted 14 October 2016 - 11:50 AM

PLEASE HELP!!! - even if i want to pay they are requesting 10 Bitcoins 
 
We got encrypted with a variant of a Ransomware, is there any way to decrypt?
it renamed added to the document name id_*****_email_mx5@post.com_.scl
i have a backup of half the data so i can provide a encrypted file with the associated file before the encryption
 
 
NOT YOUR LANGUAGE? USE https://translate.google.com
 
What happened to your files ?
All of your files   protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 
How did this happen ?
!!! Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server 
 
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start send email now for more specific instructions! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
 
For more specific instructions:
Contact us by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 24 hours. 
For you to be sure, that we can decrypt your files - you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee. 
 
Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!
So right now You have a chance to buy your individual private softWare with a low price!
 
E-MAIL1: mx5@usa.com
E-MAIL2: mx5@post.com
 
Spare email:
E-MAIL1: mx5@usa.com
E-MAIL2: mx5@post.com
 
YOUR_ID: *******

Edit: Moved topic from Introductions to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:03 AM

Posted 14 October 2016 - 01:37 PM

Any files that are encrypted with CryptoMix Ransomware (CryptFile2) will have an <id number>.<email>_.code or <id number>.<email>_.scl extension appended to the end of the encrypted data filename and leave files (ransom notes) named HELP_YOUR_FILES.HTML, HELP_YOUR_FILES.TXT.

Any files that are encrypted with Zeta Ransomware will have the .id_<id-number>_email_zeta@dr.com.scl extension appended to the end of the encrypted data filename and leave files (ransom notes) named HELP_YOUR_FILES.HTML and HELP_YOUR_FILES.TXT.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance.

The ransom note contents you posted looks similar to Zeta.

There is an ongoing discussion in these topics where you can ask questions and seek further assistance if confirmed as one of the above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:03 AM

Posted 14 October 2016 - 02:07 PM

OP confirmed it was CryptoMix and posted in the appropriate support topic.

To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users