Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Esmeralda Ransomware


  • This topic is locked This topic is locked
4 replies to this topic

#1 TheCrazyMonk

TheCrazyMonk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 29 October 2016 - 04:49 AM

Hi,
 
I got a ransomware with this note. Is there a tool for this yet? I had downloaded numerous tools and test them. I am unable to drag file or copy as the system is also get affected.
 
Below is the note
 
Windows has encountered a critical problem and needs your immediate action to recover your data. The system access is locked and all the data have been encrypted to avoid the information be published or misused. You will not be able to access to your files and ignoring this message  may cause the total loss of the data. We are sorry for the inconvenience.

You need to contact the email below to restore the data of your system.

Email : esmeraldaencryption@mail.ru

You will have to order the Unlock-Password and the Esmeralda Decryption Software. All the instructions will be sent to you by email.
 
This is the encrypted file
http://www.megafileupload.com/kpgT/LCMS_-_User_s_Manual_(Attendance).xls.encrypted
 
This is the ransom note
http://www.megafileupload.com/gd8a/LCMS_-_User_s_Manual_(Attendance).xls.How_To_Decrypt.txt
 
This is the lock screen
http://www.megafileupload.com/gd8h/2016-10-26-PHOTO-00000200.jpg
 
Any help is much appreciated.
 
Thank you
monk

BC AdBot (Login to Remove)

 


#2 viktoraska

viktoraska

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:02:26 AM

Posted 29 October 2016 - 05:12 AM

Hi,

 

today got the same ransomware. Looking for solution.



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:26 PM

Posted 29 October 2016 - 06:21 AM

Looks to be a new one reported yesterday...Esmeralda Ransomware
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,561 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:07:26 PM

Posted 29 October 2016 - 07:48 AM

It's a new variant of Apocalypse that is not decryptable according to Fabian, ID Ransomware will pickup on that email address. It may have a RP on the older variants due to them using the same ransom note name and extension, I'll add FP rules to help with that soo .

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:26 PM

Posted 29 October 2016 - 07:59 AM

Since this ransomware has been confirmed as a new variant, rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the below support topic discussion.To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users