Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware Attack - file ext: id_fd67e254a09b4111_email_rscl@dr.com_


  • This topic is locked This topic is locked
2 replies to this topic

#1 djsavta

djsavta

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:17 PM

Posted 12 November 2016 - 11:24 AM

Hello dear friends,

 

My friends' dad has got himself to a Ransomware situation.

 

All of his files now have this extension: id_fd67e254a09b4111_email_rscl@dr.com_.rscl

 

Pictures for reference:

 image.png

image.jpg

 

Here is the text file for the Ransomware:

 

 

NOT YOUR LANGUAGE? USE https://translate.google.com

 
What happened to your files ?
All of your files   protected by a strong encryption with RSA-2048.
More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 
How did this happen ?
!!! Specially for your PC was generated personal RSA-2048 KEY, both public and private.
!!! ALL YOUR FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
!!! Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our Secret Server 
 
What do I do ?
So, there are two ways you can choose: wait for a miracle and get your price doubled, or start send email now for more specific instructions! , and restore your data easy way.
If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make a payment.
 
For more specific instructions:
Contact us by email only, send us an email along with your ID number and wait for further instructions. Our specialist will contact you within 24 hours. 
For you to be sure, that we can decrypt your files - you can send us a single encrypted file and we will send you back it in a decrypted form. This will be your guarantee. 
 
Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!
So right now You have a chance to buy your individual private SoftWare with a low price!
 
E-MAIL1: rscl@dr.com
E-MAIL2: rscl@usa.com
 
YOUR_ID: fd67e254a09b4111

 

https://id-ransomware.malwarehunterteam.com/ result:

idransomware.png

 

Can anyone help?

 

 

Thanks in advance.


Edited by djsavta, 12 November 2016 - 12:50 PM.


BC AdBot (Login to Remove)

 


#2 Struppigel

Struppigel

    Karsten Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 231 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:17 PM

Posted 12 November 2016 - 12:47 PM

The extension scheme .id_<id>_email_rscl@dr.com_.rscl is typical for the currently spreading CryptoMix samples.
I suggest you post into this topic: CryptoMix Ransomware Help and Support Topic

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,939 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:12:17 PM

Posted 12 November 2016 - 03:32 PM

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users