Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

<AES_KEY_GEN_ASSIST@protonmail.com> Help & Support


  • Please log in to reply
19 replies to this topic

#1 SwervinErvin

SwervinErvin

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 08 December 2016 - 11:45 AM

I was infected by these guys... I reached out to them to retrieve my files and for the first time ever, they looked up my company and found out I help kids. They gave me the decrypt key and decoder for free!



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,915 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:17 PM

Posted 08 December 2016 - 05:40 PM

That particular ransomware does not sound familiar to me.

Do you still have any encrypted files and ransom notes. If so, you may want to to ID Ransomware so our experts can take a look.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,244 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:17 PM

Posted 08 December 2016 - 07:14 PM

We have seen a few ransom notes for this one come through, but have not found a sample yet. If you could share any files or programs the criminals sent you, that would be helpful for us to see what encryption routine it may use: http://www.bleepingcomputer.com/submit-malware.php?channel=168

 

Here's an example ransom note. Victims have uploaded it along with files with the extension ".pre_alpha", e.g. "License.txt.pre_alpha".

 

!Read__Me.tXt

==================================== CL ver. 0.1 =====================================

Dear customer, bad news!!!

Your server was hacked, and your files were encrypted.
[AES-ECB-256 bit + RSA 2048 bit keys]
Encryption was made using unique public RSA-2048 key generated for this computer. To decrypt files you need to obtain the private key.

If you need your files back and recommendations
  about how to protect data and server,
  write to e-mail:

AES_KEY_GEN_ASSIST@protonmail.com
cmp@keemail.me

If you did not receive answer by e-mail,
  write to BitMsg (https://bitmsg.me) address:

BM-2cUvFEjH2g1VDRFu8jzG9Lsff9ymXCMA8z

IMPORTANT: When writing us on e-mail or BitMsg, you must specify the following ID:
---
[redacted]
---

WARNING!
PLEASE DO NOT USE ANY THIRD-PARTY DECRYPTION TOOLS OR YOUR FILES WILL BE LOST FOREVER!
WE ARE NOT RESPONSIBLE FOR FILES DAMAGED WITH WRONG TOOLS

Sorry.

======================================================================================

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 DXXD_

DXXD_

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:11:17 PM

Posted 09 December 2016 - 12:06 AM

hello.

new version relies..



#5 DXXD_

DXXD_

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:11:17 PM

Posted 09 December 2016 - 12:07 AM

[AES-ECB-256 bit + RSA 2048 bit keys]
Encryption was made using unique public RSA-2048 key generated for this computer. To decrypt files you need to obtain the private key.
 

yes its true... 

without private RSA key files not restore..



#6 DXXD_

DXXD_

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:11:17 PM

Posted 09 December 2016 - 12:10 AM

if u want,  i send private RSA key + decoder + encrypted files, and u see.



#7 thomas12345678

thomas12345678

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 09 December 2016 - 05:42 AM

hello. our files have been encrypted today. how can we get our files back?



#8 SwervinErvin

SwervinErvin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 09 December 2016 - 08:15 AM

Hey DXXD_,

 

Are you Jack? I'm ICG Care... 

 

[AES-ECB-256 bit + RSA 2048 bit keys]
Encryption was made using unique public RSA-2048 key generated for this computer. To decrypt files you need to obtain the private key.
 

yes its true... 

without private RSA key files not restore..

Hey DXXD_,

 

Are you Jack? I'm ICG Care... 



#9 SwervinErvin

SwervinErvin
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:17 PM

Posted 09 December 2016 - 08:17 AM

hello. our files have been encrypted today. how can we get our files back?

I mean... The only was I know if to purchase a private key. If you don't have backups that were not encrypted, this is the only way.



#10 DXXD_

DXXD_

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:11:17 PM

Posted 09 December 2016 - 08:20 AM

 

hello. our files have been encrypted today. how can we get our files back?

I mean... The only was I know if to purchase a private key. If you don't have backups that were not encrypted, this is the only way.

 

 

backup encrypted too.

external NAS and cloud (not all versions)



#11 DXXD_

DXXD_

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ukraine
  • Local time:11:17 PM

Posted 09 December 2016 - 08:32 AM

for future i recomendate use other linux server to backup... whithout  web access  or sahred..

 

 

if your need,  i  can give free recomendations  how to protect data and  server.. write to email. 


Edited by DXXD_, 09 December 2016 - 08:35 AM.


#12 mahtandakil

mahtandakil

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 14 December 2016 - 04:44 AM

I am interested in this ransom. Anyone knows how it infects the machines???



#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,915 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:17 PM

Posted 14 December 2016 - 07:33 AM


Section :step2: in this topic explains the most common methods Crypto malware (file encrypting ransomware) and other forms of ransomware is typically delivered and spread.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 mahtandakil

mahtandakil

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:17 AM

Posted 15 December 2016 - 10:08 AM

Thanks quietman7, there is much interesting reading there, but I was looking for specific information about this one.



#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,915 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:17 PM

Posted 15 December 2016 - 11:20 AM

I'm not sure we have the specifics on this particular infection yet.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users