Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


new Ransomware

  • This topic is locked This topic is locked
4 replies to this topic

#1 ahmednsry


  • Members
  • 4 posts

Posted 12 December 2016 - 07:55 AM

I infected by Ransomware change file name to " 9tax.pdf.ID-17AD78ECSA[cryptservice@inbox.ru].mqbgadqaq "

and note :

All your files were encrypted with strong algorithm AES256 and unique key.
Do not worry, all your files in the safety, but are unavailable at the moment.
To recover the files you need to get special decryption software and your personal key.
You can contact us via Email:
Your Personal ID: ..........
Please use public mail service like gmail or yahoo to contact us, because your messages can be not delivered.
For fast communication, you can write us in Jabber: cryptservice@jabber.ua
How to register a jabber account: http://www.wikihow.com/Create-a-Jabber-Account
You have 3 working days to contact us, otherwise recovering may be harder for you.


BC AdBot (Login to Remove)



#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,389 posts
  • Gender:Male
  • Location:USA
  • Local time:06:39 PM

Posted 12 December 2016 - 09:21 AM

This is the newer Al-Namrood 2.0, ID Ransomware will pickup on the filename pattern, email address, Jabber address, and ransom note name.


There is no way to decrypt the files.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 DXXD_


  • Members
  • 28 posts
  • Gender:Male
  • Location:Ukraine
  • Local time:07:39 PM

Posted 12 December 2016 - 09:29 AM

axaxax  4e za dolbaebi??? :smash:  :smash:  :smash:  :smash:  :smash:  :smash:  :smash:  :nono:  :nono:  :nono:

Edited by DXXD_, 12 December 2016 - 09:29 AM.

#4 ahmednsry

  • Topic Starter

  • Members
  • 4 posts

Posted 12 December 2016 - 11:06 AM

This is the newer Al-Namrood 2.0, ID Ransomware will pickup on the filename pattern, email address, Jabber address, and ransom note name.


There is no way to decrypt the files.

there is no way until now ? or ever

#5 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 50,717 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:39 PM

Posted 12 December 2016 - 12:50 PM

No known way at this time...the cyber-criminals have fixed flaws and updated their malware so newer variants of Al-Namrood ransomware are not decryptable at this time but anything is possible in the future.

Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with and a variety of factors. All crypto malware ransomware use some form of encryption algorithms, most of them are secure, but others are not. The possibility of decryption depends on the thoroughness of the malware creator, what algorithm the creator utilized for encryption, discovery of any flaws and sometimes just plain luck. Newer ransomware variants use a public and private key system where the public key is used to encrypt and the private key is used to decrypt. The private key is stored on a central server maintained by the cyber-criminals and not available unless the victim pays the ransom or at some point, law enforcement authorities discover their hideout...seize the C2 server, access the private RSA key and release it to the public. In some cases, the cyber-criminals, for whatever reason, choose to release the master keys after a period of time.

Dr.Web statistics show that the probability of restoring files compromised by encryption ransomware doesn't exceed 10%. That means that most of user data has been lost for good!

Dr.Web: Encryption ransomware - Threat No. 1

There is an ongoing discussion in this topic where you can ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users