AES-NI Ransomware (.aes256, .aes_ni, !!Read This_Important!!.txt) Support Topic

Help me please :

 

===============================# aes-ni ransomware #===============================

                   + ++      +   ++
                  +--++----++----+      +  
                  +  ++++
                  +--+--+  +----+----+++
                    +       +
                  +-+  +-++------++------+      +-+  +---++-+

SPECIAL VERSION: NSA EXPLOIT EDITION

INTRO: If you are reading it, your server was attacked with NSA exploits.
Make World Safe Again.

SORRY! Your files are encrypted.
File contents are encrypted with random key (AES-256 bit; ECB mode).
Random key is encrypted with RSA public key (2048 bit).

We STRONGLY RECOMMEND you NOT to use any "decryption tools".
These tools can damage your data, making recover IMPOSSIBLE.

Also we recommend you not to contact data recovery companies.
They will just contact us, buy the key and sell it to you at a higher price.

If you want to decrypt your files, you have to get RSA private key.
In order to get private key, write here:

0xc030@protonmail.ch
0xc030@tuta.io
aes-ni@scryptmail.com

IMPORTANT: In some cases malware researchers can block our e-mails.
If you did not receive any answer on e-mail in 48 hours,
 please do not panic and write to BitMsg (https://bitmsg.me) address:
 BM-2cVgoJS8HPMkjzgDMVNAGg5TG3bb1TcfhN
 or create topic on https://www.bleepingcomputer.com/ and we will find you there.

If someone else offers you files restoring, ask him for test decryption.
 Only we can successfully decrypt your files; knowing this can protect you from fraud.

You will receive instructions of what to do next.
You MUST refer this ID in your message:

NS390891#D456970D03407DAB330ABD2DA35F56ED

Also you MUST send all ".key.aes_ni_0day" files from C:\ProgramData if there are any.


===============================# aes-ni ransomware #===============================
 

Just paid a company to get my files decrypted, for $15 with paypal they fixed it :D!

 

inb4 people will cry about "scam,fraud, etc", will not give at all how to contact this company.

Gl dealing with AES_IN

 

They also explained me how they did that.

Update your windows to last version, and you good.

Edited by Eskof, 19 April 2017 - 07:09 AM.

Ok , i paid ! send informations for this

Just paid a company to get my files decrypted, for $15 with paypal they fixed it :D!

 

inb4 people will cry about "scam,fraud, etc", will not give at all how to contact this company.

Gl dealing with AES_IN

 

They also explained me how they did that.

Update your windows to last version, and you good.

You won't give people the info about the company that decryped your files? O.o how old are you? 15?

I also infected and lost really important files..

what should I do?

there is no answer from those guys and I don't have enough money to pay for it

As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups. These types of infections typically will delete all Shadow Volume Copies so that you cannot restore your files via System Restore, native Windows Previous Versions or using a program like Shadow Explorer. But it never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for ransomware infections to sometimes fail to properly delete Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work...again it never hurts to try.

If that is not a viable option and there is no decryption fix tool, the only other alternative is to backup/save your encrypted data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, there is no guarantee it will work properly or that the malware developer will not release a new variant to defeat the efforts of security researchers so keeping a backup of the original encrypted files and related information is a good practice.

• First steps when dealing with ransomware
• I’ve been infected with ransomware! What should I do?

I'd like to add a little to this.  Some of our backups were to hard-drives - another was to a NAS Raid Array - both of these were compromised.  Fortunately which switch out the hard drive backup.   We also had some 'afterthought' backups to usb drives via the windows server backup utility.  These were untouched by the attack and enabled us to restore one of our servers with virtually no loss of time-sensitive data.

As with most ransomware infections...the best solution for dealing with encrypted data is to restore from backups. These types of infections typically will delete all Shadow Volume Copies so that you cannot restore your files via System Restore, native Windows Previous Versions or using a program like Shadow Explorer. But it never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for ransomware infections to sometimes fail to properly delete Shadow Volume Copies. In some cases the use of file recovery software such as R-Studio or Photorec may be helpful to recover some of your original files but there is no guarantee that will work...again it never hurts to try.

If that is not a viable option and there is no decryption fix tool, the only other alternative is to backup/save your encrypted data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution. Imaging the drive backs up everything related to the infection including encrypted files, ransom notes and registry entries containing possible information which may be needed if a solution is ever discovered. The encrypted files do not contain malicious code so they are safe. Even if a decryption tool is available, there is no guarantee it will work properly or that the malware developer will not release a new variant to defeat the efforts of security researchers so keeping a backup of the original encrypted files and related information is a good practice.

• First steps when dealing with ransomware
• I’ve been infected with ransomware! What should I do?

 

AES-NI stop support on BP forum.

AES-NI stop support on BP forum.

Jail time finally?

I also infected and lost really important files..

what should I do?

there is no answer from those guys and I don't have enough money to pay for it

 

There is no way to get your files decrypted except by paying the ransom. If you can't contact the extortionists, or cannot afford to pay the ranson, then, for the time being, you are SOL. Your best bet is to back up the encrypted files in hopes of a future solution / breakthrough for this encryption.

Hi friends,

 

My name is Neco, I found this page searching for a solution or any help in internet. Recently I was attacked by hacker that exploited rdp protocol to enter to my servers, Im desesperated because all my files are unaccesible. The rasomware added a extension decrypr_helper@freemail_hu in all my files and put a html file with the title !!! READ THIS - IMPORTANT !!!.hta.

 

These are the example files, an encrypted file, an uncrypted file, and the hta file.

 

https://ufile.io/bo7yx

 

 

Thanks for any information or help,

 

 

Blessings,

 

NECO

Unfortunately, there is still no known way to decrypt files encrypted by AES Ransomware without paying the ransom.

Unfortunately, there is still no known way to decrypt files encrypted by AES Ransomware without paying the ransom.

 

 

:´0(

 

I´d had the hope to recover my files

In cases where there is no free decryption fix tool and victims are not willing to pay the ransom, the only other alternative is to backup/save your encrypted data as is and wait for a possible breakthrough...meaning, what seems like an impossibility at the moment (decryption of your data), there is always hope someday there may be a potential solution.

Thanks man. I´ll start to get info about bitcoins (I´ve never used that kind of transactions)