Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptON Ransomware Support & Help Topic (<id-number>_x3m, _locked, _r9oj)


  • Please log in to reply
420 replies to this topic

#406 jay228

jay228

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 14 September 2017 - 08:23 AM

Hi. for those who want to restore at least some data. I was able to restore data from the system disk using shadow copies. To do this, use one of the programs Shadow Explorer or shadowcopyview. I recommend shadowcopyview because if booting from the boot cd or usb using Shadow explorer requires net framework 3.5. The shadowcopyview program is simpler and does not require an additional one. peace



BC AdBot (Login to Remove)

 


m

#407 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 PM

Posted 14 September 2017 - 08:39 AM

Most crypto malware will typically delete (though not always) all shadow copy snapshots (created if System Restore was enabled) with vssadmin.exe so that you cannot restore your files from before they had been encrypted using native Windows Previous Versions or programs like Shadow Explorer and ShadowCopyView. However, it never hurts to try in case the malware did not do what it was supposed to do...it is not uncommon for these infections to sometimes fail to delete the Shadow Volume Copies or the encryption process was interrupted.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#408 jay228

jay228

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 15 September 2017 - 04:32 AM

I have a question for specialists. I also repeatedly reinstall Windows every time the anti-virus (avast) screams about the invasion of "smb: cve-2017-0144". I had to disable SMB 1,2,3. Microsoft does not recommend disabling or temporarily. I did not find other options. What is this virus and how can I prevent infection?



#409 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 PM

Posted 15 September 2017 - 05:53 AM

CVE-2017-0144 is a remote code execution vulnerability in the way that the Microsoft Server Message Block 1.0 (SMBv1) server handles certain requests. This vulnerability was reported exploited by WannaCryptor ransomware...see here.Microsoft Security Bulletin MS17-010
CVE-2017-0144 Detail
Common Vulnerabilities and Exposures: CVE-2017-0144
Microsoft Security Bulletin MS17-010
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#410 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:26 PM

Posted 15 September 2017 - 11:18 AM

I have a question for specialists. I also repeatedly reinstall Windows every time the anti-virus (avast) screams about the invasion of "smb: cve-2017-0144". I had to disable SMB 1,2,3. Microsoft does not recommend disabling or temporarily. I did not find other options. What is this virus and how can I prevent infection?

Reinstalling will not help you, you need to install the MS17-010 update to fix the exploit.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#411 jay228

jay228

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 17 September 2017 - 10:31 AM

and is this update automatically or only manually? the first time I reinstalled the windows then the smb attack was still not turned off



#412 dottormarc

dottormarc

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Italy
  • Local time:09:26 PM

Posted 05 October 2017 - 09:17 AM

Our customer paid the ransom to brusli@aolonline.top and they then demanded more money too and did not release the unlock key.
Never pay them!


#413 jbcbussoft

jbcbussoft

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 05 October 2017 - 09:44 AM

Our local County governments computers were hit with ransomware (I don't know the variant) and they ended up paying $37k to get the files back which they did. The thieves were reputable??? I read an article about this that indicated that this has become an industry with front offices, secretaries, etc. Sad sad sad!



#414 LeandroMachado

LeandroMachado

  • Members
  • 24 posts
  • OFFLINE
  •  

Posted 05 October 2017 - 09:48 AM

Our local County governments computers were hit with ransomware (I don't know the variant) and they ended up paying $37k to get the files back which they did. The thieves were reputable??? I read an article about this that indicated that this has become an industry with front offices, secretaries, etc. Sad sad sad!

 

 

Never pay for hackers.. Sent private message to you.



#415 robinnnn

robinnnn

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:10:26 PM

Posted 07 October 2017 - 01:57 PM

Hi, still hoping that one day this will be decryptable.. until that day.. does anyone know where to get the latest version of the 

RakhniDecryptor ?

 

When I try the site directly, i get a version from June 14, but i know that is by far not the last one they released..



#416 NoodleSsS

NoodleSsS

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 20 October 2017 - 07:41 PM

I have been infected since April 2017 with .onion Cry36 ransomeware. I think I have conceded that I will never get my files back. I even tried to follow the ransome instructions to try get more info from the hackers, I wanted proof that they have a decrypter for my files as they are probably long gone by now and moved on to something else. (Would not pay, just want to know its even possible to get my files) but the instructions no longer work, can't get in contact with the hackers.

 

Its a shame we don't have a good hacker or something working for us lol I would gladly pay someone that is doing things for good and not evil. Its sad that in this day and age we loose all our files and there is nothing we can do to get them back.

 

PM me if anyone feels the same way I feel, the feeling off I have lost years worth of stuff that I can never get back and I was the idiot for not backing it up......



#417 gee019

gee019

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:26 AM

Posted 02 November 2017 - 04:02 AM

Hoping for update regarding on this issue.  :blush:



#418 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,945 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:26 PM

Posted 02 November 2017 - 06:15 AM

...Its a shame we don't have a good hacker or something working for us lol I would gladly pay someone that is doing things for good and not evil. Its sad that in this day and age we loose all our files and there is nothing we can do to get them back....

There are a lot of dedicated people who research, analyze and investigate crypto malware as well as provide expert assistance to victims of ransomware infections...Grinler (the site owner of Bleeping Computer), Fabian Wosar (the head of Emsisoft's malware lab), xXToffeeXx (who works with Fabian), Demonslay335, BloodDolly, and Nathan (DecrypterFixer) to name a few.

Each of them have created or been involved in creating various decryption tools which have helped many victims recover their files but they can't perform miracles.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#419 jay228

jay228

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:26 AM

Posted 10 November 2017 - 01:45 PM

 

...Its a shame we don't have a good hacker or something working for us lol I would gladly pay someone that is doing things for good and not evil. Its sad that in this day and age we loose all our files and there is nothing we can do to get them back....

There are a lot of dedicated people who research, analyze and investigate crypto malware as well as provide expert assistance to victims of ransomware infections...Grinler (the site owner of Bleeping Computer), Fabian Wosar (the head of Emsisoft's malware lab), xXToffeeXx (who works with Fabian), Demonslay335, BloodDolly, and Nathan (DecrypterFixer) to name a few.

Each of them have created or been involved in creating various decryption tools which have helped many victims recover their files but they can't perform miracles.

 

 

true. the guys are doing a great job. in my practice, most large antivirus companies even refuse to comment on the operation when their "paid" antivirus resulted in the loss of user data. and dig in a story with a cipher.



#420 NoodleSsS

NoodleSsS

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 18 November 2017 - 01:16 AM

I think you miss understood me quietman7 I was not having a dig at this site or all the work the guys and girls do to create deciphers and so on, love the work they do. What I was trying to say was if only we had a "good" hacker working for us that can get these guys back that create these things and hack them. Something like the group Anonymous group, hack the hackers.






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users