Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptON Ransomware Support & Help Topic (<id-number>_x3m, _locked, _r9oj)


  • Please log in to reply
491 replies to this topic

#481 ortidan

ortidan

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 11 July 2018 - 12:39 PM

So what is the latest development on finding a solution for getting our files decrypted

BC AdBot (Login to Remove)

 


#482 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 11 July 2018 - 05:29 PM

Decryption depends on what variant you are dealing with...most variants are decryptable.

Cry36 is not decryptable at this time without paying the ransom to the criminals. We have no way of knowing when or if a free decryption solution will ever be available for some variants.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#483 jbcbussoft

jbcbussoft

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:33 PM

Posted 11 July 2018 - 07:04 PM

The best advice I can give after having already been a victim of this ransomware is to make sure you have backup copies of your data and restore from the backups. A customer of mine was hit with this stuff twice last year. The first time a decryption tool was available that made it possible that they could recover their data files, the second time not so lucky. It is a much better option to depend on backups than criminals being honest.

#484 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 11 July 2018 - 07:21 PM

The widespread emergence of crypto malware (ransomware) since the original CryptoLocker first appeared in the beginning of September 2013 brought attention to the importance of backing up all data on a regular basis. The only reliable way to effectively protect your data and limit the loss with this type of infection is user education and to have an effective backup strategy. Preferably keeping a separate, offline backup to a device that is not always connected to the network.

Backing up data and disk imaging are among the most important maintenance tasks users should perform on a regular basis to protect themselves from ransomware, yet it's still one of the most neglected areas.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#485 bilditup1

bilditup1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 July 2018 - 08:09 AM

...welp, it got me. I'm lucky that most of the truly irreplaceable stuff appears? to be backed up as of now (won't know till I get back there), and much of the rest can be reacquired. Thing is, I'm trying to scan/remove the ransomware and nothing (MSE, Malwarebytes, Avast) is detecting it. Is there some special step I'm missing here? In the meantime, I've changed my ports, and my password to something strong.



#486 bilditup1

bilditup1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 28 July 2018 - 08:58 PM

I'm still not clear on removal tools. I don't want what files are left getting erased as per the possibility raised here:https://blog.emsisoft.com/en/26164/how-to-remove-ransomware-the-right-way-a-step-by-step-guide/

I'm also not sure what the best practices are for rebooting, in case it's still there, even though it has not been detected by various anti-malware utilities. Will booting to Safe Mode prevent it from potentially causing greater damage? Should I be scanning the data directories for the malware payload rather than merely the system drive? Trying not to panic here but it's not easy. Random Googling brings up questionable sites, and the guide above mentions nothing about which tools to use or how to use them.


Edited by bilditup1, 29 July 2018 - 05:18 PM.


#487 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 30 July 2018 - 10:47 AM

Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners do not find anything after the fact. The encrypted files do not contain malicious code so they are safe. Unfortunately, most victims do not realize they have been infected until the ransomware displays the ransom note and the files have already been encrypted. In some cases there may be no ransom note and discovery only occurs at a later time when attempting to open an encrypted file. As such, they don't know how long the malware was on the system before being alerted or if other malware was downloaded and installed along with the ransomware. If other malware was involved it could still be present so be sure to perform full scans with your anti-virus.

If your antivirus did not detect and remove anything, additional scans should be performed with other security programs like Emsisoft Anti-Malware, Malwarebytes 3.0, Zemana AntiMalware, RogueKiller Anti-malware and HitmanPro. You can also supplement your anti-virus or get a second opinion by performing an Online Virus Scan.

Important: Keep in mind that when dealing with ransomware it is best to quarantine malicious files rather than delete them until you know what infection you're dealing with. In some cases, samples of the malicious files are needed for further analysis in order to identify it properly or create decryption tools.

Note: Disinfection will not help with decryption of any files affected by the ransomware.

If you need individual assistance only with removing the malware infection, follow the instructions in the Malware Removal and Log Section Preparation Guide...all other questions or comments should be posted in the support topics. When you have done that, start a new topic and post your logs in the Virus, Trojan, Spyware, and Malware Removal Logs forum, NOT here, for assistance by the Malware Response Team. If HelpBot replies to your topic, please follow Step One and CLICK the link so it will report your topic to the team members.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#488 bilditup1

bilditup1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 30 July 2018 - 11:02 AM

Most crypto malware ransomware is typically programmed to automatically remove itself...the malicious files responsible for the infection...after the encrypting is done since they are no longer needed. That explains why many security scanners do not find anything after the fact. The encrypted files do not contain malicious code so they are safe.

 

Thanks for your reply, much appreciated. Does the above mean that they can't actually act on their threats of deletion?


Edited by bilditup1, 30 July 2018 - 11:03 AM.


#489 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 30 July 2018 - 11:06 AM

In most ransomware cases, any warnings in the ransom note or screen display that indicates files will be deleted after so many hours/days (deadline) are commonly just a scare tactic to get victims to quickly pay the ransom.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#490 bilditup1

bilditup1

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:33 PM

Posted 30 July 2018 - 11:08 AM

In most ransomware cases, any warnings in the ransom note or screen display that indicates files will be deleted after so many hours/days (deadline) are commonly just a scare tactic to get victims to quickly pay the ransom.

 

Oh man, brilliant.

...so is there a FAQ somewhere that says all this that I clearly missed in my panic?



#491 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 30 July 2018 - 01:41 PM

Unfortunately, there are far too many different ransomwares to have a FAQ which covers everything they do.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#492 x3mx3m

x3mx3m

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Local time:06:33 PM

Posted 02 August 2018 - 05:47 PM

hurry to buy a descriptor discounts apply






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users