Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All documents encrypted with Ransomware


  • This topic is locked This topic is locked
2 replies to this topic

#1 claudiokass

claudiokass

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:16 PM

Posted 10 January 2017 - 08:24 AM

Goodmorning everyone,

 

somewhere before 30th december 2016 I was infected with a ransomware and all my documents of my laptop become encrypted and unaccesible.

Following days of 2017, I tried pretty much everything: system restore (restore system date available 30th december 2016), tried to find shadow image of documents (earliest date available was 30th december) and used tons of recovery data software without any luck.

 

I am writing this message and submitting you a malware sample at the following link:

https://www.bleepingcomputer.com/submit-malware.php?channel=3

 

Thank you in advance for your help.

 

 

Below the ransom message I got in .txt file:

 

" Support e-mail: sysgop01@india.com sysgop02@india.com

Your personal files encryption produced on this computer: photos, videos, documents, etc.
Encryption was produced using a unique public key RSA-2048 generated for this computer.

To decrypt files you need to obtain the private key.

The single copy of the private key, which will allow to decrypt the files,
located on a secret server on the Internet; the server will destroy the key after 120 hours.

After that nobody and never will be able to restore files.

To obtain the private key for this computer, you need pay 0.8 Bitcoin (~688 USD)

---------------------------------------------------------------------------------------------------

Your Bitcoin address:

1CzBkHhGwPUZDzraYfdFhh3DV89GcGWSoS

You must send 0.8 Bitcoin to the specified address and report it to e-mail customer support.

In the letter must specify your Bitcoin address to which the payment was made.

---------------------------------------------------------------------------------------------------

The most convenient tool for buying Bitcoins in our opinion is the site:

https://localbitcoins.com/

There you can buy Bitcoins in your country in any way you like, including electronic payment systems,
credit and debit cards, money orders, and others.

Instructions for purchasing Bitcoins on account localbitcoins.com read here:

https://localbitcoins.com/guides/how-to-buy-bitcoins

Video tutorial detailing on buying Bitcoins using the site localbitcoins.com here:



How to withdraw Bitcoins from account localbitcoins.com to our bitcoin wallet:

https://localbitcoins.com/faq#howto_buy

Also you can use to buy Bitcoins these sites:

https://www.bitstamp.net/ - Big BTC exchanger
https://www.coinbase.com/ - Other big BTC exchanger
https://www.moneypakforbitcoins.us/ - Buy BTC via Green Dot MoneyPak
https://btcdirect.eu/ - Best for Europe
https://coincafe.com/ - Recommended for fast, many payment methods
https://bittylicious.com/ - Good service for Europe and World
https://www.247exchange.com/ - Other exchanger"



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:16 PM

Posted 10 January 2017 - 09:06 AM

You were hit by the newest variant of PClock, which is not decryptable. You can only restore from backups if you had no luck with ShadowExplorer and Recuva.

 

https://www.bleepingcomputer.com/news/security/old-cryptolocker-copycat-named-pclock-resurfaces-with-new-attacks/


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,399 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:16 PM

Posted 10 January 2017 - 02:10 PM


There is ongoing discussion in this topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.When or if a solution is found, that information will be provided in the above support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users