Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Marlboro (.oops) Ransomware Support and Help Topic - _HELP_Recover_Files_.html


  • Please log in to reply
6 replies to this topic

#1 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:55 AM

Posted 12 January 2017 - 08:53 AM

Decrypter can be found here for this ransomware

 

 

 

A new ransomware was discovered that encrypts files and appends the extension ".oops" to the filename. An example encrypted file may be renamed to "Chrysanthemum.jpg.oops".
 
It also drops a ransom note called _HELP_Recover_Files_.html which looks like this:
Nx9qOlQ.png
 


Edited by xXToffeeXx, 12 January 2017 - 12:46 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:55 AM

Posted 12 January 2017 - 12:46 PM

Decrypter was released for this ransomware, you can find it here.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 anjou_rogue

anjou_rogue

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 18 July 2017 - 10:09 AM

Hi,

 

My computer was infected by some type of Marlboro Ransomware. Encrypted files has .oops extension. But existing decrypter unable to decrypt files.

 

O2mLZtE.png

 

Adaware Antivirus recognized the infection as "Generic.Ransom.WCryG.F2ADA813".

 

There are were 2 exe files in the system:

    C:\oops.exe

    C:\ProgramData\oops\oops.exe

 

C:\ProgramData\oops\ folder also contains these files:

    KeyHash - (64 bytes)

    EncryptedKey - (128 bytes)

    EncryptedFiles.txt - (1 141 KBytes)

 

I tried to decrypt some of the encrypted files with Marlboro Ransomware decryptor. But with no success.

 

I hope you could help me with decrypting my files.

 

Best regards!


Edited by anjou_rogue, 19 July 2017 - 01:29 AM.


#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear

  • Topic Starter

  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:07:55 AM

Posted 18 July 2017 - 10:47 AM

Hi,

 

Please upload the oops.exe file to here and any other malicious files that your AV quarantined, and we will take a look.

 

xXToffeeXx~ 


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 Amigo-A

Amigo-A

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:55 PM

Posted 18 July 2017 - 02:43 PM

anjou_rogue
 
OopsLocker Ransomware
 
Compare the text and the lock screen.
 
Similarly there is...
extension: .oops
C:\ProgramData\oops\oops.exe
C:\ProgramData\oops\EncryptedFiles.txt 
C:\ProgramData\oops\EncryptedKey
C:\ProgramData\oops\KeyHash

Edited by Amigo-A, 18 July 2017 - 02:45 PM.

Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#6 anjou_rogue

anjou_rogue

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:55 AM

Posted 19 July 2017 - 01:26 AM

Thank you for your responses.

 

xXToffeeXx, I've uploaded both oops.exe files found on my computer (i've added .txt extension to exe file).

 

Amigo-A, thank you for information. Descirbed OopsLocker Ransomware looks pretty like the infection attacked my PC.

Fortunately I didn't see text and lock screen on my computer. It seems that decryption process was aborted and didn't finish - it didn't touch system files but ruined my personal data.

Is there a decryptor for this ransoware?


Edited by anjou_rogue, 19 July 2017 - 09:10 AM.


#7 Amigo-A

Amigo-A

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:12:55 PM

Posted 20 July 2017 - 02:48 AM

anjou_rogue

 
Malware & viruses successfully attack always, if there is no preventive protection and backup.
Here information was collected and published for the preliminary identification of samples.
The specialists have a samples. Now must wait.

Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users