Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CryptoSearch - Find Files Encrypted by Ransomware


  • Please log in to reply
36 replies to this topic

#31 zailai

zailai

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:08 PM

Posted 07 July 2017 - 12:45 AM

Great software! it must have helped many victims of WannaCry and Petya ransomware recently and an article also mentioned your tool. 



BC AdBot (Login to Remove)

 


m

#32 Hems369

Hems369

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:38 PM

Posted 14 September 2017 - 03:29 PM

Hey,

 

My Name Is Hemanta Naik And I'm From India......I Got Hacked By Satan Ransomware Virus From 5 Days And I Used CryptoSearch And Found 4899 encrypted folders with 61910 encrypted files All Files Become Stn. File....I Need To Decrypt My Files And Get It Back....Help Me Plss Or Let Me Know How To Decrypt It...

 

Note---I Dont Have Any Back Ups Of My Files And I Succesfully Removed The Virus Only Waiting For To Decrypt My Files.........

 

Plss Help Me To Get My Files Back.....Thanks



#33 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,937 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:08 AM

Posted 14 September 2017 - 04:36 PM

....I Got Hacked By Satan Ransomware...I Need To Decrypt My Files And Get It Back....Help Me Plss Or Let Me Know How To Decrypt It...

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#34 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:10:08 AM

Posted 18 October 2017 - 07:35 AM

Hello,

 

I have a question about CryptoSearch and BandarChor ransomware.

 

If you put the email donald@trampo.info in ID ransomware, BandarChor is detected https://id-ransomware.malwarehunterteam.com/identify.php?case=cdee5d778a099be57d27e0e4b3e645b309b8e587

 

But CryptoSearch can't find it because the email in BandarChor crypted files are extended with another one like that : infont@post.cz_donald@trampo.info

 

Do you think there is a way to improve the detection of BandarChor's crypted files by CryptoSearch ? Thank you very much for any help about this issue.

Kind regards,

 

Emmanuel



#35 BitCoinMember

BitCoinMember

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:08 AM

Posted 16 November 2017 - 05:46 AM

Ich habe mir ebenfalls den Satan *stn Virus eingefangen. Was mich dabei ärgert ist, dass ich nicht mal weis "woher" !!

Ich bräuchte dringend HILFE 



#36 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:08 AM

Posted 16 November 2017 - 09:57 AM

@Emmanuel_ADC-Soft

 

What is an example of a full encrypted file's name? CryptoSearch does not use the email address data to identify encrypted files, it uses the extension patterns and filemarkers from ID Ransomware (e.g. 0x803E0000 at offset 0x00 for BandarChor). I do not support multi-layered encryptions by multiple ransomwares on either service, it would be way too much for false-positives and a serious pain.

 

@BitCoinMember

 

There is no way to decrypt Satan. More info: https://www.bleepingcomputer.com/news/security/new-satan-ransomware-available-through-a-ransomware-as-a-service-/


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#37 Emmanuel_ADC-Soft

Emmanuel_ADC-Soft

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Paris
  • Local time:10:08 AM

Posted 16 November 2017 - 10:08 AM

@Demonslay335,

Thank you for your answer.

 

Dr.Web can decrypt BandarChor ransomware if they have enough informations.

Maybe you can update this information on ID Ransomware instead of this message https://id-ransomware.malwarehunterteam.com/identify.php?case=693ddaa3087ea5142977d0b3225da1731b1d75c4

 

I already helped one of my client with this issue. If you need any informations, I am here to help.

Kind regards,

Emmanuel






2 user(s) are reading this topic

0 members, 2 guests, 0 anonymous users