Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Ransomware? Pictures encrypted, no extension


  • Please log in to reply
5 replies to this topic

#1 Flok

Flok

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 20 January 2017 - 07:35 AM

Hi everybody,

 

a friend of mine gave me his laptop to rescue some pictures.

He received a Spam-Mail with an attachment. 

After opening it, the display got black and all his pictures were encrypted.

This happend in the year 2012.

 

Now, the encrypted files are still here, the Randsomware/Trojan seems to be removed

but i dont know it....

 

The ID Ransomeware-Site cant identify it.

 

The files dont have an extension....

 

Some examples:

 

vgulafxyLGULjsXQN

VGoqdsrveXgQlTVGqnUsj

aJgsXQrnjVGoydtvgpl

 

I uploaded a file here: http://www.file-upload.net/download-12253872/afGqLdsjoXlrJlTvgyL.html

 

Thanks

Florian

 

 



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,491 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:42 PM

Posted 20 January 2017 - 09:13 AM

Are there any ransom notes? I don't recall any ransomware that renames files with no extension. There were not too many ransomware around in 2012, but I'm not sure what it may be since I wasn't as active on the scene then.

 

If you can find the email with the attachment, we can check out the malware.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Flok

Flok
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 20 January 2017 - 09:40 AM

Thats the problem.

The email was deleted and i cant find some note (like *crypt*.txt).

Is there an tool outside, that searches for such notes ?



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,384 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:42 PM

Posted 20 January 2017 - 11:33 AM

RansomNoteCleaner is a tool created by Demonslay335 (aka Michael Gillespie) which can be used to search for (and remove) ransom notes.

There are several ransomware infections that do not append an obvious extension to the end of encrypted filenames but most of them appears after 2012. The best way to identify the different ransomwares that do not append an extension is the ransom note (including it's name), the malware file itself or at least information related to the email address used by the cyber-criminals. Without any of that other information it is difficult to determine what you are dealing with.

If you can find the malicious executable that you suspect was involved in causing the infection, it can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that would be helpful with analyzing and investigating by our crypto malware experts.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Flok

Flok
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 24 January 2017 - 05:01 AM

The RansomNoteCleaner doesnt find anything helpfully, only different TXT-Files (like 7zip etc.)....



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,384 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:42 PM

Posted 26 January 2017 - 06:14 AM

I believe we still need a sample of the malicious executable.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users