Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransomware with the"bleep" extension


  • This topic is locked This topic is locked
5 replies to this topic

#1 mousegreat

mousegreat

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 01 February 2017 - 09:50 AM

Good night or day or moorning for all of the people in this comunity im a new member , and im seeking for help to solve a case wich is this: i have some files in my desktop that i got from an hard disk wich belonged to a friends pc , my friends pc got infected with a ransomware witch created a n extension called "sh.t" i brought the hard drive drive to my home ( my friend upgraded his pc , and gave is old hard drive) , i recoverd the files and now i have them , but i cant find a tool to decrypt them  anyewere  has i said the files have the "sh.t"extension and as far i know they were encrypted by a locky ransom type virus what im asking is if someone knows a tool to decrypt this kind of malware i can find none!

I hoppe someone knows anything about this thank you for your help!

 

note: the title of this post is not correct the extension name is "sh.t" not bleep i cant change it

 


Edited by mousegreat, 01 February 2017 - 11:33 AM.


BC AdBot (Login to Remove)

 


#2 Amigo-A

Amigo-A

  • Members
  • 569 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:08:31 PM

Posted 01 February 2017 - 02:59 PM

Auto-censor replaces the word, which you want to specify as an extension. 


Edited by Amigo-A, 01 February 2017 - 02:59 PM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#3 mousegreat

mousegreat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 01 February 2017 - 03:26 PM

Auto-censor replaces the word, which you want to specify as an extension. 

Thank you im going to see the Digest of Crypto-Ransomware's page



#4 mousegreat

mousegreat
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:03:31 PM

Posted 01 February 2017 - 03:44 PM

Auto-censor replaces the word, which you want to specify as an extension. 

Cant find any name in the page that mensions sh.t extension so i dont know what type of ransomware type it belongs to this is tuff work!



#5 cybercynic

cybercynic

  • Members
  • 560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:11:31 AM

Posted 01 February 2017 - 04:38 PM

This is an extension used earlier by Locky. If it's Locky, there is no solution other than paying the ransom.


We are drowning in information - and starving for wisdom.


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,613 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:31 AM

Posted 01 February 2017 - 06:10 PM


Any files that are encrypted with the Locky (.SH*T) ransomware variant will be renamed with random alpha-numerical characters and have the .sh*t extension appended to the end of the encrypted data filename (i.e. 4AEZ33IH-S626-4GDK-2D5G-5B45713N3334.SH*T) and leave files (ransom notes) named _WHAT_is.html, _WHAT_is.bmp and _[2_digit_number]_WHAT_is.html as explained here.

Unfortunately, there is no known way at this time to decrypt files encrypted by Locky variants regardless of the extension without paying the ransom.

There is an ongoing discussion in this topic where you can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.When or if a solution is found, that information will be provided in this support topic and you will receive notification if subscribed to it. In addition, a news article most likely will be posted on the BleepingComputer front page.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users