Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HugeMe Ransomware Support & Help Topic (.encrypted, DECRYPT_ReadMe.TXT.ReadMe)


  • Please log in to reply
4 replies to this topic

#1 cosmo15900

cosmo15900

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 09 February 2017 - 02:55 PM

hey everyone. we were hit some time ago and just cannot find anything on our ransomware. When it hit it left a decrypt file and a program called Hugeme.exe.
 
the note is this.
--------------------------------------------------------------------------------------------------------------------
All your files encrypted with strong encryption.
To unlock your files you must pay 1 bitcoin to address :
1GvQ9GsMgwAUz91PKNpAJxrAwsztg1S7jy
Search google for how to buy and send bitcoin.
After you send the bitcoin email to : 
myqjs01@gmail.com
olv100@mail.ru
vegeta85@safe-mail.net
use all email to communicate 
with the information of username and pcname and the time you send bitcoins.
When we will confirme the transaction you will receive decryption key and decryption program.
You have 5 days to make transaction after that your decryption key will be deleted.And your files gone forever.
----------------------------------------------------------------------------------------------------------------------
 
the hugeme.exe file when scanned passed all antivirus and passed on virustotal website. When I hexedit the program you can tell its what is responsible for the encrypted files.
I tried the webiste 

https://id-ransomware.malwarehunterteam.com/

and all results did not work with this. I am hoping someone out there has a clue or fix for this please.
 

 

Mod Edit

Link's deactivated

NickAu


Edited by quietman7, 10 February 2017 - 04:10 PM.
Mod Edit


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,952 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:27 AM

Posted 09 February 2017 - 04:58 PM

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto experts.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Struppigel

Struppigel

    Karsten Philipp Boris Hahn, G DATA Malware Analyst


  • Malware Response Team
  • 230 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:27 PM

Posted 10 February 2017 - 01:42 AM

I have downloaded your files, however, as you correctly noticed the HugeMe.exe is malware and other users might get infected by it. So please remove the download link. I will share your files with the others from the ransomware team to investigate.

PS: This HugeMe.exe is a HiddenTear/EDA2 variant.
Did you happen to edit the file while looking at it with a hex editor? The DOS Stub header was corrupt and I repaired the file. The repaired version had 39/56 detections four months ago on Virustotal and was uploaded the first time over a year ago:
https://virustotal.com/de/file/9de5d04857b5c82436eeb9b2fd68dfd5e9a2eb278c64a7b12f6b1c72b800db8a/analysis/


Edited by Struppigel, 10 February 2017 - 03:06 AM.


#4 Amigo-A

Amigo-A

  • Members
  • 228 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:09:27 PM

Posted 10 February 2017 - 03:33 PM

HugeMe Ransomware: Description and Genealogy 

Need info about Crypto-Ransomware? A huge safe base here!

Digest about Crypto-Ransomwares (In Russian) + Google Translate Technology

Anti-Ransomware Project  (In Russian) + Google Translate Technology and links


#5 cosmo15900

cosmo15900
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:27 AM

Posted 18 February 2017 - 10:43 PM

hey sorry for the late response. I do not beleve that the file was edited in the editor but the program i think failed to properly delete on when completed.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users