Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Another ransomware victim looking for help.

  • Please log in to reply
2 replies to this topic

#1 bdmorford


  • Members
  • 1 posts
  • Local time:07:18 PM

Posted 10 February 2017 - 12:04 PM

Hello everybody,


My company was infected with ransomware approximately 2 years ago and I am still struggling with my files.  I submitted a copy of a file into the ID Ransomware website but came up with nothing.  Any help would be much appreciated.


Here is the reference number from the ID Ransomware website.  3ff6f8960db6daa6e3b1bf97eb6a66a06b6bcfa1


Thank you!

BC AdBot (Login to Remove)


#2 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,918 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:18 PM

Posted 10 February 2017 - 12:54 PM

When using ID Ransomware for assistance with identification it's best to upload both encrypted files and ransom notes to get a more positive match and avoid false or no detections.

The best way to identify the different ransomwares is the ransom note (including it's name), the malware file itself, any obvious extensions appended to the encrypted files, samples of those encrypted files and information related to the email address used by the cyber-criminals.

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted here (https://www.bleepingcomputer.com/submit-malware.php?channel=168) with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto malware experts.

Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,579 posts
  • Gender:Male
  • Location:USA
  • Local time:06:18 PM

Posted 10 February 2017 - 01:25 PM

Since the files have no extension or filemarker, the only way to identify will be with a ransom note or the malware itself. The most common ransomware going around right now that do not rename files or leave a filemarker currently are PClock and Spora, both of which are not decryptable.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users