Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Cryptoshield 2.0 ransomware need help to get files

  • This topic is locked This topic is locked
2 replies to this topic

#1 priteshpatel100


  • Members
  • 4 posts
  • Local time:10:44 PM

Posted 17 February 2017 - 01:53 PM

The CryptoShield 2.0 Ransomware is the second generation of the CryptoShield Ransomware t




NOT YOUR LANGUAGE? USE http://translate.google.com
 What happens to you files?

 All of your files were encrypted by a strong encryption with RSA-2048 using CryptoShield 2.0. DANGEROUS.
 More information about the encryption keys using RSA-2048 can be found here: https://en.wikipedia.org/wiki/RSA_(cryptosystem)
 How did this happen ?
 Specially for your PC was generated personal RSA - 2048 KEY, both public and private.

 ALL your FILES were encrypted with the public key, which has been transferred to your computer via the Internet.
 Decrypting of your files is only possible with the help of the private key and decrypt program , which is on our secret server.
 What do I do ?
 So, there are two ways you can choose: wait for a miracle and get your price doubled, or start send email now for more specific instructions,and restore your data easy way.

 If You have really valuable data, you better not waste your time, because there is no other way to get your files, except make  payment.
 To receive your private software:
 Contact us by email , send us an email your (personal identification) ID number and wait for further instructions.
 Our specialist will contact you within 24 hours.


 Please do not waste your time! You have 72 hours only! After that The Main Server will double your price!
 So right now You have a chance to buy your individual private SoftWare with a low price!
 res_sup@india.com - SUPPORT;
 res_sup@computer4u.com - SUPPORT RESERVE FIRST;
 res_reserve@india.com - SUPPORT RESERVE SECOND;


BC AdBot (Login to Remove)


#2 priteshpatel100

  • Topic Starter

  • Members
  • 4 posts
  • Local time:10:44 PM

Posted 17 February 2017 - 02:51 PM

the cryptoshield 2.0 virus  with .id and .QBP have word and pdf files encrypted.
If you pay bitcoin and how do you pay they wanted 2 , will the files open
they say  can remove with spyhunter, is that true
How can i remove that. ALL HELP IS APPRECIATED. thanks

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,920 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:44 PM

Posted 17 February 2017 - 04:19 PM

CryptoShield is a variant of CryptoMix distributed by Rig exploit kits.Any files that are encrypted with CryptoShield will have a .CRYPTOSHIELD extension appended to the end of the encrypted data filename and leave files (ransom notes) named # RESTORING FILES #.HTML and # RESTORING FILES #.TXT. The ransom note instructs victims to contact the cyber-criminals at "restoring_sup@india.com", "restoring_sup@computer4u.com" and "restoring_reserve@india.com" to get payment instructions.

Unfortunately, there has been no known way to decrypt files encrypted by CryptoShield (and other CryptoMix variants) without paying the ransom.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users