Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

A mix between 2 different ransomwares?


  • Please log in to reply
3 replies to this topic

#1 sain

sain

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 22 February 2017 - 12:59 AM

Hello,

 

someone i know had ransomware and they asked me to help retrieve any files if possible

 

the problem i got right now is that while trying to find out which ransomware it was i kept finding conflicting results

i got 1 of the "Help" page;s where it claims to be the Crypt0L0cker virus (also named TorrentLocker i think?) and another one that seems to be more similar to the zepto ransomware

(all off the files seem to have a changed filename (mix between capital letters and numbers with -'s in between with  a .zepto extension and after that another extension with a random(?) string (adybdr,omrrab, etc)

 

 

since it seems that it is possible to decrypt some off the ransomware's encrypted files depending on the type

 

does anyone know how i can decrypt the files, is there one avaible for either off them im fine with trying just want to know where to start :o


Edited by sain, 22 February 2017 - 11:19 AM.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:48 PM

Posted 22 February 2017 - 10:07 AM

The best way to identify the different ransomwares is the ransom note (including it's name), the malware file itself, any obvious extensions appended to the encrypted files, samples of those encrypted files and information related to any email addresses used by the cyber-criminals to request payment.

Did you submit any samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 sain

sain
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:48 PM

Posted 22 February 2017 - 10:57 AM

thanks,

I did that that and 1 off the helpfiles seems to result in it being Locky the other one results in Crypt0L0cker

but based on the file name of the encrypted files it also says Crypt0L0cker

 

so assuming it is indeed Crypt0L0cker which according to the site "May be decryptable under certain circumstances" how would i proceed attempting to decrypt the files is there a decrypter avaible?

 

 

edit: read in another thread dr.web might be able to help so i send a support request from the link that was there


Edited by sain, 22 February 2017 - 01:04 PM.


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,089 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:48 PM

Posted 22 February 2017 - 01:29 PM

Crypto malware can be responsible for dual infections. Ransomware does not care about the contents of the data or whether your files or drives are already encrypted...it will just encrypt them again.

Yes, Dr.Web may be able to help with Crypt0L0cker. If you're not a licensed user for a Dr.Web product you will have to pay for their services (Rescue Pack). Fees may vary depending on the infection and amount of data to be decrypted.

There are several different variants of Locky Ransomware with different file extensions appended to the end of encrypted filenames. Unfortunately, there is no known way at this time to decrypt files encrypted by any Locky variants.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users