Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Encryption Key


  • This topic is locked This topic is locked
3 replies to this topic

#1 JustinEast

JustinEast

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 09 March 2017 - 01:18 PM

Just interrupted bad guy trying to encrypt a clients computer, this is the encryption key he was using - (He was in via RDP and an easy to break password)

 

 uxKQBH9mZw01lE2FmoL6Xw==

 

the email he was using mmaker0@yahoo.com

 

and the username he was using mmaker0

 

He was building an arsenal of apps to use against this computer when I stopped him

 

Advanced desktop locker

Desktop Locker

Desktop Lock Express

WinLockPro

 

Hopes this helps someone, still looking for a decryptor for ".wallet"



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,937 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:44 PM

Posted 09 March 2017 - 06:32 PM

Unfortunately, there is no known way at this time to decrypt files encrypted by Dharma .wallet or .zzzzz variants without paying the ransom.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 dstorfer

dstorfer

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:44 PM

Posted 15 March 2017 - 05:50 PM

JustinEast,
Was that key sitting in the encryption app or in a command line or something? I'm curious what it looks like when they are running the encryption app against the PC?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,937 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:44 PM

Posted 15 March 2017 - 05:54 PM


Rather than have everyone with individual topics, it would be best (and more manageable for staff) if victims posted any more questions, comments or requests for assistance in the below support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections.To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users