Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


.SENDMEMONEY and no Ransom note.

  • Please log in to reply
3 replies to this topic

#1 benabbott


  • Members
  • 2 posts
  • Local time:02:30 AM

Posted 13 March 2017 - 09:28 AM



I've used bleepingcomputer.com for some years and always find the resources and fellow members insights and help greatly appreciated. 


I've got a problem today with a Windows 7 machine thats had its files encrypted but with no ransom note. All the files have been encrypted with the extension .sendmemoney and its also wiped the previous file versions. 


Any assistance with which Ransomware encrypted these files would be greatly received. 


Thanks in advance of your replies. 

BC AdBot (Login to Remove)


#2 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,579 posts
  • Gender:Male
  • Location:USA
  • Local time:08:30 PM

Posted 13 March 2017 - 09:52 AM

We haven't seen that extension before, but another victim uploaded files with that extension to ID Ransomware, accompanied by a ransom note that was tagged as CryptON by the email address. You can try the Emsisoft decrypter here: http://decrypter.emsisoft.com/crypton


Let us know the results. Usually CryptON has a different filename pattern, so it could be someone uploaded a note from another infection, or something else happened such as the same actor using multiple ransomwares.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#3 japstar666


  • Members
  • 1 posts
  • Local time:02:30 AM

Posted 13 March 2017 - 11:28 AM

I've had files infected today with the file extension of .sendmemoney also.  I have been unable to track any note or ransom demand, but it looks like the infected machine was disconnected before it finished as the shadow copies were still intact allowing a good restore.  I haven't been able to find any other reference to this file extension apart from this post.  The crypton software doesn't work with this encryption.

#4 benabbott

  • Topic Starter

  • Members
  • 2 posts
  • Local time:02:30 AM

Posted 13 March 2017 - 01:28 PM

Thanks for the information Ransomware Hunter. I tried CryptOn but without success as JAPSTAR666 advised.


Any further assistance would be greatly appreciated.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users