Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vortex (.aes) Ransomware Help & Support - ODZSZYFRUJ-DANE.txt


  • Please log in to reply
40 replies to this topic

#1 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 AM

Posted 14 March 2017 - 09:22 AM

The Vortex ransomware was first discovered by Karsten Hahn. It encrypts victims files with AES-256 and appends the extension ".aes"; e.g. "picture.jpg" would become "picture.jpg.aes".

 

A later variant of this ransomware also calls itself "Flotera".

 

The victim is given a ransom note in Polish titled "ODZSZYFRUJ-DANE.txt" or "!!!-ODZYSKAJ-DANE-!!!.TXT", with the following contents.

ᏉᎾᏒᏆᎬx ᏒᎪᏁsᎾmᎳᎪᏒᎬ

Nie możesz znaleźć potrzebnych plików na dysku twardym ? Zawartość Twoich plików jest nie do otwarcia?
Jest to skutek działania programu który zaszyfrował większość Twoich danych przy pomocy silnego alogrytmu AES-256,
używanego min. przez służby mundurowe do zatajania danych przesyłanych drogą elektroniczną.

Jedyna metoda aby odzyskać Twoje pliki to wykupienie od nas programu deszyfrującego, wraz z jednorazowym kluczem wygenerowanym unikalnie dla Ciebie!

Gdy już postanowisz odzyskać swoje dane skontaktuj się z nami pod adrem e - mail: rsapl@openmailbox.org lub polskiransom@airmail.cc

2 Pliki odszyfrujemy za darmo aby udowodnić że jesteśmy w stanie tego dokonać, Za resztę niestety musisz zapłacić !
Cena za odszyfrowanie wszystkich plików: 199$
Uwaga !Nie marnuj czasu, czas to pieniądz za 4 dni cena wzrośnie o 100 % !
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Ŧ l ๏ t є г ค  г ค ภ ร ๏ ๓ ฬ ค г є

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

######################################################################################################################################################


Nie możesz znaleźć potrzebnych plików na dysku twardym ? Zawartość Twoich plików jest nie do otwarcia?
Jest to skutek działania programu który zaszyfrował większość Twoich danych przy pomocy silnego alogrytmu AES-256
używanego min. przez służby mundurowe do zatajania danych przesyłanych drogą elektroniczną.

Jedyna metoda aby odzyskać Twoje pliki to wykupienie od nas programu deszyfrującego, wraz z jednorazowym kluczem wygenerowanym unikalnie dla Ciebie!


######################################################################################################################################################


W momencie gdy to czytasz całość jest już ukończona, wytypowane pliki zostały zaszyfrowane a sam wirus usunięty z Twojego komputera.
Klucz składający się z kilkudziesięciu znaków potrzebny do odszyfrowania danych z dysku znajduje się w miejscu dostępnym tylko dla nas !

Możesz w nieskończoność próbować instalacji kolejnych programów antywirusowych, Formatować system operacyjny to jednak nic nie zmieni !

Jeśli nie zastosujesz się do naszych instukcji nie odzyskasz plików które były na dysku HDD.


######################################################################################################################################################

Gdy już postanowisz odzyskać swoje dane wyślij wiadomość pod obydwa adresy e-mail: flotera@2.pl oraz flotera@protonmail.ch
Możesz też napisać na Gadu-Gadu: 62206321

2 Pliki odszyfrujemy za darmo aby udowodnić że jesteśmy w stanie tego dokonać, Za resztę niestety musisz zapłacić !

Cena za odszyfrowanie wszystkich plików: 199$
Uwaga ! Nie marnuj czasu, czas to pieniądz za 4 dni cena wzrośnie o 100 % !

Victims are encouraged to post here for help, and to not pay the ransom. Please post here with which variant you were hit by, and I will be able to help via PM.


Edited by Demonslay335, 07 April 2017 - 11:47 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


BC AdBot (Login to Remove)

 


m

#2 bjkbjk

bjkbjk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 14 March 2017 - 02:23 PM

Hi there,

 

my wife just let this sheet in. For some of important files she has no backup and no Windows restore point as well.

 

She is now only with those fu*d "aes" copies of some important files.

 

I used Malwarebytes 3.0 to clean the system after safe reboot, many items were cleaned.

 

Seems that OS, background processes and running apps are OK now. But what to do to recover encrypted files?



#3 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 AM

Posted 14 March 2017 - 02:26 PM

I will be working on trying to break this one soon. I'm afraid it may take some time, but it is definitely feasible due to a few flaws in the malware. :)

 

If you could share a few files with me, that may help when it comes time to test a decrypter. If you have some encrypted PNG files that would help, otherwise any encrypted files that you also have a clean copy of for comparison. You may zip them all up and submit them here: http://www.bleepingcomputer.com/submit-malware.php?channel=168


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 bjkbjk

bjkbjk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 14 March 2017 - 03:42 PM

I attached some suspicious zip archive that my wife downloaded and tried to open couple of weeks ago. I described it just before submission.



#5 bjkbjk

bjkbjk

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 14 March 2017 - 04:03 PM

We have found a pair of encrypted and its original PNG files and submitted them using your link.



#6 astek

astek

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 24 March 2017 - 05:52 AM

Hello,
I was also attacked by malware. Please help. I uploaded two files (encrypted and decrypted)


#7 marbicki

marbicki

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 26 March 2017 - 06:53 AM

i have the same problem as described above. I have sent two files (encrypted and decrypted for comparision). Unfortunatelly  i could not find PNG files wich meets the criteria, thus I sent PDF. hopes that the soultion will be find soon. 



#8 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 AM

Posted 26 March 2017 - 04:52 PM

i have the same problem as described above. I have sent two files (encrypted and decrypted for comparision). Unfortunatelly  i could not find PNG files wich meets the criteria, thus I sent PDF. hopes that the soultion will be find soon. 

 

I'm not seeing a second file uploaded by you. Please zip them together and submit.

 

I am still working on this ransomware, still keeping hope. :)


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#9 Pawelo

Pawelo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 30 March 2017 - 03:36 PM

Hello,

I'm afraid I got the same virus (Floreta version).

Sorry to bother your sir, but may I ask if you're still working on some kind of decrypter? If so, how long it could take (weeks, months?)

 

Or maybe there is other way to recover files (no system recovery in my situation)?

 

Also, I think i don't have any clean copy of decrypted files.

 

Thank you very much for your work :)



#10 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 AM

Posted 30 March 2017 - 04:39 PM

I'm still working on it, haven't had much luck so far I'm afraid. It does take quite a bit of time per attempt.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#11 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,244 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:53 AM

Posted 05 April 2017 - 05:50 PM

@astek @marbicki @Pawelo

 

I have sent you PMs with further instruction for me to be able to help, please reply there. I am able to successfully crack this one now. :)


Edited by Demonslay335, 05 April 2017 - 05:50 PM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#12 astek

astek

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 06 April 2017 - 03:06 AM

@Demonslay335

 

Files sent



#13 spotpl

spotpl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 15 April 2017 - 04:49 AM

Hello. I have the same problem with Vortex (.aes) Ransomware. Could someone help me with decript crypted .aes files?
I have already reinstalled OS, all crypted data has been archived.

Regards



#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,918 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:53 AM

Posted 15 April 2017 - 04:57 AM


Unfortunately, there is no known way that I am aware of to decrypt files encrypted by Vortex without paying the ransom.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#15 spotpl

spotpl

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:01:53 PM

Posted 15 April 2017 - 04:59 AM

 @quietman

 

Thanks for fast response. I will follow this post, maybe it will be possible in the future.

Regards






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users