Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vortex (.aes) Ransomware Help & Support - ODZSZYFRUJ-DANE.txt


  • Please log in to reply
56 replies to this topic

#46 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:21 PM

Posted 29 December 2017 - 08:06 AM

Please read Post #29.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#47 SNF123

SNF123

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:21 AM

Posted 30 December 2017 - 11:45 AM

Hi.

 

I do not have a folder C:\ProgramData\Keyboard. Is there another location?



#48 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:21 PM

Posted 30 December 2017 - 02:37 PM

That is the only location I am aware of.

Keep in mind that Demonslay335 advised he cannot assist victims infected after May 2017 even if they have the log file.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#49 meghanb

meghanb

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:07:21 PM

Posted 05 January 2018 - 03:48 PM

@deamonslay335 / @quietman7 have there been any breakthroughs with the newer versions of this Ransomware?  My computer was attacked on Christmas Eve, have removed and restored computer but will be losing a year and a half worth of work because the shadow copies were destroyed before the virus was located.  Is there a software program that I can download to try to unlocked files?

Thanks!


Edited by meghanb, 05 January 2018 - 04:06 PM.


#50 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:21 PM

Posted 05 January 2018 - 05:31 PM


Unfortunately, there is still no known method to decrypt files encrypted by newer variants of Vortex without paying the ransom...the cyber-criminals moved to using their own C2 servers months ago and Demonslay335's previous fix no longer works. If possible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#51 rgvcomputerguys

rgvcomputerguys

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 24 January 2018 - 08:31 PM

Any update on this ransomware ?



#52 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:21 PM

Posted 25 January 2018 - 07:49 AM

No updates that I am aware of.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#53 baonguyen84

baonguyen84

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 25 January 2018 - 10:33 PM

I also go this by this.. 

 

They left Instruction.txt on every directory with the below message in english. 

 

Hi, All your files are encrypted. I can only help you, my mail: - Your personal number (send it to me): dexp@cock.li



#54 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:21 PM

Posted 26 January 2018 - 06:20 AM

Instruction.txt is not a typical ransom note for Vortex. Did you submit (upload) any samples of encrypted files, ransom notes and any contact email addresses or hyperlinks provided by the cyber-criminals to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#55 Amigo-A

Amigo-A

  • Members
  • 416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:06:21 AM

Posted 26 January 2018 - 12:11 PM

Instruction.txt  in english. 

 

Hi, All your files are encrypted. I can only help you, my mail: - Your personal number (send it to me): dexp@cock.li

 

Probably, this RSA2048Pro > Pulpy, Rozlok 

Topic here


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#56 baonguyen84

baonguyen84

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:21 PM

Posted 26 January 2018 - 12:21 PM

 

Instruction.txt  in english. 

 

Hi, All your files are encrypted. I can only help you, my mail: - Your personal number (send it to me): dexp@cock.li

 

Probably, this RSA2048Pro > Pulpy, Rozlok 

Topic here

 

Thanks buddy you hit the it right on the head. I'll move my post onto the one you linked. 



#57 Demonslay335

Demonslay335

    Ransomware Hunter

  • Topic Starter

  • Security Colleague
  • 3,430 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:21 PM

Posted 16 April 2018 - 12:20 PM

Good news for anyone infected by this ransomware, there is now a possibility that CERT Polska may be able to decrypt your files. They seem to have caught the criminals and seized the keys. :)

 

https://twitter.com/CERT_Polska/status/985875516191399937

 

If they give you a key using their online tool, you can also use it with my decrypter by entering it in Settings -> Set Password.

 

https://download.bleepingcomputer.com/demonslay335/VortexDecrypter.zip


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users