Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown Ransomware LOCKED_237.filelock


  • Please log in to reply
1 reply to this topic

#1 zipnerdz

zipnerdz

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:45 PM

Posted 25 March 2017 - 03:21 PM

Hi nerds,

I tried the ransom ID, and downloaded a bunch of decryptors with no luck.

Here's what I Know:

1. Files are renamed LOCKED_237.filelock (i.e. LOCKED_**.filelock)
2. Windows IDs it as "Filelock file"
3. It creates a folder on the desktop for Tor browser

4. It creates another folder on the desktop called "Unlock files"
5. The file called "README UNLOCK"  says this:
**Note I put (space) in between parts of the link to the ransomware

"Your Files have been encrypted and Locked. The only way to decrypt and unlock the files is to purchase the unlock code.

Running antivirus software might remove the locker but your files will still be encrypted/locked. If the locker was removed you can download it. You will need to download it through the tor browser(You can download the tor browser bundle online if you dont have it).
Download: http:// (space)    yiy4ksveqrax675y.   (space)    onion  (space)       /files/bb5a1884a135358498def983e289e197 (spaces)    .zip

You may have to disable your antivirus software before you download from the link above because antivirus may interfere with the locker(or even remove it) which is needed to decrypt and get the original files back."

 

Thanks for any help in advance



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:45 PM

Posted 25 March 2017 - 05:36 PM

Just saw your note come through. It looks to be new. If you have some pairs of encrypted files and their originals, we can take a look to possibly get some info on the encryption used. Otherwise, we will definitely need a sample of the malware to analyze.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users