Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DoNotChange Ransomware (.id-7ES642406.cry, .Do_not_change_the_file_name.cryp)


  • Please log in to reply
No replies to this topic

#1 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 2,758 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:20 PM

Posted 30 March 2017 - 11:48 AM

Yet another ransomware out there. The DoNotChange ransomware uses AES-128 to encrypt victim's files. Currently, victim's files may have ".id-7ES642406.cry" or ".Do_not_change_the_filename" appended to their filenames.

 

The following ransom notes are left behind.

 

HOW TO DECODE FILES!!!.txt

*******************************************************************************
ATTENTION!!! Changing the file name makes the restore process impossible!
*******************************************************************************

Your data is encrypted.
To receive a program of decoding, You need to pay ~ $ 350 and
You need to send the personal code:

[redacted]

To the email address robert.swat@qip.ru
Then you will receive all the necessary instructions.
Attempts to decipher independently will not lead to anything, except irretrievable 
loss of information.

We respond to all emails, if there is no answer within 10 hours, duplicate your
letter  other email services.

Thank you for your attention and have a good day.


*******************************************************************************
ATTENTION!!! Changing the file name makes the restore process impossible!
*******************************************************************************

КАК РАСШИФРОВАТЬ ФАЙЛЫ!!!.txt

*******************************************************************************
ВНИМАНИЕ!!! Изменение имени файлов делает процесс восстановления невозможным!
*******************************************************************************

Ваши данные закодированны.
Для получения программы по раскодировки от вас требуется оплата ~350$ для этого
Вам необходимо отправить код:

[redacted]

На электронный адрес tom.anderson@india.com,DE_CODER@mail2tor.com,scryptx@meta.ua
Далее вы получите все необходимые инструкции.  
Попытки расшифровать самостоятельно не приведут ни к чему, кроме безвозвратной 
потери информации.
Если сами не будете затягивать - то через 1-2 часа сможете продолжать работу как 
ни  в чем ни бывало + избавитесь от лазеек в системе и никто вас более не потревожит.

Если вы не получили от нас ответа, попробуйте для связи использовать публичные
почтовые сервисы: mail.ru, rambler.ru и т.д.
Мы отвечаем на все письма, если ответа нет в течении 10 часов, продублируйте свое
письмо с других почтовых сервисов.

Спасибо за внимание и хорошего Вам дня.


*******************************************************************************
ВНИМАНИЕ!!! Изменение имени файлов делает процесс восстановления невозможным!  
*******************************************************************************

I have created a free decrypter for this ransomware. It currently supports the extension ".id-7ES642406.cry".

 

If you have been hit by this ransomware, and your files cannot be decrypted by this decrypter, I will need a sample of the malware that encrypted the files in order to help you.

 

 

2017-03-30_1126.png

 

https://download.bleepingcomputer.com/demonslay335/DoNotChangeDecrypter.zip


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users