Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ransomware "flatcher3@india.com.000g"


  • Please log in to reply
6 replies to this topic

#1 filxixo

filxixo

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 17 April 2017 - 07:16 AM

Hello, I catch this ransomware "flatcher3@india.com.000g"

 

 Help!!!!

 

Thanks in advance

 

SHA1: 96a8ace5bd32aef8f5783fedfa28e83dc23670e9


Edited by filxixo, 17 April 2017 - 07:18 AM.


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 PM

Posted 17 April 2017 - 08:28 AM

This looks new possibly, I have no other submissions with that email or extension. There is a chunk of 145B at the end that is about the same for both files you submitted.

 

For search reference, here is the ransom note "helping.txt".

Hallo. For the help contact us: flatcher3@india.com

Your key:
[redacted]

Do you have a sample of the malware? We will need it for analysis. You may submit it here if you find it: http://www.bleepingcomputer.com/submit-malware.php?channel=168


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 filxixo

filxixo
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 17 April 2017 - 09:01 AM

Yes, i have the helping.txt with the key....but the malware i didnt find it.

There here not any malware :((

 

I submited the an exemple of the file


Edited by filxixo, 17 April 2017 - 09:05 AM.


#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 PM

Posted 17 April 2017 - 09:50 AM

Afraid there is nothing we can do without the malware to analyze. The "key" is probably just a public key, or a victim ID, so it won't be related to directly decrypting your data (don't know how anyways without the malware).

 

Did you open an email attachment, download something recently, visit a bad website, or have RDP wide open to the internet? Run scans with MalwareBytes, HitmanPro, and your antivirus. Also search for anything suspicious in %TEMP%.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 TechGuru11

TechGuru11

  • Members
  • 89 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:24 PM

Posted 26 April 2017 - 10:11 PM

Has anyone made any progress with this? The hacker email now has a bounce back as many @india.com accounts have been banned. Appreciate any guidance in advance.



#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,427 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:24 PM

Posted 28 April 2017 - 08:30 AM

Nope, have yet to get a sample to analyze.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 TechGuru11

TechGuru11

  • Members
  • 89 posts
  • ONLINE
  •  
  • Gender:Male
  • Local time:01:24 PM

Posted 28 April 2017 - 09:29 AM

I just uploaded 2 samples of the malware I was able to recover. Let me know if there is anything I can do to assist.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users