Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Maykolin Ransomware [maykolin1234@aol.com] Support Topic


  • Please log in to reply
4 replies to this topic

#1 Badran

Badran

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 05 May 2017 - 02:01 AM

hello 
 
i have this Ransomware on my computer it encrypt all my office document en all PDF document if some body can help me to encryt it plz !
 
thx

BC AdBot (Login to Remove)

 


#2 Badran

Badran
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 05 May 2017 - 04:06 AM

I have document crypted and another encryted if somebody is interssed :( 



#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,581 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:02:36 AM

Posted 05 May 2017 - 10:11 AM

We've analyzed this ransomware, and unfortunately it is not decryptable. We've dubbed it Maykolin based on the email.

 

https://twitter.com/sec_panda/status/859131791822778370

 

It generates a unique AES key per file using the first 65 bytes of the file, encrypts the first 300 bytes using RSA-4096, then uses that AES key to encrypt the rest of the file. No way to recover the bytes that derive the key.

 

Technically if you have the original of a file, I can generate a key to decrypt the majority of the file, but the first 300 bytes would be still securely encrypted. Plus, it's a different AES key for every file, so I could only decrypt that one file - which you have the original of, so there's no point. There's no file format that has a consistent predictable 65 byte header, so no way to bruteforce even known file types.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 Kassidy_nd

Kassidy_nd

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 24 May 2017 - 12:25 AM

Hallo! I have executable files of this encoder. Where I can send them to help with development of the decoder?



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,954 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 24 May 2017 - 05:27 AM

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users