Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Maykolin Ransomware [maykolin1234@aol.com] Support Topic

  • Please log in to reply
4 replies to this topic

#1 Badran


  • Members
  • 2 posts

Posted 05 May 2017 - 02:01 AM

i have this Ransomware on my computer it encrypt all my office document en all PDF document if some body can help me to encryt it plz !

BC AdBot (Login to Remove)


#2 Badran

  • Topic Starter

  • Members
  • 2 posts

Posted 05 May 2017 - 04:06 AM

I have document crypted and another encryted if somebody is interssed :( 

#3 Demonslay335


    Ransomware Hunter

  • Security Colleague
  • 3,581 posts
  • Gender:Male
  • Location:USA
  • Local time:02:36 AM

Posted 05 May 2017 - 10:11 AM

We've analyzed this ransomware, and unfortunately it is not decryptable. We've dubbed it Maykolin based on the email.




It generates a unique AES key per file using the first 65 bytes of the file, encrypts the first 300 bytes using RSA-4096, then uses that AES key to encrypt the rest of the file. No way to recover the bytes that derive the key.


Technically if you have the original of a file, I can generate a key to decrypt the majority of the file, but the first 300 bytes would be still securely encrypted. Plus, it's a different AES key for every file, so I could only decrypt that one file - which you have the original of, so there's no point. There's no file format that has a consistent predictable 65 byte header, so no way to bruteforce even known file types.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.

#4 Kassidy_nd


  • Members
  • 1 posts

Posted 24 May 2017 - 12:25 AM

Hallo! I have executable files of this encoder. Where I can send them to help with development of the decoder?

#5 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,954 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:36 AM

Posted 24 May 2017 - 05:27 AM

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users