Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.afqcoyk exstension ransomware


  • Please log in to reply
6 replies to this topic

#1 Infectedworld

Infectedworld

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 17 May 2017 - 04:19 AM

Hello,

 

My boss was a victim of Ransomware like 1.5 years ago. He opened a invoice from a famous brand in my country so he tough it was safe. When he opened the document and nothing happend he disconected everything from the internet.

 

Some files were encrypted on the NAS with a .afqcoyk extension, does anyone know which ransomware this is? i cant find anything on internet about this extension

 

I couldn't find the readme.file on the nas so only thing i have is some crypted files

 

Hope someone can help me out so i can find a decrypter for this files!



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:28 PM

Posted 17 May 2017 - 09:20 AM

Have you uploaded an encrypted file to ID Ransomware? Without a ransom note it may be hard to identify though. Crypt0L0cker aka TorrentLocker is the most common one that uses random 6 characters per victim. I would check with Dr. Web, they are the only ones able to help with that one (for a reasonable fee).


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 Infectedworld

Infectedworld
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 17 May 2017 - 09:31 AM

Have you uploaded an encrypted file to ID Ransomware? Without a ransom note it may be hard to identify though. Crypt0L0cker aka TorrentLocker is the most common one that uses random 6 characters per victim. I would check with Dr. Web, they are the only ones able to help with that one (for a reasonable fee).

id ransomware didnt know what ransomware it was the files are not that important to recover since he made a recent backup before the attack

 

Thanks for letting me know i will try to find a decrypter for torrentlocker and test is



#4 ronaldmirello

ronaldmirello

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 17 May 2017 - 09:52 AM

Have you uploaded an encrypted file to ID Ransomware? Without a ransom note it may be hard to identify though. Crypt0L0cker aka TorrentLocker is the most common one that uses random 6 characters per victim. I would check with Dr. Web, they are the only ones able to help with that one (for a reasonable fee).

Is not a crypt0l0cker beacuse this usually uses random 6 characters, this : .afqcoyk have 7 characters.



#5 Infectedworld

Infectedworld
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:28 PM

Posted 17 May 2017 - 10:29 AM

i found some files called DecryptAllFiles.doc.afqcoyk and such i did some research on other threads and i think its ctb-locker are there any decrypt tools yet? i couldnt find any



#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:28 PM

Posted 17 May 2017 - 10:35 AM

 

Have you uploaded an encrypted file to ID Ransomware? Without a ransom note it may be hard to identify though. Crypt0L0cker aka TorrentLocker is the most common one that uses random 6 characters per victim. I would check with Dr. Web, they are the only ones able to help with that one (for a reasonable fee).

Is not a crypt0l0cker beacuse this usually uses random 6 characters, this : .afqcoyk have 7 characters.

 

 

Ah, good point, can't count this morning. :P

 

It indeed may be CTB-Locker, which is not decryptable.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 17 May 2017 - 02:31 PM

A repository of all current knowledge regarding CTB-Locker (Critroni, Onion) is provided by Grinler (aka Lawrence Abrams), in the: CTB-Locker and Critroni Ransomware Information Guide and FAQ

There is an ongoing discussion in this topic where other victims have been directed there to share information, experiences and suggestions but as noted by Demonslay335, CTB-Locker, is not decryptable.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users