Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware with extention .PRIAPOS


  • Please log in to reply
9 replies to this topic

#1 sectionsecure

sectionsecure

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 23 May 2017 - 07:24 AM

Greetings,

 

I have found my files are encrypted with extension  .PRIAPOS

I run the malware bytes and i found malware  Ransom.FileCryptor.E

After i saw a exe file which is named how to restore file , i have open in the notepad and found some ransomware text. Please guide me how to recover my files and remove ransom ware.

 

 

Following are the text of exe file :

 

==================================================================================

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

  <head>

    <meta charset="windows-1251">

    <title>Instructions!!!</title>

    <HTA:APPLICATION

      ICON="UserAccountControlSettings.exe"

    />

    <script language="JScript">

      window.moveTo(50, 50);

      window.resizeTo(screen.width - 100, screen.height - 100);

    </script>

 

    <style type="text/css">

 

      body {

        font: 15px Tahoma, sans-serif;

        margin: 10px;

        line-height: 25px;

        background: #EDEDED;

      }

      .bold {

        font-weight: bold;

      }

      .mark {

        background: #D0D0E8;

        padding: 2px 5px;

      }

 

      .header {

        font-size: 30px;

        height: 50px;

        line-height: 50px;

        font-weight: bold;

        border-bottom: 10px solid #D0D0E8;

      }

 

      .info {

        background: #D0D0E8;

        border-left: 10px solid #00008B;

      }

      .alert {

        background: #FFE4E4;

        border-left: 10px solid #FF0000;

      }

      .private {

        border: 1px dashed #000;

        background: #FFFFEF;

      }

      .note {

        height: auto;

        padding-bottom: 1px;

        margin: 15px 0;

      }

      .note .title {

        font-weight: bold;

        text-indent: 10px;

        height: 30px;

        line-height: 30px;

        padding-top: 10px;

      }

      .note .mark {

        background: #A2A2B5;

      }

      .note ul {

        margin-top: 0;

      }

      .note pre {

        margin-left: 15px;

        line-height: 13px;

        font-size: 13px;

      }

    </style>

  </head>

 

  <body>

    <div class="header"> All your files have been encrypted!</div>

    <div class="note private">

      <div class="title"> All your files have been encrypted due to a security problem with your PC.</div>

      <pre>1564399044070554943108556778820245952331156532499209715547979220699582436961903411386840392191017409

6714410165002567124518764257298041777021680382432641708955644840200316721318972863648529427904330468

5711347569182815913105953702546346068925911830912715804312038878809216745714072861103088428147320542

4672974799504022998960849885540330011058059398603220535638858534656752433766238635812715858800112094

3560115171604618069234094286374382180707819640242713985329753423869748935569969781745606640070318560

9398196620682410966356783750928048935413510133808894317928517806273083605658937881538647278195794556

709283426293060205</pre><!-- !!! Don't edit this line !!! -->

    </div>

 

    <div class="bold">You have to pay for decryption in Bitcoins. The price depends on how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.If you want to restore them, write us to the e-mail mk.priapos@bigmir.net </div>

 

    <div class="bold"> Before paying you can send us up to 1 files for free decryption. The total size of files must be less than 10Mb (non archived), and files should not contain valuable information.</div>

   

    <div>The amount you need to pay to receive your files <span class="mark">1.5(Bitcoin)</span></div>

 

    <div class="note info">

      <div class="title"> How to obtain Bitcoins</div>

      <ul>

        <li> The easiest way to buy bitcoins is LocalBitcoins site. You have to register, click 'Buy bitcoins', and select the seller by payment method and price.</li>

        <li>Bitcoin:

          <br><a href="http://www.localbitcoins.com">http://www.localbitcoins.com</a> (Visa/MasterCard, QIWI Visa Wallet, Bank Transfer.)

          <br><a href="

        </li>

        <li>Send <span class="mark">1.5 BTC</span> </li>

      </ul>

    </div>

 

    <div class="note info">

      <div class="title">If I can not connect through the mail, I can not</div>

      <ul>

        <li>mk.priapos@bigmir.net</li>

      </ul>

    </div>

 

    <div>In the reply letter you will receive a program for decryption.</div>

 

    <div>After starting the decryption program, all your files will be restored.</div>

 

    <div class="note alert">

      <div class="title">Attention!</div>

      <ul>

        <li>Do not try to uninstall the program or run antivirus software</li>

        <li>Attempts to self-decrypt the files will lead to the loss of your data</li>

        <li>Decoders of other users are incompatible with your data, as each user has a unique encryption key</li>

      </ul>

    </div>

  </body>

</html>

 



BC AdBot (Login to Remove)

 


#2 thyrex

thyrex

  • Members
  • 526 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:12:00 PM

Posted 23 May 2017 - 07:39 AM

I think that Ransom.FileCryptor.E maybe Amnesia Ransomware.
Please upload ransomer's message with one encrypted file to ID Ransomware


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#3 sectionsecure

sectionsecure
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 23 May 2017 - 08:05 AM

I have upload the message its provided me only SHA1 text

 

 

Unknown Ransomware
 Unable to determine ransomware.

Please make sure you are uploading a ransom note and encrypted sample file from the same infection.

This can happen if this is a new ransomware, or one that cannot be currently identified automatically.

You may post a new topic in the Ransomware Tech Support and Help forums on BleepingComputer for further assistance and analysis.

Please reference this case SHA1: 10d7a5fa702c1341b313c0e5ba73dd5707b6fcd1

 



#4 thyrex

thyrex

  • Members
  • 526 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:12:00 PM

Posted 23 May 2017 - 09:48 AM

Please upload sample encrypted file and ransomers message onto https://www.sendspace.com and give us download link


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#5 sectionsecure

sectionsecure
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 23 May 2017 - 10:35 AM

please find the link i have uploaded

https://www.sendspace.com/filegroup/TCEwDhtQsfVho1H81xVvLA



#6 thyrex

thyrex

  • Members
  • 526 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:12:00 PM

Posted 23 May 2017 - 11:20 AM

I mistaked. It isn't Amnesia. Can you send file from Malwarebytes quarantine?

Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#7 Amigo-A

Amigo-A

  • Members
  • 416 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:02:00 PM

Posted 24 May 2017 - 03:06 AM

Yesterday, I highlighted this case in separate article, put a link to this topic.
After revealing the genealogy of ransomware, the kinship will be indicated.
 
Spoiler

Edited by Amigo-A, 24 May 2017 - 06:31 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#8 sectionsecure

sectionsecure
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 May 2017 - 05:48 AM

Yes thats same i am effected



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:00 AM

Posted 24 May 2017 - 06:16 AM

Our crypto malware experts most likely will need a sample of the malware file itself to analyze. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button.

Samples of encrypted files and ransom notes can also be submitted.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 sectionsecure

sectionsecure
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:00 PM

Posted 24 May 2017 - 11:39 AM

alright i have submitted the files 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users