Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware DMALocker byte pattern !Encrypt!##


  • Please log in to reply
2 replies to this topic

#1 JakaDolenec

JakaDolenec

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 25 May 2017 - 12:38 PM

Our Windows server was attacked by Ransomware DMALocker.

 

All of files and database backups where encrypted with byte pattern !Encrypt!##   .

 

We found cryptinfo.txt, date_1.txt, start.txt, svchosd.exe under C:/ProgramData

 

Screens

https://www.dropbox.com/s/xmohzomktn845r9/RootServer_XL.PNG?dl=0

https://www.dropbox.com/s/uqvuiz6x6j0qe5n/cryptinfo.png?dl=0

 

Is there any chance to decrypt the encrypted files or is better to pay? We need database files to get instance in running mode. 

 

Thanks for replay

 

Jaka



BC AdBot (Login to Remove)

 


#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,078 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:08:45 AM

Posted 25 May 2017 - 01:32 PM

Please upload the svchosd.exe to VirusTotal and post the results link in your reply.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 JakaDolenec

JakaDolenec
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  

Posted 25 May 2017 - 01:49 PM

Hello,

 

result of svchostd.exe

https://www.virustotal.com/en/file/38527d20338fb35717b349176b976610465d368123c083fb88115e982b367918/analysis/1495737866/

 

Kind regards






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users