Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

id ransomware


  • Please log in to reply
6 replies to this topic

#1 gpnikola

gpnikola

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 26 May 2017 - 02:15 AM

Hi 

 

Can you check the encrypted and the original file to give a big help.

 

 

 

original https://1fichier.com/?uy3rl5nrt2

 

encrypted https://1fichier.com/?f9d9nd965j

 

 

Thanks in advance.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:48 AM

Posted 26 May 2017 - 03:02 AM

Did you submit any samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 gpnikola

gpnikola
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 26 May 2017 - 03:05 AM

Did you submit any samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation? Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

No 

 

Can you help me i cannot attach both o f them.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:48 AM

Posted 26 May 2017 - 04:48 AM

Why can you not submit both a ransom note and an encrypted file?

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can also be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto malware experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 gpnikola

gpnikola
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 26 May 2017 - 04:52 AM

Why can you not submit both a ransom note and an encrypted file?

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can also be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto malware experts.

the results

 

https://id-ransomware.malwarehunterteam.com/identify.php?case=42d9d19d5f07d10edb49beb06f33604fe94512f5

 

2 Results
Amnesia
 This ransomware is decryptable!

Identified by

  • ransomnote_filename: HOW TO RECOVER ENCRYPTED FILES.TXT

 

Click here for more information about Amnesia
Dharma (.wallet)
 This ransomware is decryptable!

Identified by

  • ransomnote_email: mk.goro@aol.com

 

Click here for more information about Dharma (.wallet)


#6 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:06:48 AM

Posted 26 May 2017 - 08:06 AM

Hmm... do none of your encrypted files have an extension added? Amnesia and Dharma both always add extensions. I'm leaning towards Amnesia due to some patterns in the file, but it may be the newer variant that is still being analyzed.

 

Could you share the ransom note here? It was deleted from ID Ransomware due to it being identified, so I cannot view the contents.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#7 gpnikola

gpnikola
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:03:48 PM

Posted 26 May 2017 - 08:09 AM

Hmm... do none of your encrypted files have an extension added? Amnesia and Dharma both always add extensions. I'm leaning towards Amnesia due to some patterns in the file, but it may be the newer variant that is still being analyzed.

 

Could you share the ransom note here? It was deleted from ID Ransomware due to it being identified, so I cannot view the contents.

====================================================================================================
                          ______  ______  __  __  _____  _____  _____  ______
                         / _   / /     / /  \/ / /  __/ /  __/ /  __/ / _   /
                        /     / /     / /     / /  _/  /__  / _/ /_  /     /
                        \_/__/  \/_/_/  \/\__/  \___/  \___/  \___/  \_/__/
 
====================================================================================================
 
 
 
 
YOUR FILES ARE STRIKED!
 
Your personal identifier
0020916077873794936289265688190251685352242215835974741847657457753982732843845826641462447900197505
0646985556780887127842286466425796410291777413002429897944011039152546961721255100894882117807421171
5092463155769884616816353478245193042160959235240849386271495417203222893587992521020242782986800585
4256409082695659559966310993628730416651618635671725362064651674035802949895280352820872699916105969
5802305887922177389856805545538306534483664753021927424957949327452958395441035086117346722029905161
2187603076287199463536414066723052784718008758108534748118631163600305741576948139727394428857162572
785587277354789264
 
Your documents, photos, databases, save games and other important data were encrypted.
Data recovery requires a decryptor.
To get the decryptor, you should pay for its cost: 2 bitokoya today, tomorrow the payment will increase to 4 bitokonov
Cash must be transferred to the Bitcoin-purse: 1swAqc6dAyqcSaKdx8VnuJhhE9vaYLHFb
 
If you do not have bitocoins
 * Create a Bitcoin purse: https://blockchain.info/en/wallet/new
 * Buy Bitcoin crypto currency:
   Https://localbitcoins.com/buy_bitcoins (Visa / MasterCard, QIWI Visa Wallet, etc.)
   Https://www.bitcoin.it/wiki/ Purchase of bitters (instruction for beginners)
 * Send 2 BTC (tomorrow 4 BTC) to the address 1swAqc6dAyqcSaKdx8VnuJhhE9vaYLHFb
 
After payment is done, send an email to mk.goro@aol.com.
In the letter, enter your personal identifier.
 
If I can not connect through the mail, I can not
 * Register on the site http://bitmsg.me (online sending service Bitmessage)
 * Write an email to BM-2cSyZWbjkh9bWhNRJkn4aT9eR7LN8Jnikg with your email and
Personal identifier
 
In the reply letter you will receive a program for decryption.
After starting the decryption program, all your files will be restored.
 
Attention!
 * Do not attempt to uninstall the program or run antivirus software
 * Attempts to decrypt files by themselves will result in the loss of your data
 * Decoders of other users are incompatible with your data, as each user
Unique encryption key





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users