I used malwarehunterteam.com to investigate a new ransomware infection on my PC. After uploading sample ransom note and encrypted file, received message " Unable to determine reansomware". It said to reference this case: SHA1: 4ec0f18937e9ef3062b1805ee65689f92b46cc00
All affected names now have the following extension added to them: .[BM-NBM1DiE52wgzUUnzcRPwjMjPEcV4qfpr@bitmessage.ch].master
I ran these files through several detection tools that I found online and none picked up the type of ransomware this is.
If someone has any ideas on what I can do next, please let me know. I do have a few good (backed up) files that I can restore against encrypted files. I just don't have all my files backed up.
Following is the ransom text:
Your important files produced on this computer have been encrypted due a security problem
If you want to restore them, write us to the e-mail: BM-NBM1DiE52wgzUUnzcRPwjMjPEcV4qfpr@bitmessage.ch
You have to pay for decryption in Bitcoins. The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
[FREE DECRYPTION AS GUARANTEE]
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information
and their total size must be less than 1Mb
[HOW TO OBTAIN BITCOINS]
The easiest way to buy bitcoin is LocalBitcoins site.
You have to register, click Buy bitcoins and select the seller
by payment method and price
Do not rename encrypted files
Do not try to decrypt your data using third party software, it may cause permanent data loss
If you not write on e-mail in 36 hours - your key has been deleted and you cant decrypt your files
Edited by undoubted, 29 May 2017 - 12:26 AM.