Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LockCrypt (.lock) Support Topic - ReadMe.TxT


  • Please log in to reply
45 replies to this topic

#31 CACH

CACH

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:50 AM

Posted 13 September 2017 - 02:51 PM

I had a LockCrypt problem with a hacker jekr@aol.com after paying him I got the exe program and I recovered the information.

 



BC AdBot (Login to Remove)

 


m

#32 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:50 AM

Posted 13 September 2017 - 03:01 PM

If you received a working decrypter, you can zip and submit it here with a link to this topic along with a few encrypted files and anything else the malware writers provide.

Even though the decrypter will not work for other victims, our crypto malware experts may be able to get some information by analyzing it further.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#33 MrChan

MrChan

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:50 AM

Posted 15 September 2017 - 06:45 AM

It's easier to pay these guys than wait until you personalize the data and stay out of work. LOL.



#34 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:50 AM

Posted 15 September 2017 - 07:08 AM

Most security experts will advise against paying the ransom demands of the malware writers because doing so only helps to finance their criminal enterprise and keep them in business. One of the reasons that folks get infected is because someone before them paid the bad guys to decrypt their data. The more people that pay the ransom, the more cyber-criminals are encouraged to keep creating ransomware for financial gain. Further, there is no guarantee that paying the ransom will actually result in the restoration (decryption) of your files.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#35 apitsos

apitsos

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bielefeld
  • Local time:05:50 PM

Posted 15 September 2017 - 12:54 PM

Today my office's server was also compromised. I tried to negotiate with the hacker (stnsatan@aol.com or Satan-Stn@bitmessage.ch), but with no luck. He demanded 1 bitcoin and after asking to reduce his demands he asked 0.5 bitcoin, which is still a very high amount that I can't pay.

 

So after checking it with Webroot (as I had a Webroot antivirus installed on the server), they told me that this is still an unresolved issue and there isn't any decryption tool. They helped me submit a file on this (https://id-ransomware.malwarehunterteam.com) site. A friend also suggested this (https://www.nomoreransom.org) one. I also submitted a couple of files there.

 

Currently I am running "CryptoSearch" in order to make copies of all the encrypted files and see what to do with the system. If anyone of you have a decryptor, a solution or anything else that could help me, I would really appreciate if he could share it with me. I am desperate now and I see my small company being destroyed now.



#36 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:50 AM

Posted 15 September 2017 - 04:12 PM

Webroot is correct...there is no known way to decrypt files encrypted by LockCrypt without paying the ransom. If possible, your best option is to restore from backups or wait for a possible solution at a later time.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#37 apitsos

apitsos

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bielefeld
  • Local time:05:50 PM

Posted 15 September 2017 - 05:39 PM

I do have a question. If I provide you a locked (encrypted) and an unencrypted version of the same file, would that be useful at all, in order to help me?



#38 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:50 AM

Posted 15 September 2017 - 05:44 PM

I do have a question. If I provide you a locked (encrypted) and an unencrypted version of the same file, would that be useful at all, in order to help me?

 

We have plenty of samples, as we have the malware itself. Afraid we haven't found a way to exploit it at this point.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#39 apitsos

apitsos

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bielefeld
  • Local time:05:50 PM

Posted 15 September 2017 - 05:59 PM

Any estimation of when you may have a solution?



#40 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,245 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:50 AM

Posted 15 September 2017 - 06:07 PM

No guarantees it can even be done. We can never guarantee when or if any ransomware can be decrypted without paying the criminals. It all comes down to how secure it actually is, and if there are any weaknesses to even exploit.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#41 apitsos

apitsos

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bielefeld
  • Local time:05:50 PM

Posted 15 September 2017 - 06:16 PM

Do you know why CryptoSearch finds zero (0) files? Here are the result notes:

 

 

Retrieving data from ID Ransomware...
Definitions saved to: E:\Data\Users\Administrator\Downloads\CryptoSearch\cryptosearch-definitions.bin
Loaded data on 403 ransomwares
 
Searching for files encrypted by LockCrypt...
 
 
Complete, found 0 encrypted folders with 0 encrypted files
 
Searching for files encrypted by LockCrypt...
 
 
Complete, found 0 encrypted folders with 0 encrypted files


#42 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:50 AM

Posted 15 September 2017 - 06:30 PM

Any estimation of when you may have a solution?

Whether you can recover (decrypt) your files or not depends on what ransomware infection you are dealing with and a variety of factors. All crypto malware ransomware use some form of encryption algorithms, most of them are secure, but others are not. The possibility of decryption depends on the thoroughness of the malware creator, what algorithm the creator utilized for encryption, discovery of any flaws and sometimes just plain luck. Newer ransomware variants use a public and private key system where the public key is used to encrypt and the private key is used to decrypt. The private key is stored on a central server maintained by the cyber-criminals and not available unless the victim pays the ransom or at some point, law enforcement authorities arrest the criminals...seize the C2 server and release the private RSA decryption keys to the public. In some cases, the cyber-criminals, for whatever reason, choose to release the master keys after a period of time but that too is not a guarantee.

Dr.Web statistics show that the probability of restoring files compromised by encryption ransomware doesn't exceed 10%. That means that most of user data has been lost for good!

Dr.Web: Encryption ransomware - Threat No. 1

There are a lot of dedicated people who research, analyze and investigate crypto malware as well as provide expert assistance to victims of ransomware infections...Grinler (the site owner of Bleeping Computer), Fabian Wosar (the head of Emsisoft's malware lab), xXToffeeXx (who works with Fabian), Demonslay335, BloodDolly, and Nathan (DecrypterFixer) to name a few.

Each of them have created or been involved in creating various decryption tools which have helped many victims recover their files but they can't perform miracles.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#43 apitsos

apitsos

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bielefeld
  • Local time:05:50 PM

Posted 16 September 2017 - 06:18 AM

quietman7, thank you very much for all the information. I really appreciate it.



#44 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 49,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:50 AM

Posted 16 September 2017 - 06:21 AM

You're welcome
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#45 Bard555

Bard555

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:50 AM

Posted 24 October 2017 - 11:52 AM

djekr@aol.com did follow through with his/her promise to send a decryption key and we were able to decrypt our files.

HJF2NRM522E6TMS8






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users