Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

All FILES GOT ENCRYPTED WITH BLACKSNOW RANSOMWARE. plz help!


  • This topic is locked This topic is locked
4 replies to this topic

#1 kalemati12

kalemati12

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 09 June 2017 - 04:24 PM

hi

 

all my 4tb files encrypted with BlackSnow randsomware.

please help me to decrypt.

my files are for more than 7 years ago.

realy need my files.

 

"decryptoffice@tuta.io" extention added to all files

 

txt file is:

 

ALL YOUR FILES GOT ENCRYPTED WITH BLACKSNOW RANSOMWARE !

For more information : decryptoffice@tuta.io

Subject : DECRYPT-ID: 201720181BNDLL

PAYMENT ONLY VIA BITCOIN ( BTC )
YOU CAN GET THEM VIA ATM MACHINE OR ONLINE

https://coinatmradar.com/
https://www.localbitcoins.com/


PRICE FOR DECRYPTION KEY : 1 BTC
BTC ADRESS : 1Pa3xbmwg4Zc74ZWTm6xiXy6vakPdvitwE

AFTER YOU MADE THE PAYMENT YOU WILL AUTOMATICALY RECIVE AN EMAIL WITH DECRYPTION KEY AND INSTRUCTIONS !

BEWARE AFTER 48 HOURS YOUR DECRYPTOR FILE WILL AUTO DELETE
AND YOU HAVE TO PAY AN EXTRA 1 BTC FOR NEW DECRYPTOR FILE !

DO NOT TRY TO SCAN WITH ANTIVIRUS YOU RISK LOSING YOUR DATA .

 


Edited by kalemati12, 09 June 2017 - 04:27 PM.


BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:12:49 AM

Posted 09 June 2017 - 05:07 PM

If you had uploaded the ransom note and encrypted file to ID Ransomware, you would see it is Xorist. Use the Emsisoft decrypter.

 

http://www.bleepingcomputer.com/news/security/emsisoft-releases-decryptors-for-the-xorist-and-777-ransomware/


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 kalemati12

kalemati12
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:19 AM

Posted 09 June 2017 - 05:25 PM

I used this decrypter.
But not work for me with same normal and encrypted file.

#4 thyrex

thyrex

  • Members
  • 597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:09:49 AM

Posted 09 June 2017 - 05:54 PM

Upload encrypted file onto https://sendspace.com and give download link


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,905 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:49 AM

Posted 09 June 2017 - 07:23 PM

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the below support topic discussion...Our experts can continue to help you there.To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users