Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

.AES256 new ransomware help!


  • This topic is locked This topic is locked
6 replies to this topic

#1 biondo6

biondo6

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 18 June 2017 - 02:28 PM

exstension AES256 not identify by "ID Ransomware".

an anyone help me?

some file are here:

 
Presentation ransomware :ATTENZIONE!!!.html:
 
I tuoi dati personali sono stati criptati utilizzando algoritmo AES256 + RSA2048 con una crittografia a chiave unica e decifrare senza questa chiave è impossibile
Vostro ID personale
27 13 60 FA 57 E4 B2 A8 58 60 7C 6A 4D 3B AD 78
38 3E 6F 8E DF 12 10 5E DA 75 D3 66 BE 7D 6B 2C
B0 18 75 DF 06 BA 69 E6 65 67 AD 85 4A C1 7B 6E
CB A8 E6 65 BD 77 A7 7E 69 2D 17 A9 C3 04 6B EB
E3 6B C0 00 EC C4 D2 19 3D D9 7F E2 14 94 65 26
B7 32 35 2A 81 6B 8B FD A2 4F 11 27 0E F6 9C 0B
9F 17 F9 A1 3F 4E 2D 9A BA F9 EF F4 FE 53 32 66
D7 73 B2 A0 4A B7 A6 00 4B 82 0E CD 34 DF F3 F7
Per ottenere la vostra chiave unica seguite l'istruzioni dettagliate su come decifrare i files:
1) Pagare 0.2 Btc (Bitcoin) su portafoglio 1GmNurR3TX8CuqQv4jgNwFBpqhkcXZaio4
2) Scrivere una email al indirizzo "createsign@blader.com" specificando
a. Soggetto: Vostro ID personale
b. Messaggio: Numero di vostro portafoglio nel sistema Bitcoin da dove inviato btc
3) Attendere un messaggio di risposta contenente l'istruzioni per decriptare i files.
Se volete provare decriptare i file al modo suo - Chiediamo fare una copia! Se vengono modificati il nome, estensione, dimensione del file decifrare sarà impossibile !!!
La vostra chiave unica viene memorizzata esattamente 30 giorni dalla data di creazione e poi sarà cancellata in modo permanente.
Ulteriori contatti se non rispondono attraverso il principale - sign.creator@ya.com, redermap@collector.org
 


BC AdBot (Login to Remove)

 


#2 jwoods301

jwoods301

  • Members
  • 1,489 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:38 AM

Posted 18 June 2017 - 02:43 PM

Post the case SHA1 you received from ID Ransomware.



#3 biondo6

biondo6
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 18 June 2017 - 03:58 PM

"ID Ransomware " don't recognize the ransom type and not release any SHA1!

Or i was wrong any passage?



#4 cybercynic

cybercynic

  • Members
  • 557 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:05:38 AM

Posted 18 June 2017 - 05:50 PM

Id-Ransomware lists a SHA-1 hash in it's response if it cannot identify the ransomware. Check it again. This should be posted here for Demonslay or other analysts to refer to.

 

Make sure that you've uploaded BOTH an encrypted file AND the ransom note to ID-Ransomware.

 

Also, your files are inaccessible at Mega - a decryption key is required to download.


Edited by cybercynic, 18 June 2017 - 05:57 PM.

We are drowning in information - and starving for wisdom.


#5 biondo6

biondo6
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:12:38 PM

Posted 18 June 2017 - 06:50 PM

i have some problem with internet connection.But files are also here:https://www.sendspace.com/file/htei2s



#6 cybercynic

cybercynic

  • Members
  • 557 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Edge Of Tomorrow
  • Local time:05:38 AM

Posted 18 June 2017 - 07:00 PM

This is the result from ID-Ransomware: You need to monitor and post in the GlobeImposter topic in the future. No free solution at this time.

 

 

GlobeImposter 2.0
 This ransomware has no known way of decrypting data at this time.

It is recommended to backup your encrypted files, and hope for a solution in the future.

Identified by

  • custom_rule: victim ID format

 

Click here for more information about GlobeImposter 2.0
Ransomware Got Past Your Antivirus?

 

 


We are drowning in information - and starving for wisdom.


#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:38 AM

Posted 19 June 2017 - 04:54 AM

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users