Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

PSCRYPT Ransomware Help & Support Topic (.pscrypt Extension)


  • This topic is locked This topic is locked
23 replies to this topic

#1 MemesDealer

MemesDealer

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 22 June 2017 - 04:41 AM

PC was infected by unknown virus. Files were chenged into .pscrypt

Please help

SHA1: b6cc383c8e047ae333973ead7c011878b5094228



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 PM

Posted 22 June 2017 - 05:11 AM

This looks to be something new...Demonslay335 should be able to confirm.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 tolliik

tolliik

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 05:27 AM

Hi.

I have same problem.

Did have anybody find decryptor?

Im try utiliti from eset, kaspersky, avast and nothin worck for me/

 

P.S. Sory for my English.



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 PM

Posted 22 June 2017 - 05:32 AM

It is too soon to determine if your files can be decrypted. We need more information about the infection,

Did you find any ransom notes and if so, what is the actual name of the note?
Did the cyber-criminals provide an email address to send payment to? If so, what is the email address?

Our crypto malware experts most likely will need a sample of the malware file itself to analyze before anyone can ascertain if the encrypted files can even be decrypted. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 tolliik

tolliik

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 05:45 AM

Ok.

I already did this.

Waiting for help now.

Thanks.



#6 tolliik

tolliik

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 05:47 AM

idrandom said nothing...


Edited by tolliik, 22 June 2017 - 05:47 AM.


#7 rozerko

rozerko

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 06:10 AM

Hi

i have same problem

Attached the file in the form above

ransom note is html file. It says about ~100$ in BTC value. They want  money throught btcu.biz service on number 1AY8WvyqnHwDSqY2rp3LcE6sYTQkCu9oCY with payment proof (screenshot) on email: systems64x@tutanota.com



#8 MemesDealer

MemesDealer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 22 June 2017 - 06:28 AM

here is what they want

 

To recover data you need decryptor.
To get the decryptor you should:
pay for decrypt:
site for buy bitcoin:

  1. https://localbitcoins.com
  2. https://www.coinbase.com
  3. https://xchange.cc

bitcoin adress for pay:
1AY8WvyqnHwDSqY2rp3LcE6sYTQkCu9oCY

Contact us by email : systems64x@tutanota.com. In the letter include your personal ID (look at the beginning of this document)
After answering your inquiry, our operator will give you further instructions, which will be shown what to do next (the answer you get as soon as possible)
In the letter include your personal ID (look at the beginning of this document).

After you will receive a decryptor and instructions
We can decrypt one file in quality the evidence that we have the decoder.

Attention!


  • No Payment = No decryption
  • You really get the decryptor after payment
  • Do not attempt to remove the program or run the anti-virus tools
  • Attempts to self-decrypting files will result in the loss of your data
  • Decoders other users are not compatible with your data, because each user's unique encryption key


#9 MemesDealer

MemesDealer
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 22 June 2017 - 06:35 AM

It is too soon to determine if your files can be decrypted. We need more information about the infection,

Did you find any ransom notes and if so, what is the actual name of the note?
Did the cyber-criminals provide an email address to send payment to? If so, what is the email address?

Our crypto malware experts most likely will need a sample of the malware file itself to analyze before anyone can ascertain if the encrypted files can even be decrypted. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button.

I send infected file 



#10 tolliik

tolliik

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 06:56 AM

Have anybody guess about HOW this virus got on to PC?

I have this on one pc in regional filial of our company, and wont to have this on other pc...



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,593 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:37 PM

Posted 22 June 2017 - 07:04 AM

Crypto malware and other forms of ransomware in particular are typically spread through some type of "user interaction"...opening a malicious email attachment, executing a malcious file, via web exploits, exploit kits, malvertising campaigns and drive-by downloads when visiting compromised web sites. RDP Bruteforce attacks against servers are also an increasing common malware vector by those involved with the development and spread of ransomware.

Section :step2: in this topic explains in more detail the most common methods Crypto malware (file encrypting ransomware) and other forms of ransomware is typically delivered and spread.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 thyrex

thyrex

  • Members
  • 582 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Belarus
  • Local time:09:37 PM

Posted 22 June 2017 - 07:33 AM

Again all victims from Ukraine?


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016


#13 rozerko

rozerko

  • Members
  • 3 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 07:43 AM

Again all victims from Ukraine?

:guitar: in my case yes

ukrainian ramson text cotaints a lot of mistakes so this happiness probably has come from abroad



#14 idkrr

idkrr

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:37 PM

Posted 22 June 2017 - 07:48 AM

In my case too
They want HRYVNAS :lmao:



#15 tolliik

tolliik

  • Members
  • 11 posts
  • OFFLINE
  •  

Posted 22 June 2017 - 07:50 AM

Yes, im victim from Ukraine too  :bananas:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users