Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Encrypter HAKB Ransomware


  • This topic is locked This topic is locked
4 replies to this topic

#1 khushnoor

khushnoor

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:06 AM

Posted 29 June 2017 - 01:52 AM

Hello Dear Bleeping Computer 
 today i got hacked by MAKB encryptor Ransomware see the blow message which i got it 
 
YOUR FILES ARE ENCRYPTED!
Your personal ID
D0 92 68 3A 74 EA B5 4F 1F D1 E7 AA EC A1 F1 22
FB FF 0E E7 58 BB 1D 0F 66 7F C0 AF B3 84 68 16
0C F4 D6 D3 52 E9 64 2B A8 4B 03 10 DB AF 57 B6
0E 82 DF EA 31 1D 42 97 07 0D 0E 91 D2 05 05 95
52 94 31 EE 6B 13 C2 A3 28 9F 65 D1 EB F2 13 AF
40 CA 71 B6 81 0B F5 59 06 04 08 37 03 7A 8C 5C
2D A6 62 C5 D1 F5 D3 22 8D B8 91 76 3B 65 47 8A
88 E4 2C BA 89 B8 6C 23 F0 7C B7 FA EA E3 62 87
All your files have been encrypted due to a security problem with your PC.
To restore all your files, you need a decryption.
If you want to restore them, write us to the e-mail makbigfast@india.com.
In a letter to send Your personal ID (see In the beginning of this document).
You have to pay for decryption in Bitcoins.
The price depends on how fast you write to us.
After payment we will send you the decryption tool that will decrypt all your files.
In the letter, you will receive instructions to decrypt your files!
In a response letter you will receive the address of Bitcoin-wallet, which is necessary to perform the transfer of funds.
HURRY! Your personal code for decryption stored with us only 72 HOURS!
Our tech support is available 24 \ 7
  • Do not delete: Your personal ID
  • Write on e-mail, we will help you!
Free decryption as guarantee
Before paying you can send to us up to 3 files for free decryption.
Please note that files must NOT contain valuable information and their total size must be less than 10Mb.
When the transfer is confirmed, you will receive interpreter files to your computer.
After start-interpreter program, all your files will be restored.
Attention!
  • Do not rename encrypted files.
  • Do not try to decrypt your data using third party software, it may cause permanent data loss.
  • Decryption of your files with the help of third parties may cause increased price (they add their fee to our) or you can become a victim of a scam.
  • Do not attempt to remove the program or run the anti-virus tools
  • Attempts to self-decrypting files will result in the loss of your data
  • Decoders are not compatible with other users of your data, because each user's unique encryption key 

Edited by khushnoor, 29 June 2017 - 02:08 AM.


BC AdBot (Login to Remove)

 


#2 paul88ks

paul88ks

  • Members
  • 1,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Dallas,Texas
  • Local time:09:06 PM

Posted 29 June 2017 - 02:06 AM

YIKES!



#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:06 PM

Posted 29 June 2017 - 05:28 AM

Are there any obvious file extensions appended to or with your encrypted data files (i.e. several random hexadecimal characters, words or email addresses)? If so, is the extension the same for each encrypted file or is it different?

Did you find any ransom notes and if so, what is it's actual name? These infections are created to alert victims that their data has been encrypted and demand a ransom payment. Check your documents folder for an image the malware typically uses for the background note. Check the C:\ProgramData (or C:\Documents and Settings\All Users\Application Data) for a randomly named .html, .txt, .png, .bmp, .url file. Most ransomware will also drop a ransom note in every directory/affected folder where data has been encrypted.

Did the cyber-criminals provide an email address to send payment to?

The best way to identify the different ransomwares is the ransom note (including it's name), samples of the encrypted files, the malware file itself, any obvious extensions appended to the encrypted files, samples of the encrypted files and information related to any email addresses used by the cyber-criminals to request payment.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections. If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you in your next reply for Demonslay335 to manually inspect the files.

Example screenshot:
2016-07-01_0936.png

Samples of any encrypted files, ransom notes or suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by our crypto malware experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,085 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:03:06 AM

Posted 17 July 2017 - 04:15 PM

You are dealing with GlobeImpostor 2, it's not currently decryptable. You should secure RDP with a strong password as that is usually how they get access to the system if you have RDP enabled.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:06 PM

Posted 17 July 2017 - 05:39 PM

Since the infection has been identified, rather than have everyone with individual topics, it would be best (and more manageable for staff) if victims posted any more questions, comments or requests for assistance in the below support topic discussion.



To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users