Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MOLE01 Extension, ransom note


  • This topic is locked This topic is locked
1 reply to this topic

#1 Filthyhobo

Filthyhobo

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 07 July 2017 - 05:24 AM

File Extension:  .MOLE01

 

Ransom Note:

File name:  _HELP_INSTRUCTION.TXT

 

 !_! INFORMATIONS!_! 
 
 All  your files are encrypted with RSA2048 and AES128 ciphers.
 More information about the RSA and AES can be found here:
 
 Decrypting  your files is only possible with 
he private key and decrypts programs, which is on our secret server.
 
 Follow these steps:
 1. Download and install Tor_Browsers: http://torproject.org/download/download-easy.html
 2. After a successful installation, run the browser and wait for initialization.
 3. Type in the address bar:
 4.Follow the instructions on the site.
 !_! Your DECRYPT-ID: 2c644747-0caa-401e-8c02-96f2268c5761 !_!
 
One user computer was encrypted, and then the shared folders that the user had access to were also encrypted. Malwarebytes removed the infected files, and I only grabbed the name of one before it was quarantined - I was a bit panicked and didn't think to save them.  File was located at %appdata%\Roaming\BCDEDEC2584.EXE.  Malwarebytes labeled that as Ransom.GlobeImposter.
 
When ID'ing the ransomware I'm told that it's CryptoMix Revenge, but the file extensions don't seem to match up.  
 
I can't find much about the .MOLE01 extension, just the .MOLE and the .MOLE02 extensions.  I attempted to run the MOLE02 decryption software from this site and attempted to use the decryption software from cert.pl but that didn't work either.
 
I'm currently recovering from the limited backups that they have and hoping I've overlooked an already discovered decryption method.


BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,395 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:04 AM

Posted 07 July 2017 - 07:07 AM

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in one of the above support topic discussions...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users