Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ID Ransomware identify


  • Please log in to reply
8 replies to this topic

#1 christianPJ66

christianPJ66

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 18 July 2017 - 09:15 AM

Hello, I'm trying to identified the encryptation method used on one infected file who is making a file " *.WWW", and the website: https://id-ransomware.malwarehunterteam.com/identify.php tell me to post a ticket with SHA1: 4135aec4cfef3a8c10cc4cb68f177b54ddaeb390

 Thank you!



BC AdBot (Login to Remove)

 


#2 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 PM

Posted 18 July 2017 - 09:48 AM

I've not seen a ransomware using that extension. Do you have a ransom note as well, or the malware itself?


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#3 christianPJ66

christianPJ66
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 18 July 2017 - 10:01 AM

No, it's just a backup of files who are infected, before  to restore the computer to the day before ...



#4 christianPJ66

christianPJ66
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 18 July 2017 - 10:03 AM

All files on the server have been encrypted with the .WWW extension and are unusable



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 52,087 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:17 PM

Posted 18 July 2017 - 04:08 PM


Samples of any encrypted files can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse... button. Doing that will be helpful with analyzing and investigating by Demonslay335 and our other crypto malware experts.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,087 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:11:17 PM

Posted 19 July 2017 - 03:02 PM

I believe this may be GlobeImpostor 2, where the criminals usually hack into the system due to insecure RDP passwords, however without a note I cannot confirm for sure.

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 christianPJ66

christianPJ66
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 20 July 2017 - 09:59 AM

Thanks a lot for this answer xXToffeeXx, it's a good job for me ...

 

see you soon ! :clapping:



#8 christianPJ66

christianPJ66
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:01:17 AM

Posted 22 August 2017 - 02:14 AM

Up !!

 

Hello, is there a new something for a *.WWW extension files ?



#9 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,591 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:17 PM

Posted 22 August 2017 - 09:01 AM

Up !!

 

Hello, is there a new something for a *.WWW extension files ?

 

You need to supply a ransom note as requested in order to be completely sure of what the ransomware is. We are guessing it is GlobeImposter 2.0, which is not decryptable for free.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users