Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Hit by Ransomware. Please can you help

  • This topic is locked This topic is locked
2 replies to this topic

#1 JahLevi


  • Members
  • 2 posts
  • Local time:12:24 AM

Posted 10 August 2017 - 01:37 PM

Was hit by Ransomware which decrypted all my files with the suffix " .crypt"

The virus has been removed, but I need to decrypt my important files. My backup was also encrypted. I use an external drive connected to my computer and it is connected via USB. 


Here is the Ransom letter: 


Your files are encrypted!
Your personal ID
7C CD 99 90 54 DA CD 37 1D 1B 56 17 63 B8 94 55
29 E4 09 34 27 E0 62 D4 80 4F A3 B1 7C BD D3 74
24 AC 64 01 7A 70 F8 14 3C 30 9F 2A 77 C5 47 5C
8D ED C9 9B 59 56 99 2E 91 BF 13 D2 9A 90 02 F9
F7 08 BE 69 52 19 32 32 0F AF 9E BE B1 25 14 58
0F B9 9D 1A 75 83 62 AD 86 9D AE D8 1A D9 0D A4
62 AA 45 6D 6C 2D 14 4C B2 00 25 6F 45 9D 41 0F
94 C8 0D 66 A1 A6 AD A9 E5 E1 DF 23 F5 10 D7 28
D1 11 DE B4 E4 0A DB 2D CA 21 93 3B 5F D5 7E 85
D2 1F E0 7A 5B 0C 9E 62 61 61 81 11 21 D1 12 BA
C7 30 8E F8 92 C8 50 BF BE 3A 36 DC 02 AB F6 55
2F 22 5A 0A 8C 7B 10 3A C6 23 BF C3 5E 52 17 F0
0C 7C 11 DB 8E FE A3 54 6E AA 2E B5 62 DB FA DD
C9 CC C4 71 E4 E0 5C 90 89 9D 07 09 17 2D 7D 50
AE B2 0D 58 CE 00 77 70 02 33 96 34 35 01 0B 89
8A ED FE 45 B9 54 8A D8 D1 D1 71 45 59 15 4F 8C
Discovered a serious vulnerability in your network security.
No data was stolen and no one will be able to do it while they are encrypted.
For you we have automatic decryptor and instructions for remediation.
How to get the automatic decryptor:
1) Pay 0.3 BTC:
For example, you can buy BTC on one of these sites:
Bitcoin adress for pay:
Send 0.3 BTC for decrypt

2) Send screenshot of payment to justfriend17@india.com. In the letter include your personal ID (look at the beginning of this document).

3) You will receive automatic decryptor and all files will be restored.

  • To make sure that I have a decoder for your files, you can send one file (less than 10 MB) to justfriend17@india.com by e-mail. Be sure to include your personal code (see the beginning of this document). In the response letter you will receive the decrypted file.
  • No Payment = No automatic decryptor.
  • Do not attempt to remove the program or run the anti-virus tools
  • Attempts to self-decrypting files will result in the loss of your data
  • Decoders other users are not compatible with your data, because each user's unique encryption key
  • If You can't send a message or do not receive a response more than 24 hours, write on justfriend17@yahoo.com

Edited by hamluis, 10 August 2017 - 01:38 PM.
Moved from AII to Ransomware - Hamluis.

BC AdBot (Login to Remove)


#2 JahLevi

  • Topic Starter

  • Members
  • 2 posts
  • Local time:12:24 AM

Posted 10 August 2017 - 08:34 PM

Please, somebody out there!


I need help in decrypting my files. 

Any suggestions at all.


Thanks for your time.

#3 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,897 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:24 AM

Posted 11 August 2017 - 05:30 AM

Some of variants of GlobeImposter 2.0 have been using the .crypt extension and "Your files are encrypted!" is part of the ransom note we have seen.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.

Unfortunately, there is no known way at this time to decrypt files encrypted by all the latest versions of GlobeImposter without paying the ransom. If possible, your best option is to restore from backups.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

The BC Staff
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users