Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

crypt


  • This topic is locked This topic is locked
4 replies to this topic

#1 vcesar1

vcesar1

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 21 September 2017 - 03:27 PM

Hello everyone, I enter a virus in my system and I encrypt all the information, the extension that appears is crypt. the hacker's mail is decryptyour@gmail.com, I have tried to write you to ask how much for the ransom, but it does not respond. I hope someone here can help me



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:50 PM

Posted 21 September 2017 - 03:34 PM

The .crypt extension is more generic since it is used by several types of ransomware so the ransom note is needed for confirmation.

The best way to identify the different ransomwares is the ransom note (including it's name), samples of the encrypted files, any obvious extensions appended to the encrypted files, information related to any email addresses used by the cyber-criminals to request payment and the malware file responsible for the infection.

You can submit samples of encrypted files and ransom notes to ID Ransomware for assistance with identification and confirmation. This is a service that helps identify what ransomware may have encrypted your files and then attempts to direct you to an appropriate support topic where you can seek further assistance. Uploading both encrypted files and ransom notes together provides a more positive match and helps to avoid false detections.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 vcesar1

vcesar1
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:05:50 PM

Posted 21 September 2017 - 03:57 PM

WARNING!!! Your files are encrypted!
Your personal ID:
61 91 AF 9A 2B E0 22 09 3B 67 D2 94 5C 18 78 28
C7 FC 6F 42 46 0A 44 A9 23 57 C3 22 BB F7 68 74
71 58 C7 C8 07 EE 01 7B 7E 7A F4 EF 32 AC 75 A6
48 F8 63 91 40 22 3B 11 26 9B 00 FD 15 20 D4 4C
58 84 B7 D6 C7 B8 0B 29 36 41 93 5D AA 61 D0 5F
88 EA AA 2D 20 86 E0 41 95 BE F2 59 F2 AC 3E BE
8E 92 39 84 95 B6 D3 5A 3C 7F EB F3 7A 6F E8 9B
42 46 FB 51 79 CA 1B 9F B1 43 06 71 92 35 51 3F
Save the ID before doing anything on the computer!!! Be sure to save this ID, without it decryption is impossible!!!
All your files (databases, documents, tables, backup's, etc.) are encrypted with the most cryptographic encryption algorithm RSA-2048, decryption is possible only with the help of our decoder.
To recover data you need decryptor.
Instructions for obtaining a decryptor:

Send your ID to the mailbox below and wait for the answer:decryptyour@gmail.com In the response letter there will be instructions for decoding.

 
Attention!
  • Do not attempt to remove the program or run the anti-virus tools
  • Attempts to self-decrypting files will result in the loss of your data
  • Decoders other users are not compatible with your data, because each user's unique encryption key

 

 

 

 

in ID Ransomware shows me several, but nothing



#4 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:50 PM

Posted 21 September 2017 - 04:31 PM

ID Ransomware gave you the correct answer based on multiple identifiers. It is GlobeImposter 2.0; there is no way to decrypt the files. You can only restore from backups, or pay the criminals (not recommended).


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,287 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:50 PM

Posted 21 September 2017 - 04:34 PM

Since the infection has been identified, rather than have everyone with individual topics, it would be best (and more manageable for staff) if victims posted any more questions, comments or requests for assistance in the below support topic discussion.To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users