Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with ransomware please - .fat32


  • Please log in to reply
5 replies to this topic

#1 lianatx

lianatx

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 11 November 2017 - 12:08 PM

I was hit with ransomware on 11/10/17, probably through an open RDP port.

 

All encrypted files have a .fat32 extension.

 

The ransom file is info.txt. Its content is shown below.

 

ID Ransomware cannot identify it. The case ID is SHA1: 0263b4220ef48e62fd01cd95b39aa88384223c72.

 

Please help. Thank you.

 

-----------------------------------------------------------------

 

Your data set are encrypted.

We can help decrypted files.

Price for full decrypt all files 700$

You will get decrypt soft + personal key + manual.



For recover your files - contact us email:

BM-2cVCMjYXg5ZwLi2t6mETUeQYhMNDmbfFA2@bitmessage.ch



Please use public email for contact: gmail etc.



For you to be sure, that we can decrypt your files

You can send us 1-2 encrypted files and we will send back it in a decrypt format FREE.

For download files use only dropmefiles.com not more then 10 Mb



Send us an email:

1.Personal ID

2.link dropmefiles.com

after wait decrypted files and further instructions.



Personal ID:

Hef0b1e0pI2y98boOKa7ciG2lUV8XIHAdoC5me99



Do not rename encrypted files

Not use false encryption key, it cause pernament data loss



You must pay within 72 hours, or the price will be more.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 11 November 2017 - 04:35 PM

Looks new.

 

Our crypto malware experts most likely will need a sample of the malware file itself to analyze. Samples of any suspicious executable's (installer, malicious files, attachments) that you suspect were involved in causing the infection can be submitted (uploaded) here with a link to this topic. There is a "Link to topic where this file was requested" box under the Browse button...it's best to compress large files before sharing.
 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,479 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:16 AM

Posted 11 November 2017 - 09:09 PM

I have not seen any other submissions with that extension, only submissions from your IP.

 

We will definitely need a sample of the malware to identify or analyze if it is new. I have set out a hunt on Twitter, pointing to this topic.

 

https://twitter.com/demonslay335/status/929530452104417281


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 lianatx

lianatx
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 11 November 2017 - 11:30 PM

I uploaded one of the encrypted files and added a few notes. In short: besides the encrypted files (almost the entire filesystem, with the exception of os-related files), there is no trace I can find of the malware. Scans with various tools didn't reveal anything either.



#5 Amigo-A

Amigo-A

  • Members
  • 481 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:01:16 PM

Posted 12 November 2017 - 02:42 AM

b08facbfe43872b5e47f101eff115ae7.png

 

A correct search give an accurate result.

 

Stroman Ransomware
 .stroman
readinfo.txt
You will get decrypt soft + personal key + manual.
BM-2cUunjtSxYEd6Ase6hbhVyvMBVzXPUVdvu@bitmessage.ch
500$
 
Fat32 Ransomware
 .fat32
info.txt
You will get decrypt soft + personal key + manual.
BM-2cVCMjYXg5ZwLi2t6mETUeQYhMNDmbfFA2@bitmessage.ch
700$
 
69728b274374531d02613628779d2cbb.png

Edited by Amigo-A, 12 November 2017 - 03:01 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:16 AM

Posted 12 November 2017 - 07:10 AM

If it is a Stroman related variant, there is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users