Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are any of this ransomware decryptable?


  • Please log in to reply
10 replies to this topic

#1 3J Kernel

3J Kernel

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 30 November 2017 - 04:53 AM

Good morning:

I would want to know if any of this ransomware are decryptable.Because this last months there wasn't much activity. Thank you.

 

CryptXXX 3.0

CrypMic

Locky

CTB-Locker

.Zepto

CERBER

.Crypz

.Cryp1

Cryptowall 2, 3 and 4

.odin

.thor

Dharma

PCLock

Spora

Matrix

Bandarchor

Hermes 2

Cry36

.MOLE

ACCDFISA 2

PCLock(the last one)

 

Thanks a lot in advance



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 30 November 2017 - 07:22 AM

According to my notes, there is no known method to decrypt files encrypted by CryptoWall, CTB-Locker, Locky (all variants), GlobeImposter 2.0 (all variants), Cryptofag (Mobef), Shade, CrypMIC, Cerber v2/v3 or newer v4x/v5x variants, newer variants of PClock, newer variants of Al-Namrood/Apocalypse, Dharma (.zzzzz, .cesar, .arena, .java variants), BTCWare (AES-256 versions .blocking, .encrypted, .aleta, .crypton, .gryphon, .nuclear, .wyvern, .payday) Spora, Scarab, CryptoMix/CryptoShield, Bitpaymer, LockCrypt, NMoreira 2.0 (HakunaMatata), Vortex, Samas, Mischa, Goldeneye, DEDCryptor, Zyklon Locker (GNL), Jaff, RSAUtil, nCrypt, YYTO, UIWIX, Maysomware, Evil-JS, RSAUtil, Maykolin, Hermes 2.0, Serpent, Ishtar, Kriptovor (NEITRINO), Paradise, Sage 2.0, Zyklon Locker, Brazillian, DEDCryptor, Unlock92 (.CCCRRRPPP, .blocked, .block variants), Surprise, Samas, TrueCrypter, Satan, ACCDFISA v2.0, MireWare, Lalabit*h, the Nemucod variant which uses 7-zip and many other ransomware variants without paying the ransom. CryptXXX V3 only has partial recovery.

This is primarily due to the type of encryption used by the malware writers and the fact that the key is not generated on the victim's computer ensuring it is much harder to break. Unless the criminals are found and arrested by the authorities, and/or the keys are recovered then provided to the public, there is no possibility that anyone can provide a decryption tool.


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,300 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:08:32 PM

Posted 30 November 2017 - 09:16 AM

I've been told Dr. Web can help with BandarChor in rare cases, but otherwise all of the rest still are impossible to decrypt. Only chances will be if the keys are leaked and/or the criminals behind them caught by law enforcement.

 

CryptoMix (.MOLE) has a very slight chance due to a flaw in the key distribution, but it's rare to be able to help a victim with that one as well.


Edited by Demonslay335, 30 November 2017 - 09:17 AM.

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#4 3J Kernel

3J Kernel
  • Topic Starter

  • Members
  • 64 posts
  • OFFLINE
  •  
  • Local time:03:32 AM

Posted 30 November 2017 - 11:12 AM

Thank you for your answers!!



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 30 November 2017 - 04:07 PM

You're welcome on behalf of the Bleeping Computer community.
 


.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 alexr78

alexr78

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:32 PM

Posted 03 December 2017 - 11:30 PM

Does any one know the process of decryption after the ransom is paid ? Does the source send the a key to use with a software decryptor ? is it just an EXE ? or custom written executable with the hash inside ?

 

Thanks in advance,



#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 04 December 2017 - 08:11 AM

Some victims have reported paying the ransom only to discover the criminals wanted more money...demanding additional payments with threats the data would be destroyed or exposed. Still others have reported they paid but the cyber-criminals did not provide a decryptor or a key to decrypt the files, while others reported the decryption software and/or key they received did not work, resulted in errors and in some cases caused damage to the files. Most cyber-criminals provide instructions in the ransom note that allow their victims to submit one or two limited size files for free decryption as proof they can decrypt the files. However, decryption in bulk may not always work properly or work at all. In some cases victims may actually be dealing with scam ransomware where the malware writers have no intention or capability of decrypting files after the ransom is paid.

Keep all this in mind if you are considering paying the ransom since there is never a guarantee decryption will be successful or that the decrypter provided by the cyber-criminals will work as they claim...and using a faulty or incorrect decryptor may damage or corrupt the files even further. The criminals may even send you something containing more malware...so why should you trust anything provided by those who infected you in the first place. place.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 neco423

neco423

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 06 December 2017 - 11:55 PM

Where we found information about the latest leaked keys?



#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 07 December 2017 - 09:18 AM

Grinler, the site owner, typically will post a news article on the BleepingComputer front page.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 neco423

neco423

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:08:32 PM

Posted 07 December 2017 - 01:02 PM

Thanks, I´ll be pending on the news :/



#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,102 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:32 PM

Posted 07 December 2017 - 04:11 PM

You're welcome.
.
.
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Microsoft MVP Reconnect 2016
Windows Insider MVP 2017
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users