Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rapid Ransomware (.rapid, .paymeme - ! How Recovery Files.txt) Support Topic


  • Please log in to reply
115 replies to this topic

#16 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:31 AM

Posted 21 January 2018 - 10:27 AM

By link, do you mean ID Ransomware?

Is it Scrab or Scarab?

If Scarab, there is no known method to decrypt files encrypted by Scarab without paying the ransom. If possible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#17 MrL0c0

MrL0c0

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:31 AM

Posted 21 January 2018 - 10:32 AM

yea,  Scarab.

but the txt is not much info.



#18 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:31 AM

Posted 21 January 2018 - 12:31 PM

@ MrL0c0

According to Amigo-A (Andrew Ivanov), you may be actually be dealing with Rapid Ransomware
Hello!
All your files have been encrypted by us
If you want restore files write on e-mail - paymeme@cock.li or paymeme@india.com
 ID **
Send me your ID and 1-3 small encrypted files(The total size of files must be less than 1Mb (non archived)) for free decryption. 
As such, I have merged your other topic into this one.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#19 densimuz

densimuz

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:11:31 AM

Posted 21 January 2018 - 05:25 PM

I'm fairly certain it is secure, but haven't had time to continue analysis on it. It generates an RSA-1024 pair per run, and encrypts the private key of that with a hard-coded RSA-2048 public key. This encrypted key is saved to the registry (example below). The public key is saved in its raw CryptoAPI blob form, as it is what is used to encrypt files directly. Thus, it's very slow to run.

 

 

2018-01-19_1615.png

 

Good day, did not find how to decrypt the encrypted files?, I have the same problemma



#20 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,555 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:31 AM

Posted 21 January 2018 - 09:16 PM

I literally just explained why it cannot be decrypted. You have to have the criminal's private RSA-2048 key.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#21 Amigo-A

Amigo-A

  • Members
  • 579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:01:31 PM

Posted 22 January 2018 - 02:59 AM

In the case of MrL0c0, one can only assume about the identity of the extortionist with Rapid (part of the text, lexis, copying of the text).

Need a sample of a malicious file, that I can compare it with an early sample. 

 

Attackers copy any elements from each other or start new malware campaigns.

 

Speaking of Scarab, it has changed many times, after separation from Amnesia, he is divided into various harmful campaigns, it grows with new shoots, as an octopus-mutant.


Edited by Amigo-A, 22 January 2018 - 03:33 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#22 Stone_de_Croze

Stone_de_Croze

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 13 February 2018 - 03:48 AM

Hi all,

 

I too have been attacked by .rapid ransomware even though I was running AVG and was behind a firewall. I didn't open any files so assume that I was a victim of a brute force attack through my RDP port.

 

I have managed to clear the infection using the recommendations found online. However, I still have a situation where files are encrypted.

 

I am aware that there is not a very high chance of getting these files decrypted but was wondering if anyone might be able to shed some light on how long it takes for the clever people that create the decryption tools to come up with one that would fix the issue?

 

Also I was wondering if anyone might be able to give some constructive suggestions for preventative measures going forward?

 

Many thanks



#23 Amigo-A

Amigo-A

  • Members
  • 579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:01:31 PM

Posted 13 February 2018 - 04:46 AM

Stone_de_Croze

 

New article about Rapid Ransomware


My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Знаете русский язык? Пишите мне на русском. Помогу. 


#24 Stone_de_Croze

Stone_de_Croze

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 13 February 2018 - 06:01 AM

Hi Amigo-A,

 

Thank you for the post.



#25 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:31 AM

Posted 13 February 2018 - 07:04 AM

See my comments (Post #2) in this topic for the best defensive strategy to protect yourself from malware and ransomware (crypto malware) and a list of prevention tools.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#26 Stone_de_Croze

Stone_de_Croze

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:08:31 AM

Posted 13 February 2018 - 09:23 AM

Hi quietman7,

 

Thank you very much for that info, very helpful indeed!



#27 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:31 AM

Posted 13 February 2018 - 09:56 AM

You're welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#28 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,555 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:03:31 AM

Posted 13 February 2018 - 10:38 AM

This one will only ever be cracked if the master private RSA keys are leaked or seized by law enforcement. The key generation and protection is secure.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


#29 chan755

chan755

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:12:31 AM

Posted 14 February 2018 - 11:54 AM

Hello!

 

Don't buy Rapid Ransomware and don't pay this hackers!!! Because I was buy yesterday decryptor and decryptor don't work and all files is damaged, and this ransomware encrypted my system32 folder and very important Windows files! They email-support stopped responding to me and I can not get my money back, so today I had to reinstall my Windows and was lost all important files.

 

Please, all who want pay to Rapid - not doing it, wait a free decryptor.



#30 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,726 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:04:31 AM

Posted 14 February 2018 - 05:12 PM

Unfortunately there is never a guarantee decryption will be successful or that the decrypter provided by the cyber-criminals will work as they claim...and using a faulty or incorrect decryptor may damage or corrupt the files even further. The criminals may even send you something containing more malware...so why should you trust anything provided by those who infected you in the first place.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




3 user(s) are reading this topic

0 members, 3 guests, 0 anonymous users