Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rapid Ransomware (.rapid, .paymeme - ! How Recovery Files.txt) Support Topic


  • Please log in to reply
43 replies to this topic

#31 Demonslay335

Demonslay335

    Ransomware Hunter


  • Security Colleague
  • 3,366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:04:05 AM

Posted 15 February 2018 - 09:39 AM

I have a decrypter available that only works with the criminal's key that you may try. PM me a link to the decrypter they supplied you, and I can extract the private key to try with my decrypter.


logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic]

ransomnotecleaner-25.png RansomNoteCleaner - Remove Ransom Notes Left Behind [Support Topic]

cryptosearch-25.pngCryptoSearch - Find Files Encrypted by Ransomware [Support Topic]

If I have helped you and you wish to support my ransomware fighting, you may support me here.


BC AdBot (Login to Remove)

 


m

#32 malu_madina

malu_madina

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 15 February 2018 - 03:47 PM

After payment ($ 3500) for decrypting my server on which I had backups we received a decryptor with instructions with the help of which we were able to return our files back.
These hackers just gave us a discount so that we could write this review.
 


#33 seba78

seba78

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:07:05 AM

Posted 16 February 2018 - 07:18 AM

Hello, last Tuesday I was a victim of a Ransomware that I added the extension .rapid
 
The rescue txt is called "How Recovery Files.txt"
 
I enclose the content in case it helps to identify if the ransomware is correct.
 
Hello, dear friend!
All your files have been ENCRYPTED
Do you really want to restore your files?
Write to our email - help@cairihi.com or BM-2cVeAHvZZjUf8M1v7AZKWeopqcYnTVFVZG@bitmessage.ch
and tell us your unique ID - ID-XXXXXXXX


#34 chooses

chooses

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:05 PM

Posted 16 February 2018 - 12:18 PM

on Wednesday morning I turned on my working computer and saw information that all my files were encrypted and to return them to the email below. After that, I contacted them and I was helped for some amount. After payment, I was sent a decryptor and I recovered all the encrypted files, thank you very much



#35 andrei_

andrei_

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 19 February 2018 - 06:28 AM

share decryptor, please ...

 

BM-2cVeAHvZZjUf8M1v7AZKWeopqcYnTVFVZG@bitmessage.ch

help@cairihi.com



#36 Amigo-A

Amigo-A

  • Members
  • 334 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:05 PM

Posted 19 February 2018 - 08:18 AM

If you are from Russia, then tell it to extortionists.
They say, that will decrypt the files for free. Make a try.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#37 rapid_rus_help

rapid_rus_help

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 19 February 2018 - 11:37 AM

If you are from Russia - just write to the mail from the file How Recovery Files.txt - for all victims from Russia we make a free decryptor.
For everyone else - no.
 
Also to the version of .paymeme - we have nothing to do, the name of this topic comes out is erroneous.


#38 andrei_

andrei_

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 20 February 2018 - 08:38 PM

I emailed them claiming I am from Russia, but they appear not to provide the decryptor, nevertheless.



#39 Amigo-A

Amigo-A

  • Members
  • 334 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:05 PM

Posted 21 February 2018 - 02:36 AM

andrei_
Возможно, им ещё требуется какая-то проверка, например, по IP-адресу или языку ОС Windows. 
Probably, need some sort of verification, for example, by IP-address or by the language of Windows OS.

Edited by Amigo-A, 21 February 2018 - 02:38 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#40 andrei_

andrei_

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 21 February 2018 - 02:40 AM

Amigo, thank you for your reply.

 

I ill keep you updated,

 

So far I provided them with  my id scan  with sensitive information marked in paint[editor]



#41 Amigo-A

Amigo-A

  • Members
  • 334 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:3st station from Sun
  • Local time:03:05 PM

Posted 21 February 2018 - 03:06 AM

andrei_

В моей статье, внизу, есть email, который сообщили другие пострадавшие. См. там зелёный текст. 

In my article, below, there is an email-contact that was reported to other victims. See there is a green text.


Edited by Amigo-A, 21 February 2018 - 03:07 AM.

My projects: Digest "Crypto-Ransomwares" + Anti-Ransomware Project (In Russian) + Google Translate Technology

Have you been attacked by a Ransomware? Report here. Пострадали от шифровальщика? Сообщите мне здесь. 


#42 andrei_

andrei_

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 21 February 2018 - 03:16 AM

Thank you Amigo, I have sent a request to the specified in green email address too..



#43 andrei_

andrei_

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:10:05 AM

Posted 21 February 2018 - 05:38 AM

they provided me with executable.. FTS.EXE ... However, the file system got already wiped, and I'll try to run the tool in a virtual machine with some of the encrypted files



#44 zagot

zagot

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:05:05 AM

Posted 23 February 2018 - 04:36 PM

Hello, on Thursday our company was attacked, and all our files (9 TB) including the server were scrambled with the extension .rapid, on the desktop there was a note with mail and information about redemption, after we contacted them, we translated the minimum cost for the decryptor (4000$), after payment  we sent a decryptor and further instructions on how to restore the files, thank you very much.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users