Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

LockCrypt Ransomware Help & Support (.1btc Restore Files.TxT)


  • This topic is locked This topic is locked
5 replies to this topic

#1 biglee

biglee

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 18 January 2018 - 10:56 PM

ID Ransomware cannot verify... 



BC AdBot (Login to Remove)

 


#2 biglee

biglee
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 18 January 2018 - 10:59 PM

Contents of Restore Files note:

 

Your ID 6bN2J34JBTX3KL7D
All your files have been encrypted due to a securityproblem with your PC. If you want to restore them, write us to the e-mail support: storage_of_decoders@aol.com or storage_of_decoders@bitmessage.ch
Write this ID in the title of your message
In case of no answer in 24 hours write us to theese e-mailssupport: storage_of_decoders@aol.com or storage_of_decoders@bitmessage.ch
You have to pay for decryption in Bitcoins. The price dependson how fast you write to us. After payment we will send you the decryption tool that will decrypt all your files.
Free decryption as guarantee
Before paying you can send us up to 3 files for freedecryption. The total size of files must be less than 10Mb(nonarchived), and files should not contain valuable information.
(databases,backups, large excel sheets, etc.)
How to obtain Bitcoins
The easiest way to buy bitcoins is LocalBitcoins site.Youhave to register, click 'Buy bitcoins', and select the sellerbypayment method and price.
Also you can find other places to buy Bitcoins andbeginnersguide here:
Attention!
Do not rename encrypted files.
Do not try to decrypt your data using third party software,it may cause permanent data loss.
Decryption of your files with the help of third parties maycause increased price (they add their fee to our) or you can becomea victim of a scam.


#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 PM

Posted 19 January 2018 - 07:25 AM

The contents of the ransom note looks like LockCrypt.

Any files that are encrypted with LockCrypt Ransomware will have a very long string of random hexadecimal characters ( [base64] ID [base64]) followed by the .lock or .1BTC extension appended to the end of the encrypted data filename and leave files (ransom notes) named ReadMe.TxT, Restore files.txt as explained here.
blQnAGpWOh1VRXQTeENRVnxPdzFpLQVEYyw-MTRWLE4kCD5fQAd8QihjAgk8YgRJFkJkATYwaTdUKkcKJ1NhCGdPJlJ8FwwQNEQ7IjkBbTdKEj9XYgwWTy0LTjNhHQxbVDhsG2oZ ID <victim ID>.lock
blQnAGpWOh1VRXQTeENRVnxPdzFpLQVEYyw-MTRWLE4kCD5fQAd8QihjAgk8YgRJFkJkATYwaTdUKkcKJ1NhCGdPJlJ8FwwQNEQ7IjkBbTdKEj9XYgwWTy0LTjNhHQxbVDhsG2oZ ID <victim ID>.lock
e1kOSxozGhMZJmEDXE4HMwY1bwgSTQ == ID XIO1NXPK2RRIE2HW.1btc
Also see this information provided by Amigo-A (Andrew Ivanov).

Is that what your encrypted files look like?

BTW...If ID Ransomware cannot identify the infection, you can post the case SHA1 it gives you for Demonslay335 to manually inspect the files.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 biglee

biglee
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:02:24 PM

Posted 20 January 2018 - 02:00 PM

quietman7,

yes that's exactly what the encryption looks like..



#5 mindsoup

mindsoup

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:24 PM

Posted 20 January 2018 - 02:50 PM

I was talking to a hacker who encrypted files with the exact same  ID 6bN2J34JBTX3KL7D type line.  He said he buys the decrypter from someone else.  The files I saw were the same but ended in a .2018



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 PM

Posted 20 January 2018 - 06:03 PM

I was talking to a hacker who encrypted files with the exact same  ID 6bN2J34JBTX3KL7D type line.  He said he buys the decrypter from someone else.  The files I saw were the same but ended in a .2018

You may want to read this topic...

 

quietman7,
yes that's exactly what the encryption looks like..

Unfortunately, there is no known method to decrypt files encrypted by LockCrypt without paying the ransom. If possible, your best option is to restore from backups, try file recovery software or backup/save your encrypted data as is and wait for a possible solution at a later time.

There is an ongoing discussion in this topic where victims can post comments, ask questions and seek further assistance. Other victims have been directed there to share information, experiences and suggestions.

Rather than have everyone with individual topics, it would be best (and more manageable for staff) if you posted any more questions, comments or requests for assistance in the above support topic discussion...it includes experiences by experts, a variety of IT consultants, end users and company reps who have been affected by ransomware infections. To avoid unnecessary confusion, this topic is closed.

Thanks
The BC Staff

 


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users