Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News:    Hackers Don't Give Site Owners Time to Patch, Start Exploiting New Drupal Flaw Within Hours

Featured Deal: Pay What You Want Complete Cyber Security Certification Bundle Deal

Photo

Is it possible to decrypt?

Started by shittyurgentsituatio , Feb 26 2018 03:58 AM

  • This topic is locked This topic is locked
2 replies to this topic

#1 shittyurgentsituatio

shittyurgentsituatio

  • Members
  • 1 posts
  • OFFLINE
    •  
  • Local time:01:41 AM

Posted 26 February 2018 - 03:58 AM

A client of ours has recently been hit by Cryakl as we suspect.

 

There are a few tools, but most of them says invalid file extension(we've tried to rename, nothing)

 

Is there ANYTHING to do? Our backup was messed up in the process(yes..) - it's a really bad situation.

 

I have tried to attach some encrypted files, but I can't seem to figure out how.

 

I've gotten the ransomware itself, so if that's useful to some reverse engineers, let me know how we can make the exchange of files.

 

Example encrypted file name:

email-lybot@keemail.me.ver-CL 1.4.1.0.id-706192690-27-01-2018 21@50@240.fname-Launch Internet Explorer Browser.lnk.fairytail

 

Ransomware executer:

lybot.exe 


BC AdBot (Login to Remove)

 

#2 thyrex

thyrex

  • Members
  • 526 posts
  • OFFLINE
    •  
  • Gender:Male
  • Location:Belarus
  • Local time:03:41 AM

Posted 26 February 2018 - 10:45 AM

No chances because use RSA-4096


Microsoft MVP 2012-2016 Consumer Security

Microsoft Reconnect 2016

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,964 posts
  • ONLINE
    •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:41 PM

Posted 26 February 2018 - 01:52 PM

Since the infection has been identified, rather than have everyone with individual topics, it would be best (and more manageable for staff) if victims posted any more questions, comments or requests for assistance in the below support topic discussion.To avoid unnecessary confusion, this topic is closed.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif
Back to Ransomware Help & Tech Support


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users


  1. BleepingComputer.com
  2. Security
  3. Ransomware Help & Tech Support
  4. Privacy Policy
  5. Rules ·